diff --git a/hosts/default.nix b/hosts/default.nix
index a14b93a..637b506 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -81,6 +81,7 @@
           self.nixosModules.acme
           self.nixosModules.docker
           self.nixosModules.invoiceplane
+          self.nixosModules.wireguard-client
         ];
       };
 
diff --git a/hosts/frikandel/default.nix b/hosts/frikandel/default.nix
index 8186bd8..126999f 100644
--- a/hosts/frikandel/default.nix
+++ b/hosts/frikandel/default.nix
@@ -4,6 +4,7 @@
     ./configuration.nix
 
     ./networking.nix
+    ./unbound.nix
     ./nginx.nix
     ./wireguard.nix
     ./email.nix
diff --git a/hosts/frikandel/unbound.nix b/hosts/frikandel/unbound.nix
new file mode 100644
index 0000000..a445ca2
--- /dev/null
+++ b/hosts/frikandel/unbound.nix
@@ -0,0 +1,110 @@
+{
+  flake,
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  age.secrets."unbound_control.key" = {
+    file = "${flake.self}/secrets/unbound_control.key.age";
+    mode = "400";
+    owner = "unbound";
+  };
+
+  age.secrets."unbound_control.pem" = {
+    file = "${flake.self}/secrets/unbound_control.pem.age";
+    mode = "400";
+    owner = "unbound";
+  };
+
+  age.secrets."unbound_server.key" = {
+    file = "${flake.self}/secrets/unbound_server.key.age";
+    mode = "400";
+    owner = "unbound";
+  };
+
+  age.secrets."unbound_server.pem" = {
+    file = "${flake.self}/secrets/unbound_server.pem.age";
+    mode = "400";
+    owner = "unbound";
+  };
+
+  networking.firewall.allowedUDPPorts = [ 53 ];
+  networking.firewall.allowedTCPPorts = [ 53 ];
+  services.resolved.enable = false;
+
+  services.unbound = {
+    enable = true;
+    settings = {
+      server = {
+        include = [
+          "\"${pkgs.adlist.unbound-adblockStevenBlack}\""
+        ];
+        interface = [
+          "127.0.0.1"
+          "::1"
+
+          "10.0.1.7"
+          "fd00:b12f:acab:1312:acab:7::"
+        ];
+        access-control = [
+          "127.0.0.1/32 allow"
+
+          # Allow from wireguard
+          "10.0.1.0/24 allow"
+          "fd00:b12f:acab:1312::/64 allow"
+        ];
+        local-zone = [
+          "\"b12f.io\" transparent"
+        ];
+        local-data = [
+          "\"droppie.b12f.io. 10800 IN A 10.0.1.3\""
+          "\"droppie.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:3::\""
+          "\"backup.b12f.io. 10800 IN A 10.0.1.3\""
+          "\"backup.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:3::\""
+
+          "\"pie.b12f.io. 10800 IN A 10.0.1.2\""
+          "\"pie.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
+          "\"firefly.b12f.io. 10800 IN A 10.0.1.2\""
+          "\"firefly.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
+          "\"firefly-importer.b12f.io. 10800 IN A 10.0.1.2\""
+          "\"firefly-importer.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
+          "\"paperless.b12f.io. 10800 IN A 10.0.1.2\""
+          "\"paperless.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
+          "\"invoicing.b12f.io. 10800 IN A 10.0.1.2\""
+          "\"invoicing.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
+
+          "\"vpn.b12f.io. 10800 IN A 128.140.109.213\""
+          "\"vpn.b12f.io. 10800 IN AAAA 2a01:4f8:c2c:b60::\""
+
+          "\"frikandel.b12f.io. 10800 IN A 10.0.1.7\""
+          "\"frikandel.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\""
+        ];
+
+        tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt";
+      };
+
+      forward-zone = [
+        {
+          name = ".";
+          forward-addr = [
+            "193.110.81.0#dns0.eu"
+            "2a0f:fc80::#dns0.eu"
+            "185.253.5.0#dns0.eu"
+            "2a0f:fc81::#dns0.eu"
+          ];
+          forward-tls-upstream = "yes";
+        }
+      ];
+
+      remote-control = {
+        control-enable = true;
+        control-key-file = config.age.secrets."unbound_control.key".path;
+        server-cert-file = config.age.secrets."unbound_server.pem".path;
+        server-key-file = config.age.secrets."unbound_server.key".path;
+        control-cert-file = config.age.secrets."unbound_control.pem".path;
+      };
+    };
+  };
+
+}
diff --git a/hosts/frikandel/wireguard.nix b/hosts/frikandel/wireguard.nix
index 4de31df..215a20c 100644
--- a/hosts/frikandel/wireguard.nix
+++ b/hosts/frikandel/wireguard.nix
@@ -17,6 +17,7 @@
   networking.nat = {
     enable = true;
     enableIPv6 = true;
+    externalInterface = "enp1s0";
     internalInterfaces = [ "wg0" ];
   };
 
@@ -26,7 +27,7 @@
     "iifname wg0 accept"
   ];
 
-  systemd.services.wg-quick-wg0 = {
+  systemd.services.wireguard-wg0 = {
     after = [
       "network.target"
       "network-online.target"
@@ -45,17 +46,15 @@
   };
 
   # Enable WireGuard
-  networking.wg-quick.interfaces = {
+  networking.wireguard.interfaces = {
     wg0 = {
       listenPort = 51899;
-
-      address = [
+      mtu = 1300;
+      ips = [
         "10.0.1.7/32"
         "fd00:b12f:acab:1312:acab:7::/96"
       ];
-
       privateKeyFile = "/run/agenix/wg-private-key-server";
-
       peers = [
         { # pie
           publicKey = "hPTXEqQ2GYEywdPNdZBacwB9KKcoFZ/heClxnqmizyw=";
diff --git a/hosts/pie/default.nix b/hosts/pie/default.nix
index 86b1956..574e1bf 100644
--- a/hosts/pie/default.nix
+++ b/hosts/pie/default.nix
@@ -5,7 +5,6 @@
 
     ./networking.nix
     ./nginx.nix
-    ./wireguard.nix
     ./backup.nix
     ./unbound.nix
     ./dhcpd.nix
diff --git a/hosts/pie/networking.nix b/hosts/pie/networking.nix
index 39e30d4..33c8f3d 100644
--- a/hosts/pie/networking.nix
+++ b/hosts/pie/networking.nix
@@ -25,4 +25,14 @@
 
   services.openssh.openFirewall = true;
   services.openssh.allowSFTP = true;
+
+  age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-pie.age";
+
+  pub-solar.wireguard-client = {
+    ownIPs = [
+      "10.0.1.2/32"
+      "fd00:b12f:acab:1312:acab:2::/96"
+    ];
+    wireguardPrivateKeyFile = "/run/agenix/wg-private-key";
+  };
 }
diff --git a/hosts/pie/unbound.nix b/hosts/pie/unbound.nix
index 400cebb..c8ddf1e 100644
--- a/hosts/pie/unbound.nix
+++ b/hosts/pie/unbound.nix
@@ -46,9 +46,6 @@
 
