From 5b151e7327ba59b27801a3d12da37d2e4b24377f Mon Sep 17 00:00:00 2001
From: Maxiem Geldhof <author@maxiemgeldhof.com>
Date: Fri, 31 Oct 2025 16:45:14 +0100
Subject: [PATCH] Ren key

---
 keys/hetzner.priv        | Bin 962 -> 1073 bytes
 keys/macbook.priv        | Bin 742 -> 742 bytes
 keys/master.priv         | Bin 742 -> 742 bytes
 keys/ren.priv            | Bin 0 -> 722 bytes
 keys/ren.pub             |   1 +
 keys/secrets.nix         |   4 +++-
 keys/wg-macbook          |  13 +++++++------
 keys/wg-ren              |   7 +++++++
 keys/wg-ren.pub          |   1 +
 keys/wg-selene           | Bin 587 -> 587 bytes
 systems/ren/hardware.nix |  22 +++++++++++++++++++---
 systems/ren/system.nix   |   6 ++++++
 systems/ren/users.nix    |   6 ++++--
 13 files changed, 48 insertions(+), 12 deletions(-)
 create mode 100644 keys/ren.priv
 create mode 100644 keys/ren.pub
 create mode 100644 keys/wg-ren
 create mode 100644 keys/wg-ren.pub
diff --git a/keys/hetzner.priv b/keys/hetzner.priv
index ab405cf4decbeebfc44af91d11b927d03f372bc0..3d9659c80256be0613768195e6213819013fcce9 100644
GIT binary patch
delta 1005
zcmX@azL8^sPQ8g~d9F#WLAa|=s&`&#u$MtlnQvi0vZZBMfq7b@S8joKm5a7lq`tmW
zK39ONt8Z3VrDuebwn2qudWNxazH?bfepO<iV^E=`sfWHvj!BeXQm~taBbTn7LUD11
zZfc5=si~o*LV9pva(KBylv#3Fkf(*GTS~53wrO!-sGDD&Q&5sYW@MgrVX9enj;Co@
zvSCK4qnon{mqAfZiEo9gr=NMbyN{n|rkg>!b4hkYs=juhzH4!CkfDC2NorM9dPKg-
z#E;_P;en2s=KckRS!uzBrlE$Zp;cZHnI74tk!eMNVXgs*;Ze!XzLsU_7LKl5hN%U9
z`pJ?00p)>3MeY?*E@6>DzS(}MnT3v_+Rkoye!+f@5x!1=;SmOt;~B;4%|i+UvkJAN
zv@6|=Dt+DZ{3DC=oXedH{7ozz!?lefi=xt!EsQ<WL!At`^1QPx(lZQ#G7{6H97C!M
zEUF9wvYh>beSCa;N+Y#h($iBy)BGaLDtrylL#d!F!Z4{^!O|$H$~~o6-^ao*s<@z{
z)U-azM>{m4Jg3mFEW4mGpwc@mDBHrwFgwpFkgGf;x!5=}G0`{5tHP%|y)rk?)F)Uw
z*~`e-&7#7~FvmDIz%iuQ$kNr_l}lGwS0N(YKOi*F%%?IuCDOS#E6K3f+$*cd)Y7XW
