diff --git a/hosts/marisa/default.nix b/hosts/marisa/default.nix
index ca6f604..2ff525e 100644
--- a/hosts/marisa/default.nix
+++ b/hosts/marisa/default.nix
@@ -4,7 +4,7 @@
     ./networking.nix
     ./hardware.nix
     ./boot.nix
-    ./services.nix
+    ./services
   ];
 
   users.users.spark = {
@@ -14,7 +14,10 @@
     extraGroups = [ "wheel" ];
     openssh.authorizedKeys.keys = lib'.network.commonSSHKeys;
   };
+  programs.zsh.enable = true;
 
   time.timeZone = "Asia/Kolkata";
   system.stateVersion = "21.05";
+
+  security.pki.certificateFiles = [ ../../cert.pem ../../consul-agent-ca.pem ];
 }
diff --git a/hosts/marisa/services.nix b/hosts/marisa/services.nix
deleted file mode 100644
index 9106d5b..0000000
--- a/hosts/marisa/services.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{ lib, config, pkgs, ... }:
-{
-
-  # Add secrets to nomad, consul and vault
-  virtualisation.docker = {
-    enable = true;
-    daemon.settings = {
-      #     default-cgroupns-mode = "host";
-    };
-  };
-  systemd.tmpfiles.rules = lib.singleton "d /run/vault - vault vault 1h";
-  services = {
-    openssh = {
-      enable = true;
-      permitRootLogin = "yes";
-    };
-    nomad = {
-      enable = true;
-      enableDocker = true;
-      dropPrivileges = false;
-      extraPackages = with pkgs; [ consul ];
-      extraSettingsPaths = lib.singleton "/run/nomad/nomad.json";
-    };
-    vault = {
-      package = pkgs.vault-bin;
-      enable = true;
-      tlsCertFile = "/var/rootcert/cert.pem";
-      tlsKeyFile = "/var/rootcert/key.pem";
-      address = "0.0.0.0:8800";
-      # storageBackend = "file";
-      # storagePath = "/var/lib/vault";
-      extraSettingsPaths = lib.singleton "/run/vault/vault.json";
-    };
-
-    consul = {
-      enable = true;
-      package = pkgs.consul;
-      extraConfigFiles = lib.singleton "/run/consul/consul.json";
-    };
-  };
-
-  security.pki.certificateFiles = [ ../../cert.pem ../../consul-agent-ca.pem ];
-}
-
diff --git a/hosts/marisa/services/default.nix b/hosts/marisa/services/default.nix
new file mode 100644
index 0000000..4dfee1d
--- /dev/null
+++ b/hosts/marisa/services/default.nix
@@ -0,0 +1,23 @@
+{ config, ... }:
+{
+
+  imports = [
+   # ./hashicorp.nix
+  ];
+
+  # Add secrets to nomad, consul and vault
+  virtualisation.docker = {
+    enable = true;
+    daemon.settings = {
+      #     default-cgroupns-mode = "host";
+    };
+  };
+  systemd.tmpfiles.rules = [ "d /run/vault - vault vault 1h" ];
+  services = {
+    openssh = {
+      enable = true;
+      permitRootLogin = "yes";
+    };
+  };
+}
+
diff --git a/hosts/marisa/services/hashicorp.nix b/hosts/marisa/services/hashicorp.nix
new file mode 100644
index 0000000..7127fa2
--- /dev/null
+++ b/hosts/marisa/services/hashicorp.nix
@@ -0,0 +1,30 @@
+{ config, pkgs, ... }:
+{
+
+  services = {
+    nomad = {
+      enable = true;
+      enableDocker = true;
+      dropPrivileges = false;
+      extraPackages = with pkgs; [ consul cni-plugins ];
+      extraSettingsPaths = [ "/run/nomad/nomad.json" ];
+    };
+    vault = {
+      package = pkgs.vault-bin;
+      enable = true;
+      tlsCertFile = "/var/rootcert/cert.pem";
+      tlsKeyFile = "/var/rootcert/key.pem";
+      address = "0.0.0.0:8800";
+      # storageBackend = "file";
+      # storagePath = "/var/lib/vault";
+      extraSettingsPaths = [ "/run/vault/vault.json" ];
+    };
+
+    consul = {
+      enable = true;
+      package = pkgs.consul;
+      extraConfigFiles = [ "/run/consul/consul.json" ];
+    };
+  };
+}
+