diff --git a/containers/data-access/config.nix b/containers/data-access/config.nix
index e787b84c..6297ca31 100644
--- a/containers/data-access/config.nix
+++ b/containers/data-access/config.nix
@@ -11,6 +11,7 @@
     uid = 1000;
     group = "users";
   };
+  security.sudo.enable = false;
   services.openssh = {
     enable = true;
     permitRootLogin = "no";
diff --git a/modules/accentor.nix b/modules/accentor.nix
index 8b649cf3..b7493446 100644
--- a/modules/accentor.nix
+++ b/modules/accentor.nix
@@ -70,6 +70,14 @@ in
       '')
     ];
 
+    security.doas.extraRules = [{
+      users = [ "charlotte" ];
+      noPass = true;
+      cmd = "accentor-console";
+      runAs = "accentor";
+      setEnv = [ "RAILS_MASTER_KEY" ];
+    }];
+
     services.postgresql = {
       enable = true;
       dataDir = "${config.chvp.dataPrefix}/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}";
diff --git a/modules/default.nix b/modules/default.nix
index afc5ee6c..6fabfde5 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -89,6 +89,19 @@
       externalInterface = "eno3";
     };
 
+    security.sudo.enable = false;
+    security.doas = {
+      enable = true;
+      extraRules = [
+        {
+          users = [ "charlotte" ];
+          noPass = true;
+          cmd = "nix-collect-garbage";
+          runAs = "root";
+        }
+      ];
+    };
+
     users = {
       mutableUsers = false;
       defaultUserShell = pkgs.zsh;
@@ -97,7 +110,7 @@
           isNormalUser = true;
           home = "/home/charlotte";
           description = "Charlotte Van Petegem";
-          extraGroups = [ "wheel" "systemd-journal" ] ++ lib.optionals config.chvp.graphical [ "input" "video" ];
+          extraGroups = [ "systemd-journal" ] ++ lib.optionals config.chvp.graphical [ "input" "video" ];
         };
       };
     };
diff --git a/modules/zsh.nix b/modules/zsh.nix
index 9d3619bd..9df25560 100644
--- a/modules/zsh.nix
+++ b/modules/zsh.nix
@@ -30,7 +30,6 @@
               "extract"
               "history-substring-search"
               "git"
-              "sudo"
               "systemd"
               "tmux"
             ];
@@ -50,8 +49,8 @@
       });
     in
     lib.mkIf config.chvp.zsh.enable {
-      chvp.zfs.systemLinks = [ { path = "/root/.local/share/autojump"; type = "cache"; } ];
-      chvp.zfs.homeLinks = [ { path = ".local/share/autojump"; type = "cache"; } ];
+      chvp.zfs.systemLinks = [{ path = "/root/.local/share/autojump"; type = "cache"; }];
+      chvp.zfs.homeLinks = [{ path = ".local/share/autojump"; type = "cache"; }];
       home-manager.users.charlotte = { ... }: (base "/home/charlotte");
       home-manager.users.root = { ... }: (base "/root");
     };
diff --git a/update.sh b/update.sh
index 56fb427d..7f48af70 100755
--- a/update.sh
+++ b/update.sh
@@ -15,7 +15,7 @@ nix flake update --recreate-lock-file
 
 if [ -z "${OVERRIDE:-}" ]
 then
-    sudo nixos-rebuild --flake . switch
+    su -c "nixos-rebuild --flake . switch"
 else
-    sudo nixos-rebuild --flake . --override-input nixpkgs ../nixpkgs --no-write-lock-file switch
+    su -c "nixos-rebuild --flake . --override-input nixpkgs ../nixpkgs --no-write-lock-file switch"
 fi