zEzKv>&)2-Du*5q!%h@6=nQLNhHP<(#UA*<Pqkjm`|I5}m&5g$__quk>^gDO2?XjHn
zu=ZfZ+&g?~cMi_EdHP9QnG?6%nKx&@uJvl$UM}`)<6gg@{uG|D>B}D$bj}XyNdB?M
zhEr=skmbK*x#gc$bzSk+E~?AhTqRI^YJb-Lq#rlgVkWeI(qHfXLdfu$&8jn(k6*s(
z7IM>HWk)@O<5u$%7o1M~*)G0+d*5uufFnm%vtHToxc%+5@73$#<ka8U<z7rOIP^#~
zck?ri^t`Tly_;P23bxP7$>O_NwBo3owCe4|d&QOe`PEjh`RrX|U@X?uR9A7rVAYpK
z9ph!&uFVv^sqXH^eWYOJm+xDTS<4@ouv$#$*PR1PnC!PKsj3gVrqQ`$`MwkV&Jnw2
zot^Pkc+I`&7aA|`rCUrAT)Fck@5{wzSN~0E`0UDc@=1t&_^#<CYaY~Vd>5(z$2ehb
zR7T8p-?Fp+j8mBBtdP6*&~HW5|FCt_Qv7om*m?i+-Tk~b@qzExY0CF3ruGW$_;UaG
z)zyE*`gb_ZIxJ~C<IsKit#J+!%l6*mSALP*Uu}Bt;_e{R58v76G#rhcakyH<xOI1m
mMT6Aotav~FJ0|9`PXrI{Rx$1|y{}{@{?b{=nJs5^#X<m0?wl_G

delta 893
zcmdnUafp3_PJK?Pp;?-HSx{z0rHP+suD?@Js(FNoex<8<Vqj!dp;=CdzK?%Kc7#v5
zD_22rq-AQBQ%Qc5U$|MAYoepSVQ8pxs(WFHkw>JdfuUz&mAhl9i$Rh}K9{bYLUD11
zZfc5=si~o*LV9pva(KByQBHYAXt{Gnn0|<hQD}&1kXvw6qKiSkr*>{uwySrpw^2|<
zNREC~xmTDcmt#ppUYT2|t7oB8a%Fgtmxo1qvcFeas)b94k6(blaf)|vl}lBXv4@%K
z#E;_PMjn3Ue!h979>&JbrDewcc@`E1frk0o`ay=7$@;$88Lp|Wp_VDe<xaj_J_g$Q
zj@sD;g@H-#P8orD1!W<Yp~cQo2Dy%|;U$hfl>upy9@@^ut`!!O;~B;4!`(vivkEPp
zv_r#F3O&Ng)AK6R^h2`K6SZ@U1B!x@Eki?d{1bC3DncB&f=W}2iUZtDQXC^af?Sd^
zT}v}70t1tZ151lD4E@~7GQuLm^z#gpgR(ujbaizVoE)Pvb3#%hGhNcWii4smz0!O=
zv>n|F6D`66QqvQI(hREVOPqr%a?MRFxQr(=w2H5ceK7x%$HIOqA)6I5Q`S3oeF|G8
zYPQnu;GxCMwGDn3tLA*-nEA<_<Nk~N6{QW6d19gzzfLJH72TeC$G`Wp{;pLm2hKh<
zUSo9lmzIXfth&wa_RFS}Z)aRA=J#G?Nz>+I?$_n_r6$Rjm(2LNw&cs5)Ft(@Iuncc
zGr4WvZLr?2_WxIf<KFqs`4?CDe%zee(RgB>;Ix}1ty(MZG8x9qP|SE}%=)CjUG?pB
z(I1x-s;x2)owv$c8l;_<A!6=)pLZ|gE4F?60%dCFxi#8$9(W|M{Fwaj4K+M&>m6k~
zCoxU5^DHZT(|oROd3D<P)vLOb*L>Ghs*ls#Y4cKJ<E{H?ou>W%Ic}|;Z-t*pWxeV<
zQuoG^b+e45b5`-QK)DmMezA3aiBrEdllMY_xZmgYtNEXWe>||&zSozkeWJ>9L7^a<
ziu8YZsq0ERx0*ekpVr=J@i@GV_u%v?38v9=Jq27la^v?sI`}7N_XBC$syYKPt{F$I
zpUnu+JIOxpVPfqM*^KJy_^C?Egpa;8dMKeO`%AoE=UN(z=9AS2wudkFS=7}2(BtlF