           "192.168.178.2"
           "2a02:908:5b1:e3c0:2::"
-
-          "10.0.1.2"
-          "fd00:b12f:acab:1312:acab:2::"
         ];
         access-control = [
           "127.0.0.1/32 allow"
@@ -62,38 +59,15 @@
           "fd00:b12f:acab:1312::/64 allow"
         ];
         local-zone = [
-          "\"b12f.io\" transparent"
           "\"local\" static"
           "\"box\" static"
         ];
         local-data = [
           "\"brwb8763f64a364.local. 10800 IN A 192.168.178.4\""
 
-          "\"droppie.b12f.io. 10800 IN A 10.0.1.3\""
-          "\"droppie.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:3::\""
-          "\"backup.b12f.io. 10800 IN A 10.0.1.3\""
-          "\"backup.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:3::\""
-
           "\"pie.local. 10800 IN A 192.168.178.2\""
           "\"pie.local. 10800 IN AAAA 2a02:908:5b1:e3c0:2::\""
 
-          "\"pie.b12f.io. 10800 IN A 10.0.1.2\""
-          "\"pie.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
-          "\"firefly.b12f.io. 10800 IN A 10.0.1.2\""
-          "\"firefly.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
-          "\"firefly-importer.b12f.io. 10800 IN A 10.0.1.2\""
-          "\"firefly-importer.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
-          "\"paperless.b12f.io. 10800 IN A 10.0.1.2\""
-          "\"paperless.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
-          "\"invoicing.b12f.io. 10800 IN A 10.0.1.2\""
-          "\"invoicing.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
-
-          "\"vpn.b12f.io. 10800 IN A 128.140.109.213\""
-          "\"vpn.b12f.io. 10800 IN AAAA 2a01:4f8:c2c:b60::\""
-
-          "\"frikandel.b12f.io. 10800 IN A 10.0.1.7\""
-          "\"frikandel.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\""
-
           "\"fritz.box. 10800 IN A 192.168.178.1\""
           "\"fritz.box. 10800 IN AAAA fd00::3ea6:2fff:fe57:30b0\""
         ];
@@ -105,10 +79,8 @@
         {
           name = ".";
           forward-addr = [
-            "193.110.81.0#dns0.eu"
-            "2a0f:fc80::#dns0.eu"
-            "185.253.5.0#dns0.eu"
-            "2a0f:fc81::#dns0.eu"
+            "10.0.1.7"
+            "fd00:b12f:acab:1312:acab:7::"
           ];
           forward-tls-upstream = "yes";
         }
diff --git a/hosts/pie/wireguard.nix b/hosts/pie/wireguard.nix
deleted file mode 100644
index ea77957..0000000
--- a/hosts/pie/wireguard.nix
+++ /dev/null
@@ -1,91 +0,0 @@
-{
-  flake,
-  config,
-  pkgs,
-  lib,
-  ...
-}: with lib; {
-  age.secrets.wg-private-key-server.file = "${flake.self}/secrets/wg-private-pie.age";
-
-  networking.firewall.allowedUDPPorts = [ 51899 ];
-
-  systemd.services.wg-quick-wg0 = {
-    after = [
-      "network.target"
-      "network-online.target"
-      "nss-lookup.target"
-    ];
-
-    serviceConfig = {
-      Type = mkForce "simple";
-      Restart = "on-failure";
-      RestartSec = "30";
-    };
-
-    environment = {
-      WG_ENDPOINT_RESOLUTION_RETRIES = "infinity";
-    };
-  };
-
-  # Enable WireGuard
-  networking.wg-quick.interfaces = {
-    wg0 = {
-      listenPort = 51899;
-
-      address = [
-        "10.0.1.2/32"
-        "fd00:b12f:acab:1312:acab:2::/96"
-      ];
-
-      privateKeyFile = "/run/agenix/wg-private-key-server";
-
-      peers = [
-        { # frikandel
-          publicKey = "p6YKNYBlySKfhTN+wbSsKdoNjzko/XSAiTAlCJzP1jA=";
-          allowedIPs = [
-            "10.0.1.0/24"
-            "fd00:b12f:acab:1312::/64"
-          ];
-          endpoint = "vpn.b12f.io:51899";
-          persistentKeepalive = 25;
-        }
-        { # droppie
-          publicKey = "qsnBMoj9Z16D8PJ5ummRtIfT5AiMpoF3SoOCo4sbyiw=";
-          allowedIPs = [
-            "10.0.1.3/32"
-            "fd00:b12f:acab:1312:acab:3::/96"
-          ];
-
-          persistentKeepalive = 25;
-        }
-        { # chocolatebar
-          publicKey = "nk8EtGE/QsnSEm1lhLS3/w83nOBD2OGYhODIf92G91A=";
-          allowedIPs = [
-            "10.0.1.5/32"
-            "fd00:b12f:acab:1312:acab:5::/96"
-          ];
-
-          persistentKeepalive = 25;
-        }
-        { # biolimo
-          publicKey = "4ymN7wwBuhF+h+5fFN0TqXmVyOe1AsWiTqRL0jJ3CDc=";
-          allowedIPs = [
-            "10.0.1.6/32"
-            "fd00:b12f:acab:1312:acab:6::/96"
-          ];
-
-          persistentKeepalive = 25;
-        }
-        { # stroopwafel
-          publicKey = "5iNRg13utOJ30pX2Z8SjwPNUFwfH2zonlbeYW2mKFkU=";
-          allowedIPs = [
-            "10.0.1.8/32"
-            "fd00:b12f:acab:1312:acab:8::/96"
-          ];
-
-          persistentKeepalive = 25;
-        }
-      ];
-    };
-  };
-}
diff --git a/modules/wireguard-client/default.nix b/modules/wireguard-client/default.nix
index 9cd76a1..f89ac57 100644
--- a/modules/wireguard-client/default.nix
+++ b/modules/wireguard-client/default.nix
@@ -23,6 +23,14 @@ in {
       type = types.path;
     };
 
+    useDNS = mkOption {
+      description = ''
+        Whether to use the wireguard DNS
+      '';
+      default = true;
+      type = types.bool;
+    };
+
     fullTunnel = mkOption {
       description = ''
         Whether to tunnel all traffic through the wireguard VPN
@@ -35,7 +43,7 @@ in {
   config = {
     networking.firewall.allowedUDPPorts = [51899];
 
