diff --git a/machines/levitation/configuration.nix b/machines/levitation/configuration.nix
index a16b074..70d8d9c 100644
--- a/machines/levitation/configuration.nix
+++ b/machines/levitation/configuration.nix
@@ -30,6 +30,7 @@
         passwordFile = config.sops.secrets."borg-password".path;
         sshKey = config.sops.secrets."borg-ssh-key".path;
       };
+      kubo = { enable = true; };
     };
     hardware = {
       amdPassthrough = true;
diff --git a/modules/linux/default.nix b/modules/linux/default.nix
index 2be8493..6c69e6b 100644
--- a/modules/linux/default.nix
+++ b/modules/linux/default.nix
@@ -23,6 +23,7 @@ in {
     ./services/borg.nix
     ./services/nginx.nix
     ./services/matrix.nix
+    ./services/ipfs.nix
     ./linux/base.nix
   ];
 
@@ -89,6 +90,8 @@ in {
               mkDefaultOption "element" config.nathan.services.matrix.enable;
             enableRegistration = mkEnableOption "synapse registration";
           };
+          # Kubo
+          kubo = { enable = mkEnableOption "kubo"; };
         };
         # Linux (desktop/server, not android) specific programs
         programs = {
diff --git a/modules/linux/services/ipfs.nix b/modules/linux/services/ipfs.nix
new file mode 100644
index 0000000..02736e8
--- /dev/null
+++ b/modules/linux/services/ipfs.nix
@@ -0,0 +1,13 @@
+{ config, lib, pkgs, ... }:
+
+with lib; {
+  config = mkMerge [
+    (mkIf config.nathan.services.kubo.enable {
+      services.kubo = { enable = true; };
+    })
+    (mkIf
+      (config.nathan.services.kubo.enable && config.nathan.config.installUser) {
+        users.users."${config.nathan.config.user}".extraGroups = [ "ipfs" ];
+      })
+  ];
+}
diff --git a/modules/linux/user.nix b/modules/linux/user.nix
index 974b1cf..5f37f91 100644
--- a/modules/linux/user.nix
+++ b/modules/linux/user.nix
@@ -48,7 +48,8 @@ in with lib; {
       # If we install the user, enable sudo
       security.sudo.enable = mkDefault nc.installUser;
       # If we isntall the user, make them trusted
-      nix.settings.trusted-users = if nc.installUser then [ "nathan" ] else [ ];
+      nix.settings.trusted-users =
+        if nc.installUser then [ "${nc.user}" ] else [ ];
       # If we setup the user, install the shell as well
       environment.systemPackages =
         if nc.installUser then [ pkgs.fish ] else [ ];