n6-R*>M(^cWH6}q<=W_=rq~+C^gst_s{%^LSldadOuh9nqS%_-$

diff --git a/keys/macbook.priv b/keys/macbook.priv
index 2584bafcffa1884a5dfed494efc38dce37ae19b6..c3935a505f4fe3c75ac3d6c786c47c072bebf3f1 100644
GIT binary patch
delta 710
zcmaFH`iymgPJN+yv7d*RiI=%|k+FWHMMY+klUHU`p{1!wWLlPQUSdRnSwW>~ReEJ;
zC|6~%Wtx+vlb4fIR#rtxR%)VKMR0&|sCJTRkzr&}nRmE(VR^onk-2A)Czr0BLUD11
zZfc5=si~o*g0q*8S75qAuA!-+cA$}SWl~tOlVN#*WqnSfTe7derFU*py1tQbUS_D7
zv5RY2u&Y}rSD|sDaiu|6xuao*cSxXlW`1N;p0{~;Qj)K`wv%yCv0<QbcwU~VWq_+I
zm#(g^f_ZLHQmSiMiiK-wgnqcQQHZx?Wl=z)nRj4mx^_rexM_iDU|@!cg{OfD*FU~P
zyEdG=ysZ9%qlR~VcF1A#K-S!~vhLUR?r{6NL@alwVs`EQfLRRBCzYoh7m#W&Ih8#j
zEu}0mqgwZ7(#_)i`|Tnc8+Oe&d6hGOCvxZG%P!wKf_06Lt9d%TOLgqaE7<fSXX3%0
z^n25*Z)sLtlz8ze^3(>FCzC#IH<VM%ES7%t(z2iJ`SJM+>UXDayM0c1+k&bill=cr
zzEqp`qj_zzz3YiN|2?^)5;hB@w0d&v-SY6?$|awUO|F<X^}Ff+3!8H1zfhPj7wETU
zKWAH|aN}t|S&jAUc3=LHe`3|ys)H`P_460#D!dP5Vh<PW6L*|_KRP?bb=?z}&k{Ed
z@P{5xF;qTl=<Tv<#<qFe>-qjHdbR)7E_aQTa}JR=9xMM_BRP3#>B^=jERtd;<J%q!
zK3y%ycU6A!<3?e9t{*|`SdVAt@$7$+uXpK5-1k$=e%*7Qt*%)T>YF7g+_gJMCSuoV
zi~k~XejI+*ZuL=U<D9@dZ3p8|{j8fNp1Eb>o8&91XHR-27acrOypG9BM@9Fm{iONz
zrT6}Y7cR)qx0JiKqHodxt34rAFF%|Rnd)0-bLC>Lv9m;LeYPTp<<6Ke6@{m@Ydn*r
Q?p|N`cHN?qr6+Cx07UCKg#Z8m

delta 710
zcmaFH`iymgPQ78SNtu2`Zn?IfrFKDBQAvr9yP<oYhp~@yx>s<Zzkj${h_Oksr*ENw
z1y^=(d3tGTs8_Cui*r`GOG>7xzq?0XMv1Rqm0?wqX--CEWLj8mPGo_(FPE;JLUD11
zZfc5=si~o*g0q*8S75q=c~y9LeqO$tcd1WcxL2ZURK0s;aglpyR&se&UPMMwQb}Gx
zWI(7-R(^Ogmv2Fik7G($QhH>FtEFXuXNFs%uX~=qwvSn!eua-gc6vx+Sh9(ik)L-U
zm#(g^LRMrznqPXMWvP?DsX<n7NKv_qmyxeQSy6>)W~6JHNoA&cWu;|+v!i}KmoeLR
zxtGU!ztqoq(sO>A(GR;@(UrHg_Z)L+_<J%sd6hlWfq90(g1e@tN-eWmAGUAF#otO-
zB2GsC{_!t5iN`#%aKgLx$VpM0^ZvfgyRye<=K8!$r9y@5cL~Ruy;fQU{%rjld~;>`
z!Jl=mF#-=|&P`feW6Ljpx~y4bdVcK!=A5*y6BFMYxKR?lxc++j#5Z;_)+xz`6L@Xh