-    systemd.services.wg-quick-wg0 = {
+    systemd.services.wireguard-wg0 = {
       after = [
         "network.target"
         "network-online.target"
@@ -53,15 +61,18 @@ in {
       };
     };
 
-    networking.wg-quick.interfaces = {
+    networking.wireguard.interfaces = {
       wg0 = {
         listenPort = 51899;
-        address = cfg.ownIPs;
-        dns = [
-          "10.0.1.2"
-          "fd00:b12f:acab:1312:acab:2::"
-        ];
+        mtu = 1300;
+        ips = cfg.ownIPs;
         privateKeyFile = cfg.wireguardPrivateKeyFile;
+        postSetup = ''
+          printf "nameserver 10.0.1.7\nnameserver fd00:b12f:acab:1312:acab:7::" | resolvconf -a wg0 -m 0 -x
+        '';
+        postShutdown = ''
+          resolvconf -d wg0 -f
+        '';
         peers = [
           {
             # frikandel
@@ -76,16 +87,6 @@ in {
             endpoint = "vpn.b12f.io:51899";
             persistentKeepalive = 25;
           }
-          {
-            # pie
-            publicKey = "hPTXEqQ2GYEywdPNdZBacwB9KKcoFZ/heClxnqmizyw=";
-            allowedIPs = [
-              "10.0.1.2/32"
-              "fd00:b12f:acab:1312:acab:2::/96"
-            ];
-            endpoint = "pie-wg.b12f.io:51899";
-            persistentKeepalive = 25;
-          }
         ];
       };
     };
diff --git a/secrets/.fwknoprc.age b/secrets/.fwknoprc.age
index c6959d8..6f7679c 100644
--- a/secrets/.fwknoprc.age
+++ b/secrets/.fwknoprc.age
@@ -1,28 +1,28 @@
 age-encryption.org/v1
--> ssh-ed25519 TnSWKQ m0puj1pWrbWNbWghKFi2eliWl6aXC2ft8xDY5jDAFHc
-BamM6lruVDwsPeWt22cgAKuMEZ8EPBiPd/tDFzyv2fM
--> ssh-ed25519 2Ca8Kg iPOzSnXsSB2GgLJ7iH4Tt/h1hIsxI0zmFD1BdpaLWW4
-pfTBYLClxNgRSd8yPkddT1DhxlycjlNi0qlX3Yf96rM
--> ssh-ed25519 b0WFDg CgokxIvAm6MEu6Z6RKlRDrkLL3mbin9UgMXHGSqT2V0
-NXxjQ+6enYKB9EXza97jRu5bqBvwp1ELjU4AAHSMCkQ
+-> ssh-ed25519 TnSWKQ 6uURrLgBxs6/ZxxnApK58QwMhqI+4qsEpaEuUxB0GBI
+mzHMmhINod7YgNyY+ORyMryw2J0+TJNv2xnxR4vHprg
+-> ssh-ed25519 2Ca8Kg Q2Itvy9SNamrg3PoHs0MJIdBVpbGReAZRu/p/ewNdiA
+IM9VLvtCTOlwUCTNi/tdcUEZVy0bfq49mAVUV8P8l6E
+-> ssh-ed25519 b0WFDg CTnnYTk4a+Jkfk0vs+EJ8qLfrc6lkKXv/2oaQAICwCE
+EW23ycop5F3uAWSeAwkryFnag6CDd/fPo2L1i9ajWiw
 -> ssh-rsa kFDS0A
-ckCtxjgYSw5MdP7X2xjBfItZcddeqnCsH1w99BBJGOUie13RQ3QMLVjXQYRzc8wC
-7vf4TgxI3UsB76Il9/zVLKWGJ4YmfyZiVYhl3QB6N7LEWyTQwIyL0dDq2AQuACp0
-/Uqf1xtv2pKaCKcjTbmo/D5dMigufsF5ahr9f0lQvoahpCUW5J65mqsryrqMAKT0
-5zZNyKSLLaSkWLxtBDOUG4I3gZlQqtlWW3EBaTjPy22LvaITJHbitSuiRLqpWh0/
-PANt1JQ4rouM9hbbadPSdvSSMJLi+rUUvAqqmBRyQ0rVSqGx3RdgFdGHQnte5e+u
-DYvwpdpchmbeJ/Pf8r0Pw0AU/LXdvXnnWmn94YvR2dn3aucfniqcgqRgcp54dAJi
-DPbc+qtkewvXEtpYgAMeMbJZ8cGlvfjfm4gjWhsKZR3ns8trN/ieHe8KRULGdv6E
-0iUomTSMDDTLYHVvZDvFkPbPG6C+/bO6lMo4iTLHI/N6s5tCM3YY80PNgiPe1mRK
-2v5pxoIAMOMeTzl0IfAYitkEDq6oNik6SmLQXp7UM3wgU7TCX2cFF0qtCEbf2oVg
-QmtnWAmkeLY0wPPsxD7noFjZC9w9NzB/lY72aPbZWQ33m2/h6dl0rSuAnvi344Fk
-Xw+ArCHI8FgdvnJfHhxF0DHnTYGJdHjOhgeMvaBqih0
--> piv-p256 zqq/iw AhKf6NcgyRq4ByiBGlrGZL8QeQFdDucz9H25i/bzMT+4
-M6fx0VOPtkYVtRiNe3NJ+EbjVDE9JKIHU3l0/BDlhsg
--> piv-p256 vRzPNw A4cb4vTHfdf4qkxXIUSZaKk9KxlDSsz+53PiH7tGgB69
-xQFa4kpXrxdTgzjGxwP32/mrkxWoKv6JRt0hv4AZ8YA
--> Y-grease
-Z762hsZpQjmRDa7kH/ClYtSx1+gX07WBlg4NZFHRKslzVFJzZrETrCwPbme4miJ+
-YbGA55Mtncs+e0sxJq1bh0hQQEkkzYJIsP7WnoEGnevgA4jVz7APwBv5
---- xH2jN3pGVW0JD8V5d82tnhUGng+yMZdl5j2L8WHBBwE
-ÈžÖÅzU\@<ÚÃhB¶(q^/ÂÜvä#…ŒAî/°Äûw¼×µ<%Ï0v$ò§F„²jíœâ±õú9™†i|ô
\ No newline at end of file
+hXOBt1CH0hN8n1/mpOxq3AZ9AWVKfWCNxf7Lq53YMN3vbpVkS95QEqnppPMRo3iE
+fn3Zr6RD1T8+F1uhuSOwfjE5vIZPOXydaS/cMptZnLuDQigZVIky1aaWE86KIIFX
+FakKTpOAJModP+yOF5vgQgypOYvxAC6KCph7pPm0x+RENW/s3Dj87/4nnh/VmZBg
+RbMWWe94SJXmKGyuSQv4FpRFlU0iGYalJX65S6GE2svnDBXnMtwpD1X4gD5LBLqI
+WYmPQjNDisjXD8tkWzhechKKNPYGyo1agEAZqpWzMFwLh1fv81qLbU3EUYXXPbix
+6S41wAb6AsnpEl9HkIacjgcaf8Gtvo1u0rmR1s/PpQGgRx8Mw120C6S/lhTqtrr1
+gGwQqSuB7hRB7goCWwlsUxNhMUDKpSDsEA3Tde5DSlNDN8Z45fDclKLv3W3nCatl
+aZzMQwfCPp4PCrSGJkeGUKjoIEXxr5Qgi0szGfXuNiliyN27Oha3iFSdtUkF5aV1
+RcfFVzmMtU2rzkZUkQLdhZ7vSq15zVXpa+oVWMe7gXZ27KBA/smaxayhvbNMMNSD
+Z4LTpTVp6c1VACq3VjXDyl1kJ4ttvkA0+4XI9UrN+jXs3QX+8g9fGY4IaiFILwef
+2yDh7v6jD7fzzMi/8TomfuviH0PMFDgLo2BgZXqe8QY
+-> piv-p256 zqq/iw Am0n/HKYKd/3RhSG/I4HPBmVBpK/meIyNvcs7Gjtdifa
+JZrwIJwlkpgq4XPpvBuEQk5q7/baNlMFVjC6oCmVKyw
+-> piv-p256 vRzPNw A1V8Bhk91P1xoDLja9DQxqmL5ZrNXVjNNfOkf7z7C+t1
