diff --git a/flake.lock b/flake.lock
index 6be7dc3..2f9876a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -243,6 +243,22 @@
         "type": "github"
       }
     },
+    "flake-compat_3": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1765121682,
+        "narHash": "sha256-4VBOP18BFeiPkyhy9o4ssBNQEvfvv1kXkasAYd0+rrA=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "65f23138d8d09a92e30f1e5c87611b23ef451bf3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
     "flake-parts": {
       "inputs": {
         "nixpkgs-lib": [
@@ -584,6 +600,28 @@
         "type": "github"
       }
     },
+    "nixos-wsl": {
+      "inputs": {
+        "flake-compat": "flake-compat_3",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1765644731,
+        "narHash": "sha256-dgSPo+NeAwcBeP4Un9GT+SMsOdLAc0DOLP6cFqoMHK8=",
+        "owner": "nix-community",
+        "repo": "NixOS-WSL",
+        "rev": "b160ef46075d8ddc73f026909282d47c0eabb836",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "main",
+        "repo": "NixOS-WSL",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1761597516,
@@ -805,6 +843,7 @@
         "nix-vscode-extensions": "nix-vscode-extensions",
         "nixos-facter-modules": "nixos-facter-modules",
         "nixos-generators": "nixos-generators",
+        "nixos-wsl": "nixos-wsl",
         "nixpkgs": "nixpkgs_4",
         "nixpkgs-unstable": "nixpkgs-unstable",
         "nur": "nur",
diff --git a/flake.nix b/flake.nix
index f40efe8..98b5c55 100644
--- a/flake.nix
+++ b/flake.nix
@@ -34,6 +34,9 @@
     nur.url = "github:nix-community/NUR";
     nur.inputs.nixpkgs.follows = "nixpkgs";
 
+    nixos-wsl.url = "github:nix-community/NixOS-WSL/main";
+    nixos-wsl.inputs.nixpkgs.follows = "nixpkgs";
+
     disko.url = "github:nix-community/disko";
     disko.inputs.nixpkgs.follows = "nixpkgs";
 
diff --git a/hosts/bootstrap/configuration.nix b/hosts/bootstrap/configuration.nix
index 41dad75..a406afd 100644
--- a/hosts/bootstrap/configuration.nix
+++ b/hosts/bootstrap/configuration.nix
@@ -64,6 +64,5 @@
     nixos-facter
   ];
 
-  # System state version (use mkForce to override the default)
-  system.stateVersion = lib.mkForce "25.11";
+  system.stateVersion = "25.11";
 }
diff --git a/hosts/default.nix b/hosts/default.nix
index 7267ca7..bbd6385 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -30,6 +30,7 @@
               inputs.dankMaterialShell.nixosModules.dankMaterialShell
               inputs.niri.nixosModules.niri
               inputs.determinate.nixosModules.default
+              inputs.nixos-wsl.nixosModules.default
               ../modules/base
               ../modules/system
               ../modules/programs
@@ -47,5 +48,6 @@ in {
     work = mkSystem {host = ./work;};
     homelab = mkSystem {host = ./homelab;};
     bootstrap = mkSystem {host = ./bootstrap;};
+    desktop-wsl = mkSystem {host = ./desktop-wsl;};
   };
 }
diff --git a/hosts/desktop-wsl/default.nix b/hosts/desktop-wsl/default.nix
new file mode 100644
index 0000000..e1ea51f
--- /dev/null
+++ b/hosts/desktop-wsl/default.nix
@@ -0,0 +1,23 @@
+{
+  config = rec {
+    fireproof = {
+      hostname = "desktop-wsl";
+      username = "nickolaj";
+      work.enable = true;
+      dev.enable = true;
+    };
+
+    wsl.enable = true;
+    wsl.defaultUser = fireproof.username;
+
+    services.keyd.enable = false;
+
+    system.stateVersion = "25.11";
+
+    # WSL doesn't use a bootloader - disable systemd-boot
+    boot.loader.systemd-boot.enable = false;
+    boot.loader.efi.canTouchEfiVariables = false;
+  };
+
+  imports = [];
+}
diff --git a/justfile b/justfile
index 0749cbd..ef09b9d 100644
--- a/justfile
+++ b/justfile
@@ -56,7 +56,7 @@ deploy-remote hostname target:
 
     install -d -m755 "$temp/etc/ssh"
 