zpMTre5c+o4@ol9GEi)>nf4<tB<M(ITlw$_AE{aQM9naj`y`1OelNK9=UlFeqUm7(l
zOf!4y+34%eKSL|{tD^Btj}ns~kIP=@pI2kraNtY#WX3l>k)~Pw^|u;V{gQol`<il}
zljw)jcW*yo{<QsA#2W7{_1x3zSDRd}J=V0u)#nk@?-dQbD-X@*7I<xA$?~@5#V6~Q
z*}r9(#gEu9&q#@%q_TL$!qa`nCY&f)=8zL)HZy4EOt(D6+e<fZd%Sd}O>nY!Xme6X
zwUN2PURF)7T}!`BDOpp0{Dews*`jO0&si**XTG`YKKt&HXFs2;sVa>!Dabu+e{H6Z
zZKi8hUg`Yl9x?j)ukX(Kb#h7k>q~d!f2MXQeDzP-+`4K_XRlzdz{SrBQ3kEEm;Wlt
PR*HWVbNF@R4TswRRf|B%

diff --git a/keys/master.priv b/keys/master.priv
index 4c8e0ece083fa239e83daca24d47cccd4a58ace8..d2ffd90f0eaff661fe5b956ef04d42aa52c7b4ff 100644
GIT binary patch
delta 710
zcmaFH`iymgPQ7DDNkF=*OR{H(bCGdqNP$PTUzlm2Q(lR7n7ekAi%E{TZ=P9}nX$HO
zI#+Q)VPu}WZ;nBPS5|><kflXIwzqppSy^eKS5m1-WSVwzd7f`Twzol2HkYoQLUD11
zZfc5=si~o*g0q*8S75qASfXE1R(6$VVxU)8Nlr;oQoXrlUSMXCM_FLFlX;1wlR=b0
zuCZ%&Vs@ATS4c==kZV+ylYW#zj-!udx@lr*ma9=%XjDOvX=qhaX;HpeNkDdBR8e3c
zm#(g^LUKihPi0}4w^v!3ety1XN|sM#Nmf~QglCDHMP{L4Qf^LoYNWo8QKWe&7ti_W
zLcf1%*VjwiGJ4)pc<5qqMk7n>;QfF-Av2RE3kKhr&af-#op7}1RM$UQTqPefUd|2K
zo><#&IGHt3b?QBfOin8U)~9RtoIlzl6!3JnS^3;6H_x4OGLG3~^{V0Y)<;hr3_NW2
zgn#-wyJO2-_4xSu(|^)aPRx*+_<X`utACSfB67vfoZtAjyuS7CH0ug836=Y)%NFtS
z|FJ6MDLW~?U`9qQt9IbrDjD@-E&t?%geGj5!*Q?gqsvQ`UrSH5CVq_;dVTwR-mk{s
zdFQ=smw&CXJ+g&2c-w{Tmla$t`{-K!7H506i+d_x7lZo;ouH|AgZF+E*wePtk~6sA
zu~*QKEzbm-e|q%zi9MfR-#qnzhH!_&(J8S%KfLa8zBuvuoaY)zv+iEJcSQGPy(xEm
z$bySIw_3!wnA+Qw%Dgf9ag=v6!^h(shF$vVd{2)&UmTh}%d0X}RF7qH@~KPf^x4h^
zh^;hRzgV?oQcS|vEwNd4)26MhzWP$~MCFA);^$=<r`qk^;TFjs|Hu7!^xX&cJ62d;
z<mBBg7vx*2`{doPPUBzhJeSOL8w9tQ{&N4=spV~=xkmrt*XH@f3N}7RUOp5%T|NJL
P@bomdO>@uXygdj2vjsOk

delta 710
zcmaFH`iymgPQ9^Tv6Degu&0N2PF6vFYGt91yGf?GaZ*KjZf=2_ewA~0Zizu&UU`+f
z0atc<My5q#UT}bCc9LIaX>O@eh`vQ-wz)w{g_lpUw|`h#j(=)WsIhaE374*&LUD11
zZfc5=si~o*g0q*8S75q=d8V<pM{1b4mx*6ij(<r=MSY54MrBH(VR)6FPf<u_R(g<y
