diff --git a/Makefile b/Makefile
index 60a9dc3..a365d11 100644
--- a/Makefile
+++ b/Makefile
@@ -22,43 +22,7 @@ help:
 	@echo "  make edit     - edit settings.nix"
 
 init:
-	@if [ -f "$(SETTINGS)" ]; then \
-		echo "$(YELLOW)settings.nix exists. overwrite? [y/N]$(NC)"; \
-		read -r confirm; \
-		if [ "$$confirm" != "y" ] && [ "$$confirm" != "Y" ]; then \
-			echo "keeping existing settings"; \
-			exit 0; \
-		fi; \
-	fi
-	@username=$$(whoami); \
-	userdesc=$$(getent passwd $$username | cut -d: -f5 | cut -d, -f1); \
-	userdesc=$${userdesc:-$$username}; \
-	echo "user: $$username ($$userdesc)"; \
-	echo ""; \
-	echo "hostname:"; \
-	read -r hostname; \
-	echo "timezone [America/Edmonton]:"; \
-	read -r tz; \
-	tz=$${tz:-America/Edmonton}; \
-	echo "locale [en_CA.UTF-8]:"; \
-	read -r locale; \
-	locale=$${locale:-en_CA.UTF-8}; \
-	echo ""; \
-	echo "{" > $(SETTINGS); \
-	echo "  hostname = \"$$hostname\";" >> $(SETTINGS); \
-	echo "  username = \"$$username\";" >> $(SETTINGS); \
-	echo "  userDescription = \"$$userdesc\";" >> $(SETTINGS); \
-	echo "  timezone = \"$$tz\";" >> $(SETTINGS); \
-	echo "  locale = \"$$locale\";" >> $(SETTINGS); \
-	echo "  userGroups = [ \"networkmanager\" \"wheel\" \"docker\" \"plugdev\" ];" >> $(SETTINGS); \
-	echo "}" >> $(SETTINGS); \
-	echo "wrote settings.nix"
-	@if [ -f "/etc/nixos/hardware-configuration.nix" ]; then \
-		cp /etc/nixos/hardware-configuration.nix $(REPO_DIR)/hardware-configuration.nix; \
-		echo "copied hardware-configuration.nix"; \
-	else \
-		echo "$(YELLOW)no hardware-configuration.nix found - run nixos-generate-config first$(NC)"; \
-	fi
+	@./scripts/init.sh
 	@$(MAKE) --no-print-directory link
 	@echo ""
 	@echo "done. run 'make rebuild' when ready"
diff --git a/modules/aliases.nix b/modules/aliases.nix
index 9f2a61b..d8cb96c 100644
--- a/modules/aliases.nix
+++ b/modules/aliases.nix
@@ -10,6 +10,7 @@
     "nix:push" = "cd /etc/nixos && git add -A && git commit -m \"$(date -u +%s)\" && git push";
     "nix:pull" = "cd /etc/nixos && git pull";
     
+    "fixaudio" = "systemctl --user restart pipewire pipewire-pulse wireplumber";
     "nf" = "neofetch";
   };
 }
diff --git a/modules/audio.nix b/modules/audio.nix
index 738fa31..82fe13f 100644
--- a/modules/audio.nix
+++ b/modules/audio.nix
@@ -9,6 +9,8 @@
     alsa.enable = true;
     alsa.support32Bit = true;
     pulse.enable = true;
+    jack.enable = true;
+    wireplumber.enable = true;
   };
 
   services.pipewire.extraConfig.pipewire."92-low-latency" = {
diff --git a/modules/boot.nix b/modules/boot.nix
index 01d6652..c979b1d 100644
--- a/modules/boot.nix
+++ b/modules/boot.nix
@@ -15,4 +15,12 @@
 
   boot.tmp.useTmpfs = true;
   boot.tmp.tmpfsSize = "4G";
+
+  boot.kernel.sysctl = {
+    "net.ipv4.conf.all.log_martians" = 1;
+    "net.ipv4.conf.all.rp_filter" = 1;
+    "net.ipv4.conf.default.log_martians" = 1;
+    "net.ipv4.conf.default.rp_filter" = 1;
+    "net.ipv4.icmp_echo_ignore_broadcasts" = 1;
+  };
 }
diff --git a/modules/users.nix b/modules/users.nix
index bd0cad5..a9ed61c 100644
--- a/modules/users.nix
+++ b/modules/users.nix
@@ -11,4 +11,9 @@ in
     description = settings.userDescription;
     extraGroups = settings.userGroups;
   };
+
+  # Security
+  security.sudo.execWheelOnly = true;
+  security.audit.enable = true;
+  security.auditd.enable = true;
 }
diff --git a/scripts/init.sh b/scripts/init.sh
new file mode 100755
index 0000000..fecee86
--- /dev/null
+++ b/scripts/init.sh
@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+
+SETTINGS="settings.nix"
+REPO_DIR=$(pwd)
+GREEN='\033[0;32m'
+YELLOW='\033[0;33m'
+RED='\033[0;31m'
+NC='\033[0m' # No Color
+
+# 1. Generate settings.nix
+if [ -f "$SETTINGS" ]; then
+    echo -e "${YELLOW}settings.nix exists. overwrite? [y/N]${NC}"
+    read -r confirm
+    if [[ "$confirm" != "y" && "$confirm" != "Y" ]]; then
+        echo "keeping existing settings"
+    else
+        GENERATE=true
+    fi
+else
+    GENERATE=true
+fi
+
+if [ "$GENERATE" = true ]; then
+    username=$(whoami)
+    userdesc=$(getent passwd "$username" | cut -d: -f5 | cut -d, -f1)
+    userdesc=${userdesc:-$username}
+
+    echo "user: $username ($userdesc)"
+    echo ""
+
+    echo "hostname:"
+    read -r hostname
+
+    echo "timezone [America/Edmonton]:"
+    read -r tz
+    tz=${tz:-America/Edmonton}
+
+    echo "locale [en_CA.UTF-8]:"
+    read -r locale
+    locale=${locale:-en_CA.UTF-8}
+
+    echo ""
+    echo "{" > "$SETTINGS"
+    echo "  hostname = \"$hostname\";" >> "$SETTINGS"
+    echo "  username = \"$username\";" >> "$SETTINGS"
+    echo "  userDescription = \"$userdesc\";" >> "$SETTINGS"
+    echo "  timezone = \"$tz\";" >> "$SETTINGS"
+    echo "  locale = \"$locale\";" >> "$SETTINGS"
+    echo "  userGroups = [ \"networkmanager\" \"wheel\" \"docker\" \"plugdev\" ];" >> "$SETTINGS"
+    echo "}" >> "$SETTINGS"
+    echo "wrote $SETTINGS"
+fi
+
+# 2. Copy hardware-configuration.nix
+if [ -f "/etc/nixos/hardware-configuration.nix" ]; then
+    cp /etc/nixos/hardware-configuration.nix "$REPO_DIR/hardware-configuration.nix"
+    echo "copied hardware-configuration.nix"
+else
+    echo -e "${YELLOW}no hardware-configuration.nix found - run nixos-generate-config first${NC}"
+fi