diff --git a/keys/hetzner.priv b/keys/hetzner.priv
index ab405cf..3d9659c 100644
Binary files a/keys/hetzner.priv and b/keys/hetzner.priv differ
diff --git a/keys/macbook.priv b/keys/macbook.priv
index 2584baf..c3935a5 100644
Binary files a/keys/macbook.priv and b/keys/macbook.priv differ
diff --git a/keys/master.priv b/keys/master.priv
index 4c8e0ec..d2ffd90 100644
Binary files a/keys/master.priv and b/keys/master.priv differ
diff --git a/keys/ren.priv b/keys/ren.priv
new file mode 100644
index 0000000..7b2a0ed
Binary files /dev/null and b/keys/ren.priv differ
diff --git a/keys/ren.pub b/keys/ren.pub
new file mode 100644
index 0000000..3454ee9
--- /dev/null
+++ b/keys/ren.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIM1gLSFZSVq+5s58+pymRJY+QOWHm6SZvvhY93YDm5k ren@me.com
diff --git a/keys/secrets.nix b/keys/secrets.nix
index c5712f9..c1ba64d 100644
--- a/keys/secrets.nix
+++ b/keys/secrets.nix
@@ -2,6 +2,7 @@ let
   selene = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBEiuoUbvgZ2N03MTcWw4z+oUB9SG0jR0fy5AnTTBHym" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcfmaqbtwSEydV2hge/aDWxfwlKOw/JJZZWy8ycjojH" ];
   macbook = [ (builtins.readFile ./macbook.pub) ];
   master = [ (builtins.readFile ./master.pub) ];
+  ren = [ (builtins.readFile ./ren.pub) ];
 in
 {
   "jellyfin-key".publicKeys = selene;
@@ -10,6 +11,7 @@ in
   "master.priv".publicKeys = macbook ++ master;
   "wg-selene".publicKeys = macbook ++ selene ++ master;
   "wg-macbook".publicKeys = macbook ++ master;
-  "hetzner.priv".publicKeys = macbook ++ selene ++ master;
+  "hetzner.priv".publicKeys = macbook ++ selene ++ master ++ ren;
   "wg-ren".publicKeys = macbook++master;
+  "ren.priv".publicKeys = master ++ ren;
 }
\ No newline at end of file
diff --git a/keys/wg-macbook b/keys/wg-macbook
index 1342b37..d4487b3 100644
--- a/keys/wg-macbook
+++ b/keys/wg-macbook
@@ -1,7 +1,8 @@
 age-encryption.org/v1
--> ssh-ed25519 M7OTMg PyrVB10SxQZdhrwusKh+m6944Nj5vqBL6qGum8qK4Qg
-huIr2n2ciTqu11o6ApcCoVMstQ9b3XoRfgAtU79wdnY
--> ssh-ed25519 CJLJQg 2O7UQVLdlMJZzt5TOo5EYpfWjKAnNLJ6OQY+xRTp2go
-TonYGAfBSeUpSHl+jHSG2qO9kWseAxfog1oWeGFWc5s
---- Hh8KEiQFjdy2xYqcBX4L6XSp4GPpO29tSPrfpnZlv5o
-Ó?À¤ÿ‡$‡ÜJÎ¦ŸßÑ^¦w’oÌ›Nv’ŠŽÍ*#å4„+=â·Á[ltÒQF™6Õ-Æwiy.Ú¢8¡iýýÒž'.H,a£
\ No newline at end of file
+-> ssh-ed25519 M7OTMg f7fgG3DiQpjnDRSEUjSinuqgLATaK7QRN59bSimH1EU
+9sKf6eQVwqVBrB553zCHwFs0uyQGRpIJkBZ0AyXPFC4
+-> ssh-ed25519 CJLJQg +b+cRU3irwvMnqVBWBIV4GoRyEy+Lg3LHUxZ/httTDo
+uBlqCHMXyf1Um+W6y1Bh9pY0osqdeTgFQGuR6eSHQP4
+--- Ft1Ii2eVy0h8X6h7ABOW6ryT4ctxg9jS8utA7s52bBA
+zÅÙÈ0¿yžÀWÏ¥‹4Í°ö^|