zL26Q(msywzSEznup^3MzuUUp;u2Er<fw5s}v6Hq@ptpBqh*5rUiEDXCVnI++c8IA7
zm#(g^f?0Z^QDCKGpnE})yIWSKV{%4uq+w=-p+!_kUU0sfWnQ|0L0Cvgc1Tb%*S<UE
zr#qcj1=hEI4`ttXXwur-Dw|e5t&MMwsgL^2@!REa&iCLoZx-=w?>m3!`quRQJ1om9
zWW07Abjni~V(pgaHhsT7XMxm3oi3{_UE5hJ3O**!v3qmWX`Wy6<@ehhf^%8+$F8?4
zyZoRkROMBsyO;W7ra8A9798<9dvgCIg^Q27{_I(?o3(dBP<=2n)9?C*E$8L`UX0P0
zyen~gFPFbw;?||nd$%t;npkw2g>k#UkG8d!)s}j$oslOcz*6kQY9w|@?>g@<m(TT;
z7q0j=l&qXMXX@oSA7-`HE-A?RcvxkwL$d0x_{papzc_Mx!u+}0%H@~vTV4NAY>@j)
zSJ`0m=akfP1>2+H2e#E3)w2`^mPEz=ns$E2!o@FcUZ1`4#X;4nS6w!q&nseRjX9A&
zd(uPqyh3;Dzri1@j@m6!XNsNc!?or}(cV8ht4%D8ExwB#_;_vR;(alZ4>=f?Hq?IN
zE=sXtsGF^>^|&nJh~&5Q`6vC2Ul%b|{qDYdDoZj$e)^2>$II>3Zpd32bfS8#{SAqw
zPJ+whLzKA;#Oh{q30#XzZvD&f*X~_N#j}uaC-<3`n3evKZl9#NbVX@V<G1tKue&rg
PjXdu86+bU=I$sI^wQD+`

diff --git a/keys/ren.priv b/keys/ren.priv
new file mode 100644
index 0000000000000000000000000000000000000000..7b2a0ed2039495ea4f1f59053dfa927d399dcef4
GIT binary patch
literal 722
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCT4_VV!xOjpQAi>UGq
zN)0v4@C`F4DNCyKN-wa`F3K%;^)@buNG?q@_ANFuaSaJ6x8N$tcXBnzHqVTTEK98_
zD);ks4G3^6@=h+PaP%;-D2((8&B=>!$?z?=EJwGkpe({Lsa(OL$SupwLOa>e#k|BM
zvb54C-77T9%hWP3GTp1JAT=V<AS}2fH?OEND4#3DJy+kL)HOM~GNin`$gx5{Daa>0
zuqq(Hv^*>-+1#bDFw!g}v^d+*C6G&3S63mu(8xG6vBWjW%{|q?x6r)E#VaDn#n<0I
z!p$TvB~Uv!-@qg|+c6|BH<_#7%HFjvHHwG-pV|KFanC2uFyg-^rs&PQx+Qa4(7gp8
z<=ZOvv$6~AX7H(*7nFW#*DsBCttQc2#Q`hbmrwfG;_kC;+HRYTZJe5X=cL=7s-BhY
zdbf)0mC|RGU2ERFeW>G-#jp7Cz}&A@{k+eu1rCKy)SLf9%KGDhjk%&`OkA4YC92Q6
zCtuC3y^wfcl&LCQfVnL$D>&@MgqaJSIDbC5Jda_j?%EaA3va)C=Kst__@1<M**$mb
zW4k8bIBYUe;?&}x9E<42>PgdAbgcR1SJ|pN^{{dKvBb^0?{26{b?~xUwCMEdJI*S-
zsTW-g?G^++EC1E`HQ|(a<o;iIk1aU2)CFnI(edxEt1n|+6)Af0&~25TMTfV@8#$@i
zFMOd<5cMzpK&qof`+ud&3+C$>TV2e$@P9|^p;fH;cV<V0aD`az=DXZ*Zr-DCv8L=b
zj-nUWx4Cib-<Mc^c80hNtHF+?mkuy8-&pbPqn!M4!Q&;%dYh%T<fK=8=w8p)EdJ!y