+cZ4rh6X3sOPDELM7TZfqDPNsUQ0LNq0i4Eaw3c+vtB8
+-> ,-grease -JoMm !`<7ry Fwoj "z#
+eN+9WhnQ62Y+e7wy15/5o7EJ3p3sPb7I4QF/Npr10SGx5fAol9kL0dwL4KbG9wYg
+fv0
+--- MCXCTmS+cgmXN8TwiyUgxc6xC8Mi/9XlFnoO0KtLtOc
+kGeÏ¥áü¦Ö±í›I<æL„°4R–=~%ö¤:õ#ñåƒe;.y¹„Ãçº¡ä§š‘@ú›ò&Ä5í¶ü§
\ No newline at end of file
diff --git a/secrets/b12f-env-secrets.age b/secrets/b12f-env-secrets.age
index c18931a..5e80170 100644
Binary files a/secrets/b12f-env-secrets.age and b/secrets/b12f-env-secrets.age differ
diff --git a/secrets/b12f.io-dkim-private-rsa.age b/secrets/b12f.io-dkim-private-rsa.age
index 3713e60..88550c4 100644
Binary files a/secrets/b12f.io-dkim-private-rsa.age and b/secrets/b12f.io-dkim-private-rsa.age differ
diff --git a/secrets/cat-test.ovpn.age b/secrets/cat-test.ovpn.age
index be5d056..01aae15 100644
Binary files a/secrets/cat-test.ovpn.age and b/secrets/cat-test.ovpn.age differ
diff --git a/secrets/droppie-ssh-root.key.age b/secrets/droppie-ssh-root.key.age
index 5f0c486..26cb5ce 100644
Binary files a/secrets/droppie-ssh-root.key.age and b/secrets/droppie-ssh-root.key.age differ
diff --git a/secrets/dyndns.key.age b/secrets/dyndns.key.age
index 558539a..36e83cc 100644
Binary files a/secrets/dyndns.key.age and b/secrets/dyndns.key.age differ
diff --git a/secrets/ehex-vpn.creds.age b/secrets/ehex-vpn.creds.age
index 2dc993a..42df63c 100644
Binary files a/secrets/ehex-vpn.creds.age and b/secrets/ehex-vpn.creds.age differ
diff --git a/secrets/ehex.ovpn.age b/secrets/ehex.ovpn.age
index 35bf72a..879efa2 100644
Binary files a/secrets/ehex.ovpn.age and b/secrets/ehex.ovpn.age differ
diff --git a/secrets/firefly-cron-secrets.env.age b/secrets/firefly-cron-secrets.env.age
index 33f90ee..4a5e4ef 100644
Binary files a/secrets/firefly-cron-secrets.env.age and b/secrets/firefly-cron-secrets.env.age differ
diff --git a/secrets/firefly-db-secrets.env.age b/secrets/firefly-db-secrets.env.age
index 15aa81d..6720393 100644
Binary files a/secrets/firefly-db-secrets.env.age and b/secrets/firefly-db-secrets.env.age differ
diff --git a/secrets/firefly-importer-secrets.env.age b/secrets/firefly-importer-secrets.env.age
index e5b54e2..e897bf1 100644
Binary files a/secrets/firefly-importer-secrets.env.age and b/secrets/firefly-importer-secrets.env.age differ
diff --git a/secrets/firefly-secrets.env.age b/secrets/firefly-secrets.env.age
index e84ce63..f1c3cc5 100644
Binary files a/secrets/firefly-secrets.env.age and b/secrets/firefly-secrets.env.age differ
diff --git a/secrets/hosting-de-acme-secrets.age b/secrets/hosting-de-acme-secrets.age
index 5ba5f5e..e0b2982 100644
Binary files a/secrets/hosting-de-acme-secrets.age and b/secrets/hosting-de-acme-secrets.age differ
diff --git a/secrets/id_ed25519_sk-464.age b/secrets/id_ed25519_sk-464.age
index 572f754..e6b801a 100644
Binary files a/secrets/id_ed25519_sk-464.age and b/secrets/id_ed25519_sk-464.age differ
diff --git a/secrets/id_ed25519_sk-485.age b/secrets/id_ed25519_sk-485.age
index 3b68cee..6ab0145 100644
Binary files a/secrets/id_ed25519_sk-485.age and b/secrets/id_ed25519_sk-485.age differ
diff --git a/secrets/invoiceplane-db-password.age b/secrets/invoiceplane-db-password.age
index ff1bf13..83a6c8a 100644
Binary files a/secrets/invoiceplane-db-password.age and b/secrets/invoiceplane-db-password.age differ
diff --git a/secrets/invoiceplane-db-secrets.env.age b/secrets/invoiceplane-db-secrets.env.age
index 1932043..5f35b70 100644
Binary files a/secrets/invoiceplane-db-secrets.env.age and b/secrets/invoiceplane-db-secrets.env.age differ
diff --git a/secrets/mail@b12f.io-password.age b/secrets/mail@b12f.io-password.age
index 56290cc..cb285fa 100644
Binary files a/secrets/mail@b12f.io-password.age and b/secrets/mail@b12f.io-password.age differ
diff --git a/secrets/rclone-pie.conf.age b/secrets/rclone-pie.conf.age
index 25abe3f..bfd925d 100644
Binary files a/secrets/rclone-pie.conf.age and b/secrets/rclone-pie.conf.age differ
diff --git a/secrets/restic-password.age b/secrets/restic-password.age
index 2e9b376..9482aec 100644
Binary files a/secrets/restic-password.age and b/secrets/restic-password.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index c1a2620..6742e4a 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -87,8 +87,8 @@ in {
 