-    # Copy ssh key to decrypt agenix secrets    
+    # Copy ssh key to decrypt agenix secrets
     just age -d "./secrets/hosts/{{ hostname }}/id_ed25519.age" > "$temp/etc/ssh/ssh_host_ed25519_key"
     chmod 600 "$temp/etc/ssh/ssh_host_ed25519_key"
 
@@ -141,6 +141,14 @@ new-host hostname username:
     echo "Setting up folders"
     mkdir -p "secrets/hosts/{{ hostname }}"
     mkdir -p "hosts/{{ hostname }}"
+    cat > "hosts/{{ hostname }}/default.nix" <<'EOF'
+    {
+      config.fireproof.hostname = "{{ hostname }}";
+      config.fireproof.username = "{{ username }}";
+
+      imports = [];
+    }
+    EOF
 
     echo "Generating SSH key for {{ username }}@{{ hostname }}"
     ssh-keygen -q -t ed25519 -f "$temp/id_ed25519" -C "{{ username }}@{{ hostname }}" -N ""
@@ -153,16 +161,7 @@ new-host hostname username:
 
     # Bold with no newline
     cat <<EOF
-    {{ BOLD }}{{ hostname }} = mkSystem {
-      hostname = "{{ hostname }}";
-      username = "{{ username }}";
-      modules = [
-        ../modules/required.nix
-        ../modules/shell.nix
-        ../modules/graphical.nix
-        ../modules/devenv.nix
-      ];
-    };
+        {{ BOLD }}{{ hostname }} = mkSystem {host = ./{{ hostname }};};{{ NORMAL }}
     EOF
 
 [doc("Update flake.lock")]
diff --git a/modules/base/home-manager.nix b/modules/base/home-manager.nix
index 9deb3ad..305f4f5 100644
--- a/modules/base/home-manager.nix
+++ b/modules/base/home-manager.nix
@@ -12,7 +12,7 @@ in {
       type = options.home-manager.users.type.nestedTypes.elemType;
     };
   };
-  config = {
+  config = rec {
     home-manager = {
       useUserPackages = true;
       useGlobalPkgs = true;
@@ -20,7 +20,7 @@ in {
     home-manager.users.${username} = mkAliasDefinitions options.fireproof.home-manager;
 