zyj}ZTj$fIgFT>syc9ZSx**E)(BI>O&P85V6cpYUbv(jUu<HwpE0rJVwjfn;ocl=h&
KJ=K4F>1_b?Q!+pR

literal 0
HcmV?d00001

diff --git a/keys/ren.pub b/keys/ren.pub
new file mode 100644
index 0000000..3454ee9
--- /dev/null
+++ b/keys/ren.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIM1gLSFZSVq+5s58+pymRJY+QOWHm6SZvvhY93YDm5k ren@me.com
diff --git a/keys/secrets.nix b/keys/secrets.nix
index c5712f9..c1ba64d 100644
--- a/keys/secrets.nix
+++ b/keys/secrets.nix
@@ -2,6 +2,7 @@ let
   selene = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBEiuoUbvgZ2N03MTcWw4z+oUB9SG0jR0fy5AnTTBHym" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcfmaqbtwSEydV2hge/aDWxfwlKOw/JJZZWy8ycjojH" ];
   macbook = [ (builtins.readFile ./macbook.pub) ];
   master = [ (builtins.readFile ./master.pub) ];
+  ren = [ (builtins.readFile ./ren.pub) ];
 in
 {
   "jellyfin-key".publicKeys = selene;
@@ -10,6 +11,7 @@ in
   "master.priv".publicKeys = macbook ++ master;
   "wg-selene".publicKeys = macbook ++ selene ++ master;
   "wg-macbook".publicKeys = macbook ++ master;
-  "hetzner.priv".publicKeys = macbook ++ selene ++ master;
+  "hetzner.priv".publicKeys = macbook ++ selene ++ master ++ ren;
   "wg-ren".publicKeys = macbook++master;
+  "ren.priv".publicKeys = master ++ ren;
 }
\ No newline at end of file
diff --git a/keys/wg-macbook b/keys/wg-macbook
index 1342b37..d4487b3 100644
--- a/keys/wg-macbook
+++ b/keys/wg-macbook
@@ -1,7 +1,8 @@
 age-encryption.org/v1
--> ssh-ed25519 M7OTMg PyrVB10SxQZdhrwusKh+m6944Nj5vqBL6qGum8qK4Qg
-huIr2n2ciTqu11o6ApcCoVMstQ9b3XoRfgAtU79wdnY
--> ssh-ed25519 CJLJQg 2O7UQVLdlMJZzt5TOo5EYpfWjKAnNLJ6OQY+xRTp2go
-TonYGAfBSeUpSHl+jHSG2qO9kWseAxfog1oWeGFWc5s
---- Hh8KEiQFjdy2xYqcBX4L6XSp4GPpO29tSPrfpnZlv5o
-Ó?À¤ÿ‡$‡ÜJÎ¦ŸßÑ^¦w’oÌ›Nv’ŠŽÍ*#å4„+=â·Á[ltÒQF™6Õ-Æwiy.Ú¢8¡iýýÒž'.H,a£