   "b12f.io-dkim-private-rsa.age".publicKeys = frikandelKeys ++ baseKeys;
 
-  "unbound_control.key.age".publicKeys = pieKeys ++ baseKeys;
-  "unbound_control.pem.age".publicKeys = pieKeys ++ baseKeys;
-  "unbound_server.key.age".publicKeys = pieKeys ++ baseKeys;
-  "unbound_server.pem.age".publicKeys = pieKeys ++ baseKeys;
+  "unbound_control.key.age".publicKeys = pieKeys ++ frikandelKeys ++ baseKeys;
+  "unbound_control.pem.age".publicKeys = pieKeys ++ frikandelKeys ++ baseKeys;
+  "unbound_server.key.age".publicKeys = pieKeys ++ frikandelKeys ++ baseKeys;
+  "unbound_server.pem.age".publicKeys = pieKeys ++ frikandelKeys ++ baseKeys;
 }
diff --git a/secrets/u2f_keys.age b/secrets/u2f_keys.age
index f923ea4..5a4e5fd 100644
Binary files a/secrets/u2f_keys.age and b/secrets/u2f_keys.age differ
diff --git a/secrets/unbound_control.key.age b/secrets/unbound_control.key.age
index 98b4e12..bf703f7 100644
Binary files a/secrets/unbound_control.key.age and b/secrets/unbound_control.key.age differ
diff --git a/secrets/unbound_control.pem.age b/secrets/unbound_control.pem.age
index ffc3196..552a7f2 100644
Binary files a/secrets/unbound_control.pem.age and b/secrets/unbound_control.pem.age differ
diff --git a/secrets/unbound_server.key.age b/secrets/unbound_server.key.age
index 12edeed..e6e7866 100644
Binary files a/secrets/unbound_server.key.age and b/secrets/unbound_server.key.age differ
diff --git a/secrets/unbound_server.pem.age b/secrets/unbound_server.pem.age
index 23a69a3..7b93fef 100644
Binary files a/secrets/unbound_server.pem.age and b/secrets/unbound_server.pem.age differ
diff --git a/secrets/wg-private-biolimo.age b/secrets/wg-private-biolimo.age
index a74c915..566d5e8 100644
--- a/secrets/wg-private-biolimo.age
+++ b/secrets/wg-private-biolimo.age
@@ -1,23 +1,24 @@
 age-encryption.org/v1
--> ssh-ed25519 TnSWKQ zRkCdKWlpeiLcwv/r4OqEGur14RPGw5n6B0NTfKAc1c
-jnWrX4wUM1a23Ox6/vkgtutHVPEixhmWIhAE/DZDJaM
+-> ssh-ed25519 TnSWKQ fwd+JLslyJO9/9gqPQexUGt0aqBPhdV1bJLn6kIk4U0
+BPbUdB+sxdWBBCm1AvW5Zdgbb2DMmc8gAkmjtmSqp5c
 -> ssh-rsa kFDS0A
-ElVu1mDsgAaShjRjpaETtpvrr6bxEABWRtlpfTyAtPB1O/EseHhdhOoZ4o/iFq7j
-nXTCFMdnjc8cuLiTuaspWNs4fJI1A3Aj11KPE5Nhy7/JZl3VKteTmOX04tvrbO/n
-bKKdQpgOt6/eOD7Spv2YB9frb5KfpMmS+d1x+Euc1Qy4L4MbCLQ+ckia1DSRd+IP
-KMAMnh494fxxZTE95VLCeHR3M2h94de6RKFXdpPNh/16UHhvseamY0ug2XcRFITr
-lrExJXjveCt5BHSuQtG0gq/RZebshoCdNcb91VBzyCVOfOWFkJPEZ/TICdXgjOaw
-PpLJx9kflzN31IEOPHOpTpDTh66DQQxtMlEv81hdKxm6AVSXQgdkdcyaXZ5sLXkE
-Sn5l+ygpLcq8rYV3EBD1hd9qEp96xwHWyphYXtaqZno/3TlhhiwdVSZnlS2vb6zd
-z8OLiB2gLrybNFuMMUG+KiBA07M95NAxXUJJoNluU6E8kKjbGLk4agDOPcxC2xwW
-iZlQXfBaEJ78eTozWkvQavFp708w+7RDKtwEwB67fuNPw8L6yaUo7QILaDbbFbkn
-PzoLBl5pvNGyzJDpIclZt4DoA9iibQfORdJcSb3OAh8LnX7O1KXqV94pcWwiH5kc
-3qdb/w2ZKSfWNmjSVFW1uUYvHf8mCzk/U5WNumZYgto
--> piv-p256 zqq/iw AiLiC9S1N0DF5tv86KmbCpxkQgTJYhgj9hKEEwVsXBZZ
-fcSb7lLRZVn+UJ/2I+gW1PAK+h8IyL4bZ85NGMG7MuY
--> piv-p256 vRzPNw A4Z1zB9qv86UnGt1FK3Sj6cREa8j9WVtGja8u3+fO8at
-AhzH89172x8HVelsmcHs51qwQ2PXrAOU0hw3NOg1iFA
--> ^~yN0-grease YMAv gXr aZmS
-zFHcf5upRbPo0sM
---- oV+vSSRjUNM0sJ4tNV15jTOjglw0djV0suFT4B3L6+Q