     # set the same version of home-manager as the system
-    fireproof.home-manager.home.stateVersion = "24.11";
-    system.stateVersion = "24.11";
+    system.stateVersion = lib.mkDefault "24.11";
+    fireproof.home-manager.home.stateVersion = system.stateVersion;
   };
 }
diff --git a/modules/system/keyd.nix b/modules/system/keyd.nix
index c9bde32..8b566a9 100644
--- a/modules/system/keyd.nix
+++ b/modules/system/keyd.nix
@@ -1,6 +1,6 @@
-_: {
+{lib, ...}: {
   services.keyd = {
-    enable = true;
+    enable = lib.mkDefault true;
     keyboards.mouse = {
       ids = [
         "046d:c051:4ae65a29" # Work mouse
diff --git a/secrets/hosts/desktop-wsl/.rekey/54f5a33beddca7c91c5d2dfc2e2d1ef6-llm-api-key.age b/secrets/hosts/desktop-wsl/.rekey/54f5a33beddca7c91c5d2dfc2e2d1ef6-llm-api-key.age
new file mode 100644
index 0000000..ea4c203
Binary files /dev/null and b/secrets/hosts/desktop-wsl/.rekey/54f5a33beddca7c91c5d2dfc2e2d1ef6-llm-api-key.age differ
diff --git a/secrets/hosts/desktop-wsl/.rekey/754e3ee2c10170f5083fd895087b7d20-hosts-private.age b/secrets/hosts/desktop-wsl/.rekey/754e3ee2c10170f5083fd895087b7d20-hosts-private.age
new file mode 100644
index 0000000..2f4d9f5
--- /dev/null
+++ b/secrets/hosts/desktop-wsl/.rekey/754e3ee2c10170f5083fd895087b7d20-hosts-private.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 KDYMLA Oz0T63FEN1gG8qXtRc8pAI+QKkXjHe8TV8DScjEv2iE
+740EPr3YEaF18bhC3y9LoDKGPwZNp6HJb2zf9HO16UI
+-> I7i-grease ~3)/@#.
+zuyfokI
+--- B9wNC5rAGapMH9BBoyd41a32agPgeUBB2rErqFmehYA
+mÄê‘*Ômæåƒ4—B`_}MéW“;ê±5Ñ¿fÙÃ½yúŒ¿5z]ÃßG›/àÉæ@DâØ_F¼¡ïnQ—¶ü"£x"Û¯dàV—l]ðåd	—
+Ç¸j´ž‘è‚ÖS‚bÐT;‘Úíú:Ê*-/öS§?šGó)…á
\ No newline at end of file
diff --git a/secrets/hosts/desktop-wsl/.rekey/b9e30b1534f59ce29237965068b9771b-ssh-key.age b/secrets/hosts/desktop-wsl/.rekey/b9e30b1534f59ce29237965068b9771b-ssh-key.age
new file mode 100644
index 0000000..b69e50c
Binary files /dev/null and b/secrets/hosts/desktop-wsl/.rekey/b9e30b1534f59ce29237965068b9771b-ssh-key.age differ
diff --git a/secrets/hosts/desktop-wsl/.rekey/bea39cf5ea2de2d04505f580de5ef757-ssh-key-ao.age b/secrets/hosts/desktop-wsl/.rekey/bea39cf5ea2de2d04505f580de5ef757-ssh-key-ao.age
new file mode 100644
index 0000000..819acb5
Binary files /dev/null and b/secrets/hosts/desktop-wsl/.rekey/bea39cf5ea2de2d04505f580de5ef757-ssh-key-ao.age differ
diff --git a/secrets/hosts/desktop-wsl/.rekey/deba27c7e921059bc7cb885714ab278f-k8s-ao-prod.age b/secrets/hosts/desktop-wsl/.rekey/deba27c7e921059bc7cb885714ab278f-k8s-ao-prod.age
new file mode 100644
index 0000000..224cfc1
Binary files /dev/null and b/secrets/hosts/desktop-wsl/.rekey/deba27c7e921059bc7cb885714ab278f-k8s-ao-prod.age differ
diff --git a/secrets/hosts/desktop-wsl/.rekey/e31c91ac0f549437a7c456f8af9519ad-k8s-ao-dev.age b/secrets/hosts/desktop-wsl/.rekey/e31c91ac0f549437a7c456f8af9519ad-k8s-ao-dev.age
new file mode 100644
index 0000000..be7bc9b
Binary files /dev/null and b/secrets/hosts/desktop-wsl/.rekey/e31c91ac0f549437a7c456f8af9519ad-k8s-ao-dev.age differ
diff --git a/secrets/hosts/desktop-wsl/.rekey/f18d937d7fa5449b3a56100fa24ab797-hashed-user-password.age b/secrets/hosts/desktop-wsl/.rekey/f18d937d7fa5449b3a56100fa24ab797-hashed-user-password.age
new file mode 100644
index 0000000..faef1d5
Binary files /dev/null and b/secrets/hosts/desktop-wsl/.rekey/f18d937d7fa5449b3a56100fa24ab797-hashed-user-password.age differ
diff --git a/secrets/hosts/desktop-wsl/id_ed25519.age b/secrets/hosts/desktop-wsl/id_ed25519.age
new file mode 100644
index 0000000..a70731b
Binary files /dev/null and b/secrets/hosts/desktop-wsl/id_ed25519.age differ
diff --git a/secrets/hosts/desktop-wsl/id_ed25519.pub b/secrets/hosts/desktop-wsl/id_ed25519.pub
new file mode 100644
index 0000000..c6f54db
--- /dev/null
+++ b/secrets/hosts/desktop-wsl/id_ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN9Npj3JT4F8k8Rz4OGkxzqZ1u95UtURBilt2R0F/HHJ nickolaj@desktop-wsl