\ No newline at end of file
+-> ssh-ed25519 M7OTMg f7fgG3DiQpjnDRSEUjSinuqgLATaK7QRN59bSimH1EU
+9sKf6eQVwqVBrB553zCHwFs0uyQGRpIJkBZ0AyXPFC4
+-> ssh-ed25519 CJLJQg +b+cRU3irwvMnqVBWBIV4GoRyEy+Lg3LHUxZ/httTDo
+uBlqCHMXyf1Um+W6y1Bh9pY0osqdeTgFQGuR6eSHQP4
+--- Ft1Ii2eVy0h8X6h7ABOW6ryT4ctxg9jS8utA7s52bBA
+zÅÙÈ0¿yžÀWÏ¥‹4Í°ö^|
+MæüuRtLµA†:µê¨ó„*öœËÈ‚h2†ìSÎ¶èkå’¬ìFò‚&è	må1y£
\ No newline at end of file
diff --git a/keys/wg-ren b/keys/wg-ren
new file mode 100644
index 0000000..858a6a6
--- /dev/null
+++ b/keys/wg-ren
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 M7OTMg QdJds7EpXMyyO9aKmqQg3HWmY6RQbzkQxRQw+K9fn14
+/SlvfJAOmCqYvIOZm/ZSynAIWSC+2dAvPpa+5Me6I8k
+-> ssh-ed25519 CJLJQg MqNRTuwFcRdZ5VFbcgXQwjRxMAHLJEdUKLuXFPtkRVc
+qRaaJzGRPiW2doetErhhUKwUXitvsQ5CGl2QzGK44Ss
+--- fCQGYqP7qr+S1tzDeyce5Bn4iWsXq+kIe/ojPNj0LVA
+¹4µZŽÁ“Çi"Õž3ÄÞW+€i¾ï9ç8Íßž=¼Œ¿u°ÃnB’ÚÂy]@›[X[]²	X—„Ã›5ªîÌœðîö¢íÄz°lÊ@
\ No newline at end of file
diff --git a/keys/wg-ren.pub b/keys/wg-ren.pub
new file mode 100644
index 0000000..c183803
--- /dev/null
+++ b/keys/wg-ren.pub
@@ -0,0 +1 @@
+wvTFERFXOPcgziLtLtfF3LGv5zmBWikCy/yLRwSuxWA=
diff --git a/keys/wg-selene b/keys/wg-selene
index 908d72404ae9e93006a171a073c1b657842b762d..9c5a20016b9ae7f4d61fd92c8d8367713a2e083f 100644
GIT binary patch
delta 515
zcmX@ja++m=PJMcoZ$V*IVu*gSfnQj#c~GQ5ny;6mp^0H>c3OF4Rz$G3ah7wgZ>D!n
zC|6KnvP)1|N=c}ZUqp$KU%6wXS&B!JSy^6An30o(fu*T`V7_5kc1d<fI+w1ULUD11
zZfc5=si~o*LV9pva(KByYPo;7L77=#g}Ju5L27PlqFYHocDAvli)FTDfJuqJuVuJj
zNRexhUzNKjSBXisX{dj;Sy-~SU$$RHh)+;brN4_sn1P|cdy2ECsd;3Eg=eb1c50Qu
z#E;_Pju|;+{)w3(9*Hi_ffeO0mWipA7J-I&x%%3U0bcIG{-)u<nIU=J#UANg;XZ{`
z=B6GIK9+`gIhj$$`iXvp+WCg1MUe)UNvS0sUghTQ$psOGS-BRI;~B;43(P%(P1Bvs
zebdbJU4lYNgUwuAA}zfFbHbz2gS?YcGlKNJ^&NfEUBZgFDvNU?DvF#8j2&GK(tVr?
