diff --git a/modules/base/secrets.nix b/modules/base/secrets.nix
index 53354e1..97d4543 100644
--- a/modules/base/secrets.nix
+++ b/modules/base/secrets.nix
@@ -14,7 +14,7 @@ in {
     # to decrypt the secrets
     identityPaths = [
       "/etc/ssh/ssh_host_ed25519_key"
-      "${sshDir}/id_ed25519"
+      #"${sshDir}/id_ed25519"
     ];
   };
 }
diff --git a/modules/nixos/networking/ssh.nix b/modules/nixos/networking/ssh.nix
index 40843ef..f590692 100644
--- a/modules/nixos/networking/ssh.nix
+++ b/modules/nixos/networking/ssh.nix
@@ -10,5 +10,18 @@
     };
     openFirewall = true;
     ports = [22];
+
+    hostKeys = [
+      {
+        bits = 4096;
+        path = "/etc/ssh/ssh_host_rsa_key";
+        type = "rsa";
+      }
+      {
+        bits = 4096;
+        path = "/etc/ssh/ssh_host_ed25519_key";
+        type = "ed25519";
+      }
+    ];
   };
 }
diff --git a/secrets/forgejo-runner-token.age b/secrets/forgejo-runner-token.age
index 18a7501..b91aa61 100644
--- a/secrets/forgejo-runner-token.age
+++ b/secrets/forgejo-runner-token.age
@@ -1,6 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 ZfCryg dcBOsnptC6CR1PGCbRIL087/tMc4LWvTR4r3f58rCiI
-+xWxAQfCy7tgcxZAxxX2a/Ar40IspPUPpZVQyuPNsoU
---- 8LEM/+6yxdMP8e5Y8mdTtCnCDlptaTGTCqiUlPFJeqw
-èÈÐÞ+
-èjbêG üÙc|4||*_ÞxPÇ»…9ÍQá&Ëlÿ+bë‡¯¡T´S®9³ÚÒ¿b†G:äR7èÖÛÏVîJÐùZ
\ No newline at end of file
+-> ssh-ed25519 wxktWA OuxZ0Tu5vOZCA4WcLLJxMD9XZFCzZ0C57Mmv9fAZVW0
+3sE3V7NMUJHRyFa2XBRT5YJqSZqAYUl3OlPhCadGUcs
+--- TAhwgSih1beqhNHNlh6fA/SLiAiQolslAqUelwGueQM
+k‘,,†=“ÖïÒ([-Ão½ìD3StµÐh,ê¯=ÆãI3©ÞÏ% "œx%¥‰i’zœ@Œ°|û~,FÒèC")T·ÏæF
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index b49380b..6ba7637 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -2,7 +2,10 @@ let
   pingu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPbmiNqoyeKXk/VopFm2cFfEnV4cKCFBhbhyYB69Fuu";
   elissa = "";
   users = [pingu elissa];
+
+  theia = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID3V7BfUmisdxsALpGc6ep2+hanPKKcrg4/es7cza4BA";
+  systems = [theia];
 in {
-  "forgejo-runner-token.age".publicKeys = [pingu];
-  "vaultwarden-env.age".publicKeys = [pingu];
+  "forgejo-runner-token.age".publicKeys = [theia];
+  "vaultwarden-env.age".publicKeys = [theia];
 }
diff --git a/secrets/vaultwarden-env.age b/secrets/vaultwarden-env.age
index 307d33b..b82d8df 100644
Binary files a/secrets/vaultwarden-env.age and b/secrets/vaultwarden-env.age differ