-¥•=p=ÁíòFöÎf„Éê÷ÞØF"0&ï#ø’q‘¤'núÇ®3š›öl¦ªj‹àoDÍ)ò¶¤®`ãè]/„½éLH˜Ë&Äo
\ No newline at end of file
+IrAR8mdTLT/zalYgg2Asxna356ZXTL+3hR4gt/Ybq9jqSIXW2VV8HIq7pgKdAHsp
+pyH5lv2Ms/+nOTEpDEEkJhp7gNIjMYKgJEqYPu1WKn0F1OipJzLFkgZNKcFvQNkn
+dD2VnL0PDQUz/kd5vzW9B78XYjYScighYfmjlEXc+STdbl5L7pzBhvuzIzDqkmJe
+2eiHTRIUmgRYin4QdPiBawSyHitqA7hh6KmQGhCwc7uB0WRO+YUszS1IcYKXkbIR
+Y7/AZMeYq1TsvKxONu1J1Y2v3DW0PLdac+1AkBcXzPZinzfMd/fVfXJ9+HGY+qmo
+gTnNwPUKhuwtC443YELuauun/Ewuyc+PO5J0uv6TAuRiqGTC3gwlJj8jZ+N0MlGM
+ty67urnhUv9j2V4o5VzH2cE9C39V3WYKbdX0pjDVuHR+usQUfAyEfo6jplBBQqs6
+B5oVbXWPOX70CNKqEVo8KDifI5AXorkyDJQTg7VW2T6jptwJFSaa6V4tF6mQPEGR
+C3OccIeqSra6w2nE+QpELEY53QKNLqrVjJbh/HxSy7rjcT0iqeg9U+beHB6+CoIL
+v05oiYcs+NVPZE64ntcV3WVGMS4LmeXYvBBYGL9tFOL1+p9U87JBZpEZpkwusdGh
+143XAmib2ADC2Rxvi5i9D6mRGhvTU8qagpe5wUHbAzw
+-> piv-p256 zqq/iw Az1Ew9SsKzR5YrhajX0YIzlt8ySRxaNfMPV6p4DbKrUy
+cLH0dBw37O08NMDRXbFXtrk3qKopvhIGhYl+eMsQ82E
+-> piv-p256 vRzPNw AwXrhJsjY7BVKJoR+78/1wO4sPYafIQtkkUKwIvPfBaY
+bFO+XxsxYez2q3OSK2HHof8d4WrQLeL004fAHJuz/Pc
+-> %-grease E \TI
+kz5whSsQtgqYLzXOfHynBbyRak68JngqSFvkSd2/9Lbh3k/0m+LTDfGuWRyIOtIX
+cQ9EKbqCRe+c57kBsBfRtFwBh5wtoQ
+--- wSng+EVMuM9MjinQTwuZCSWz0KkdosBLPXaOnIJTKas
+f3jC<”bâ¬›¯6Á(î‘]ÓºŸNŠ(ì<¾ØÖÚá¾ÃÚE3þŠ%¯¶Û{¯³Mƒ%“3è‹ÄÔKâ²M’p"wïU±kîVÜ
\ No newline at end of file
diff --git a/secrets/wg-private-chocolatebar.age b/secrets/wg-private-chocolatebar.age
index 651ebec..3063921 100644
--- a/secrets/wg-private-chocolatebar.age
+++ b/secrets/wg-private-chocolatebar.age
@@ -1,25 +1,23 @@
 age-encryption.org/v1
--> ssh-ed25519 2Ca8Kg ZmwG8MXfnAY86m2+hA03ZrRSZ0YjY2gONssdQ8mjKnI
-hh4Ar4Q8psPIiONo+rBU0ZQ/odhiTqH10yJuIgAlaPA
+-> ssh-ed25519 2Ca8Kg hRQQ2wDCuq5vxvM8nEgSfcZOyTYvAIBC4zHBODqxJn0
+qDdW6vggusvs231yrkeJxzb/Ixctl0Af8GdgMoA+M9w
 -> ssh-rsa kFDS0A
-VxqLEJB3i0eM2XOFF6lah54mnJf+xUHVXlit1YDHcoeSjlHdoLck9XNM2pOCOFxv
-DP2O00fvlLvIupr/r9nOPHc5GkruuDD+3/+j6LO9VeEw4qYopCjlHJZkP3mCTrGK
-vl851maUOD6OSMFg7Ah5mQzXDNHT5SFX18p2eCbaqzk4MJPNZ7cqZ5Rb7av4NqQ5
-sM3ZPulbQwVuWKLqagHRsZz07pe0KDXmcxp7nMj4tWXI36nEEY50Nm/KOpYLoVed
-gs6LDzIXO8f6xomc7P9JICk0gJmHyGa8/hTXEKE7ervMb7nFWi/aRtUfAT5nv6hn
-k++YgLv3bOEvgLBFryeko5YpYX4WcArZUydpzy0TM742LpWq4BcQeAIB4DAWIcSC
-D8Lq3G63XE6pW7gQzE0NCNAtwXSh63XadXz/QCvYS1Io7jijYusp9uTZ5IbJKG0x
-ypemhvWDY3sFiPEk8XL5LGIabfI5xRXNwDh8qHlJ+oVvRiR1z2kNisHGPT5Mo0Q9
-AaPvFJUrCWs/dUstVPUIkAhzldvNgLFtCZeYJe5/22JyacrQXKqviOELJpPSfe04
-uDgOEQXfSxXmhkRUnSskaem/n6mtF7cqMhrtYYj1piAVcF9NZ3/NvFZ5d7WCA9fB
-Vtfezz0S6AHVdw6Hq7A/gkvCsMez7itK+peX7z5eyUQ
--> piv-p256 zqq/iw AqkGF6VShGb3L5pReiSopSBhrFw0F0Dt2PUwIFHEIhBU
-Cce2sH7z63ZJJrYf33AM8eWalxs2OTQdSlmIRQZUZJE
--> piv-p256 vRzPNw AuJT7f1mZ3AvyguLXvMqJxVODObI+qk6EzSxC47pKnwu
-b+S4GJw6x5o732WJA7pirG1FxRhcXVMdBGHKhVWWKCU
--> {7Mi&-grease M!.(dWi xmb!I _,X(pK@A
-Cp2rBEdYWH7tn2kZINvRmGSJyECCD650Do3fSsM4Q8V0LPvmVdBVsL4ovh5ks4tF
-
---- Rdo4kkDJCmD9jbGkWhbf7y4jPOe3fgBamwW/6I4lxEA
-×‰íN®¨×‡'6.;o¢4¶Î›—™=s5òÐ8qåFU
-‘ý<,ƒìhØ	²”˜È``ú¯K´s˜ƒLTß¸‰^öî¹&t×Zî
\ No newline at end of file
+SoAmFFFWWnmIId8oox6q8hABipnGzfI4iV99lIO7fYfW9wZGnD57o4FJ8dLb9LeV
+fIgl00oMW2X0up4I9yG8X3v/0LPBX+ywTXVpxHguPiGj9edgan8JLWTURysUqqis