zBFyv4k`fD}D%?G?tK40(O&tRw^TSQUQuK?tbaizV{9P<^%EQA_-81vOGu%Q$v)$4v
zebU{1d_xk`L){Y7gFREi+>DBSD}qeZxeiWhNjlp7=-*xY^_;9h!5^p15%k&M;qhpt
z=Rc3Gb9>$!wlWGneH6lQFH<)9qOI6Ep0<ou-31KWg6CDZEWLC5wmoAU<J4bH|9V_z
H+zkf+D9p2o

delta 515
zcmX@ja++m=PJK~HYFboARc=azagtw^hhL>}UbbIoXohcgRgS4wMv-Y^kau9JZ$+iM
z0aunquwjTvl$S|SfU}cfhEJrEL4-?DU}8b8OR7_1ScZq2VQPADa)58JCzr0BLUD11
zZfc5=si~o*LV9pva(KByRfJoTQK-9<sc(d3j$u_$iCb_)R!~`mQI>akRi<%;msvq@
zMrwFcvbTpTmqBrsd182=Yp7*nUQtP&Wu9NMwtG~VenxIohI@vSS7xM1mA0i(U~Y!%
z#E;_PZib;nUX^LS`97&e;ei?HMunx>Im!CD2BBtYF8LlQp&m(=Y2M{YzK+>k0fiai
z-WEv~VF6`%<&pknX89KB8JQX3CQgw?>6H=TS*c<9PEN*Ng@(zK;~B;4{X9)G^9u7)
z%}sJWGQz4dQ(cnEJyMM_i_DYsO}$DB!V0{MQaw^LB0Y+^^0JfN3=Av^{M^j7P0hVc
zQk(;QixMltl0(CT-NFKmEqu$pExiIlqbv=$baizV!t)KnO$;N_jk3(LbIcM;imH-I
zT#fS6^Nn*O4Yi9y3ezgX%EGfli$hZ#xfJ%^zU-Qww$NSu>y<u5Yk@<*w7)<6fAsn9
z+&8Rk(;mk-zOZRd-kTJ^%KrSe)qA%dkehvVZQR-H>lX9>-1^V)qhU*^ZAn+>t!GBk
H-tUb8xYN9d

diff --git a/systems/ren/hardware.nix b/systems/ren/hardware.nix
index 496c286..2f48c31 100644
--- a/systems/ren/hardware.nix
+++ b/systems/ren/hardware.nix
@@ -6,9 +6,25 @@
     efiInstallAsRemovable = true;
     device = "nodev";
   };
-  fileSystems."/boot" = { device = "/dev/disk/by-uuid/0683-2D32"; fsType = "vfat"; };
-  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/0683-2D32";
+    fsType = "vfat";
+  };
+  boot.initrd.availableKernelModules = [
+    "ata_piix"
+    "uhci_hcd"
+    "xen_blkfront"
+    "vmw_pvscsi"
+  ];
   boot.initrd.kernelModules = [ "nvme" ];
-  fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
+  fileSystems."/" = {
+    device = "/dev/sda1";
+    fsType = "ext4";
+  };
   system.stateVersion = "23.11";
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
+
 }
diff --git a/systems/ren/system.nix b/systems/ren/system.nix
index 2eea905..d78fa0d 100644
--- a/systems/ren/system.nix
+++ b/systems/ren/system.nix
@@ -23,6 +23,12 @@ nixpkgs.lib.nixosSystem {
       networking.hostName = "Ren";
       networking.domain = "";
       services.openssh.enable = true;
+      networking.firewall = {
+        enable = true;
+        allowedTCPPorts = [
+          22
+        ];
+      };
     }
     ./users.nix
     ./hardware.nix
diff --git a/systems/ren/users.nix b/systems/ren/users.nix
index 4487e23..cb5485d 100644
--- a/systems/ren/users.nix
+++ b/systems/ren/users.nix
@@ -21,6 +21,8 @@
   };
 
   users.users.root.openssh.authorizedKeys.keys = [
-      (builtins.readFile ../../keys/hetzner.pub)
-    ];
+    (builtins.readFile ../../keys/hetzner.pub)
+  ];
+  age.identityPaths = [ "/home/ren/.ssh/id_ed25519" ];
+
 }
