diff --git a/README.md b/README.md
index da70126..f7ab5b2 100644
--- a/README.md
+++ b/README.md
@@ -63,6 +63,21 @@ cd ~/dotfiles
 nixos-rebuild switch --flake .#nameOfMachine --target-host machineToSshInto --use-remote-sudo
 ```
 
+## Hacking at nix files
+
+Eval config to see what keys are being set.
+
+```bash
+nix eval .#nixosConfigurations.rickenbacker.config.security.sudo.WheelNeedsPassword
+nix eval .#nixosConfigurations.rickenbacker.config.mySystem.security.wheelNeedsPassword
+```
+
+Quickly run a flake to see what the next error message is as you hack.
+
+```bash
+nixos-rebuild dry-run --flake . --fast --impure
+```
+
 ## Links & References
 
 - [Misterio77/nix-starter-config](https://github.com/Misterio77/nix-starter-configs)
diff --git a/nixos/modules/nixos/system/security.nix b/nixos/modules/nixos/system/security.nix
index bd9b9df..1ad617e 100644
--- a/nixos/modules/nixos/system/security.nix
+++ b/nixos/modules/nixos/system/security.nix
@@ -17,8 +17,8 @@ in
 
   config =
     {
-      security.pam.enableSSHAgentAuth = lib.mkIf cfg.sshAgentAuth.enable true;
-      security.sudo.wheelNeedsPassword = lib.mkIf cfg.wheelNeedsSudoPassword true;
+      security.pam.enableSSHAgentAuth = cfg.sshAgentAuth.enable;
+      security.sudo.wheelNeedsPassword = cfg.wheelNeedsSudoPassword;
 
     };