+4mf64yPwhJjPqRF4LXGIwcaycpuoeiXytkti3moy33snJs/vK5pQ5pices1lWl3S
+DlAOWPnde67TzznTtS9v4iGIPzZO/EimXLxnkY7DLdZovIqsXw/52rxzMI9By7RO
+422EOGK2wYQRZoqJGmL+t2mWvGUIvrpBQrEJln7jTR/aLiBJf86uXCKj2FZyVeZb
+ifpnBYxECEovLVteBN/Azy8aw4EBkLd814KsYWI/UgL9r/Nv2BaTtJZfoCKwcdMB
+klfDWy9pr4X1AVXHhk88lt4b4KltbEuZO4jLpQOpZYzNUjM9sYIesGR2ypYkM+zM
+NDlTP1IRJ8wqUVEsRX9BOjGyBdak4p1IFYA3yrxSo3dcJWHnR9tvWWiAucCrFTKE
+mugks5zNpwpYUsLnKWwR/YvlGX18+xCWNs1U1nOgyM5sBsALHvfsbxFt+IrqhZ1O
+6KmvNVyc+kTjDB/AyVQBk0WRInoApQoxhR1oQyVJQUv/kLpfuId4LoIMVtqa4QXa
+MEpU1fxDdMN0er26qEDXcShMJwYrbBouvN+zHKtUFAE
+-> piv-p256 zqq/iw AyQiaE7qlCRQQoBbBxbWsAGHf0UngwPUqFZEzWBOlRyw
+wvoF4SAvgpbxlFhVqjPOgxy2sIQa92WADK+aU2mbEUs
+-> piv-p256 vRzPNw A3aOK8vidb/ERgSoxDy2CBHsCOa4kGDH5gmRhLvVyvrI
+p3sH2Pj5by09YAf/VmwYYSWsQ/IHF+yo8a1o3+4km4E
+-> u/~Sa-Wt-grease
+PWp6N8s
+--- xZAvdFj/okYXRVYzlnxzC4ukcKhS7Ru4wW+/CVOQ2Hs
+½V‹L­>]fÏš{Ké8œ:±‹Ì9‚óÙÃ¬h›Óò„Ñw´ÜýaŒ‹ûQûFçÞý*¾/rjQ†Ç³ŸHC„áWáþYFÅÛ5jÁ¦ÿ
\ No newline at end of file
diff --git a/secrets/wg-private-droppie.age b/secrets/wg-private-droppie.age
index 308afd4..a01e69e 100644
Binary files a/secrets/wg-private-droppie.age and b/secrets/wg-private-droppie.age differ
diff --git a/secrets/wg-private-frikandel-server.age b/secrets/wg-private-frikandel-server.age
index 8e969fa..1eb998b 100644
Binary files a/secrets/wg-private-frikandel-server.age and b/secrets/wg-private-frikandel-server.age differ
diff --git a/secrets/wg-private-pie.age b/secrets/wg-private-pie.age
index 476dd81..8e386e5 100644
--- a/secrets/wg-private-pie.age
+++ b/secrets/wg-private-pie.age
@@ -1,24 +1,24 @@
 age-encryption.org/v1
--> ssh-ed25519 8bHz7g BWIn/zpeGzkdrrMz4OISrJxHHOUFb/fhm+scBZpFXiE
-k7ZEkPTXtMBX9/H+aHFxbXc+l4ZT9OTF8uWfaEYqrNg
+-> ssh-ed25519 8bHz7g swFy1xP3Q6GbgRhr/Yjc8YmDmwtSKM5qtrKZlKTxdRc
+muQMtzgAR3bR5iCqUP5tR4RtEoO6QKojLO+ydn27kjI
 -> ssh-rsa kFDS0A
-EErlK5l0SXJhWoiTRwaK5E8i7NPWnxhGL3V8MuIDpkZKZhLVf4CV7bF4fOYeYxfm
-CNN6qJlqlF5AG9cId4oBQkM/w1to6VpNCKkkBUr1rAGZUsrg8A9/9TTDXCBubeBV
-QjDJQBT1nRfp8p84Wm1jnRGR37+p8//ziIvFfnyNXbj36Z6ExfYkVu3kuI9gfPyW
-R/8hRO+lf+gaa0KX1JakNkiGbFXOggsaZFM2dd7a3sKzJDOCwD/6gDsVZkW1tcv6
-/HSZjQT9ITK7qqYWV7rBti1VLXLRTTP7ptAqJ0f3ZfldrymHOBYiHV2F7OXdfy6i
-Lm75JcaqN09UBqIVCV2alo9DIjrI7/cvtAAsshhzQjXtL9pNpTjsrKzsIR685Vwa
-hBCBWw0nKnM6q3sQBJwGKTCDHLqEXnzSk0eXK4hbzb9PQ6/BIC4WVlfcvceoOOHU
-NsRfkWsH3w3oBWa85ybZLBD1CuH529u9nokmqRHUjg+6AGaHlIm73wUvuUBH/6c8
-wAlUGXUdwg0V7IV4WzyfGGHdSj0AnosyzX9MafsWdlYeUCzTklgbBcjrkVhiOxV0
-WBM9TErXJZEXnEhhNM64gbqe3BcEy6H2Q+QUpmJ7FYKgKNJj1JTS2POkwrogIl86
-qQ4zv2hy3zZk0CjxoCEHpBIPMiKeSgMxCbYvjTQBZuU
--> piv-p256 zqq/iw AviW+q1wdeXplsPCPx1hofDY6kZE4x27/mGwfJXLTVMG
-h4t3oxQon0WaDwLIBmDYh1y3sq3ZfIfeAMWTNxjSNlg
--> piv-p256 vRzPNw AqW8M2I8LoeCCRUbwWsAKl2CImAd9i8u5Lawy8E/n4aP
-tTo5MoZtplvoDqbEMOtwaLnGHlq6ZEa9A+vUPY20HQ8
--> 5(tG-grease T++?n| *##3;| oOn*L' G{XK78i
-jm2zLWS4MyFlzV3WlyOGiFPrCTtdUnQpid2ioYaBqx2bgKpny2CbTg3uaKosS+lJ
-dUHJUXoSjB6/x+iAKEDXORYz
---- /1Nrjil4YIAQcnBWPZJ6TIGJR7N3zkkUZLktlGy3Hyk
-\²hÍ*5Ú8TØPxüÛ7Ÿ=ðŒ{‘7A©Ê<Ÿ_úŒZhß…©Ÿ$õ•áÜùã9‰;Y7@›n6„ÊÒ“§,ÿ±'ÿÒZòÞ(v