+MæüuRtLµA†:µê¨ó„*öœËÈ‚h2†ìSÎ¶èkå’¬ìFò‚&è	må1y£
\ No newline at end of file
diff --git a/keys/wg-ren b/keys/wg-ren
new file mode 100644
index 0000000..858a6a6
--- /dev/null
+++ b/keys/wg-ren
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 M7OTMg QdJds7EpXMyyO9aKmqQg3HWmY6RQbzkQxRQw+K9fn14
+/SlvfJAOmCqYvIOZm/ZSynAIWSC+2dAvPpa+5Me6I8k
+-> ssh-ed25519 CJLJQg MqNRTuwFcRdZ5VFbcgXQwjRxMAHLJEdUKLuXFPtkRVc
+qRaaJzGRPiW2doetErhhUKwUXitvsQ5CGl2QzGK44Ss
+--- fCQGYqP7qr+S1tzDeyce5Bn4iWsXq+kIe/ojPNj0LVA
+¹4µZŽÁ“Çi"Õž3ÄÞW+€i¾ï9ç8Íßž=¼Œ¿u°ÃnB’ÚÂy]@›[X[]²	X—„Ã›5ªîÌœðîö¢íÄz°lÊ@
\ No newline at end of file
diff --git a/keys/wg-ren.pub b/keys/wg-ren.pub
new file mode 100644
index 0000000..c183803
--- /dev/null
+++ b/keys/wg-ren.pub
@@ -0,0 +1 @@
+wvTFERFXOPcgziLtLtfF3LGv5zmBWikCy/yLRwSuxWA=
diff --git a/keys/wg-selene b/keys/wg-selene
index 908d724..9c5a200 100644
Binary files a/keys/wg-selene and b/keys/wg-selene differ
diff --git a/systems/ren/hardware.nix b/systems/ren/hardware.nix
index 496c286..2f48c31 100644
--- a/systems/ren/hardware.nix
+++ b/systems/ren/hardware.nix
@@ -6,9 +6,25 @@
     efiInstallAsRemovable = true;
     device = "nodev";
   };
-  fileSystems."/boot" = { device = "/dev/disk/by-uuid/0683-2D32"; fsType = "vfat"; };
-  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/0683-2D32";
+    fsType = "vfat";
+  };
+  boot.initrd.availableKernelModules = [
+    "ata_piix"
+    "uhci_hcd"
+    "xen_blkfront"
+    "vmw_pvscsi"
+  ];
   boot.initrd.kernelModules = [ "nvme" ];
-  fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
+  fileSystems."/" = {
+    device = "/dev/sda1";
+    fsType = "ext4";
+  };
   system.stateVersion = "23.11";
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
+
 }
diff --git a/systems/ren/system.nix b/systems/ren/system.nix
index 2eea905..d78fa0d 100644
--- a/systems/ren/system.nix
+++ b/systems/ren/system.nix
@@ -23,6 +23,12 @@ nixpkgs.lib.nixosSystem {
       networking.hostName = "Ren";
       networking.domain = "";
       services.openssh.enable = true;
+      networking.firewall = {
+        enable = true;
+        allowedTCPPorts = [
+          22
+        ];
+      };
     }
     ./users.nix
     ./hardware.nix
diff --git a/systems/ren/users.nix b/systems/ren/users.nix
index 4487e23..cb5485d 100644
--- a/systems/ren/users.nix
+++ b/systems/ren/users.nix
@@ -21,6 +21,8 @@
   };
 
   users.users.root.openssh.authorizedKeys.keys = [
-      (builtins.readFile ../../keys/hetzner.pub)
-    ];
+    (builtins.readFile ../../keys/hetzner.pub)
+  ];
+  age.identityPaths = [ "/home/ren/.ssh/id_ed25519" ];
+
 }