\ No newline at end of file
+idbL0CqVbCSXdOUS9c+Le38btlt06jQzIDPe6LSR9mIRKKjm5cHhnDzSvwKp/RAR
+wNbvqnF3uPRK2zrVn/9bsHyf6it1TRJGhDT8gKhPF/o5uBaNWT4ZkrBBE+MlHo1g
+w1lL3t/TkkIE2kCfz8gZMofO+gcMbOJj5xRoRpxSic/2gNo9lJpjzBeG0vzik+iw
+j7Bf1y1Dv5x4YZKA/i4ygVXhBRsXOEPoH+Qaa9cx1fMzSX1eiP4ovtRmpyLnDC7l
+uAfLzmoMip06Kf/YQhw8kDcHQJ6b5+cC0pBq7CIGUU5ZiMTpND/nesgkSm1t8GkE
+ewfjN5U9zdLnSNLvXaW9Bqh+AkcT5pBjMmwfnd3bVQdRPNeiUSBwAhDQmcjYms1i
+4oJIOcHBSFWXqXD7oySkPq1CkMCMYNItvT4/PRAUH3gbmlwdz6Jsq2tOONcvbAl3
+fikGkV5JPb4qhADU15hqd0SkA+052ruRLAe/NP9DJFIOQebdE+vRh6p3n98LS5ma
+uSdH7VNKhUqe9SXhUQsfsHgTM1XrBIuWZ2O5kIZ0taP687i28qO/o2Ldzc+IAOJ8
+temgIWVoRFL0Q+alH3sbTio4fOaMg2Yo5adwTmymc6cM7smgqbMdkGhZySy0dE8k
+GmgPAXBNSq/21bYmY3oy3Bh10a5CDrPf86dpGoycoKQ
+-> piv-p256 zqq/iw A+4Czpf6YKM1OBN6ou/9qSfSzdDXHlYrZ915DUKRIrOZ
+fQP0r3DOVymPcrdjTK9o6ghkh6vw1kI7/6FYqxctDhs
+-> piv-p256 vRzPNw A9+q1Wy/fBWj0vNCFm/bM7z9eHhid4sfq/eg55cQnviO
+wsiQLdoMtBWGzDVVmk/Ta9nf9BrxJimEISth+Xe+7Jg
+-> .G}x-grease 4ig s?
+TLN4R153U0NQTbaaYQSjGIQD09X+RaS+3wkZBGgxJ4lPdCvpcm/logzaq53je+wf
+1N+f
+--- pTrsccWdwmg/C1Hb/ZytfsWTsimatyEN3CcX2X7NnMA
+²²‘y8WÜ‡ûÐÏ¥$×cE	{…/0Úu¸®â6n˜úºÉ}„„;sìr{½›oy~ž·»=}ù¼EØƒ˜E7ç?ŒüÐ—8qŸ
\ No newline at end of file
diff --git a/secrets/wg-private-stroopwafel.age b/secrets/wg-private-stroopwafel.age
index 120a8c5..47d499b 100644
--- a/secrets/wg-private-stroopwafel.age
+++ b/secrets/wg-private-stroopwafel.age
@@ -1,24 +1,24 @@
 age-encryption.org/v1
--> ssh-ed25519 b0WFDg kPkacNd7viDMJdlsbSfEF+cPOOCFWew2m/ywMOocSTs
-BLbIrO9/v64kdnbKylemrLMgW7ZZzqZ86QTqMHOEKDs
+-> ssh-ed25519 b0WFDg zdfcZ1qfVxqTEReErKszNqqjP3ahzOwZGxGGuF49fkY
+l3vyvkevVfiV50Epw6WCLsfRYZWeiM9JMKrswOf4Xrg
 -> ssh-rsa kFDS0A
-mbAysR2+fUtcC8FE4yN77uEqzpf+05yNGKOUdP6yvpVurIhFrbdNDyUc/69N/83N
-GiKiGkYOcMIbcsk3ayrtUDCRs01hbs2Wq+aAtUXm5Ca4u5RJIajQRLBUfhMDwS8q
-ts28tMypzsvl31ux344UZKQBQ8fp6s7bG4liVzDUH7OITNr/1+rNTDsq6KASohg1
-ImQZ7cmSftFakRg2T14ppXmrgf6mYA4LD8cPL6HjFJ+XO2Ai/HMZCov2SFkxDvdo
-pIf/YmRuRCHuwNyAvfylgl2sfWADt1p3NKbj3rEcCF90otpwPyEE9cCNYtCjK46d
-PkgI2ytxyYYybbzGTSIR1NC7u7jdKnHsSyVlJ6f5j8rGRClSt40mGUT5N4Yssg90
-aqlxaNsZfYU9tCYEXzZsw8D5kBE0oCYh14iO4tFgpHIP3EOknMDbiGXGh6AQe8d9
-2KjpUi5B1Wi5Y2hMansU1LV+7mJRovacrz/ROeWNb86VLt93F7y8sCb3BUhR0xtP
-rFogG7vsz4zKQwfBZ++T8zIEC0ts5H70ELcllpw+S7FviGgMPtwudKKuhylPmdg+
-ap57t/XTlDITKCkuH99QC3uhi8AJ17nwe33upl/2s1uRM8hIF0fechKJIAlB6uh/
-PnM6S7TyIwzkISPNUIKInVa0EZ1eltKZ82900edaRL8
--> piv-p256 zqq/iw AkcNxTlE9m3CduhwJh0wBRwID+L+4GDCgqINfeYAYJ9G
-ZdnbRbDG6BDdLVm4cfIWOdnax73HU6se+MoELot29Vw
--> piv-p256 vRzPNw A4CpV0e+PeDKB9hb+VIKwa80npLAcjLPBaUaHUlEDReH
-rAMbqYAQi77DzprV1P840TFZnPgP/DU532QSoB+OrLE
--> jZ-grease 1w
-uRRfvsatkgkQlpmGrQtY/67E4OZgtNzPZtbtd+mDCBUytWQxdusRf6yn+aB2/c16
-uYtBrrRZwADrUVEa3090nFZV/w
---- RCK9Zq6jy7qKKDXIAtXM0vjSVAJi7qs95vs+CKw5Jo8
-ÖüúÍc/ÜüCÂ1yÜA³>,¯K0ñásýR6½k‹-ß›$N[ÙG?—?˜ÞŠ1Ë)Lf‰áï€c|Swû=ÀbÜÏnOgI
\ No newline at end of file
+PVtNg7A7FvIUio5iyhkVoG35BI3BlalG6BlckVE8We8g0evkHXChvbMW0SpwzfJi
+/OvhOz4fIer6Bs9av/GJmGmMsiOnQBuWI/T5EYVnF1irzxEhK1asscO07JN7C/SO
+2KK7Hrb17sQBePVY+3McZ606GZXXpJ1HRhmE4y8tTlDXBKGbSDaOtghhVWnwLezT
+IKuyz/aaWPtiKO4iz9JGfBM1PD18YqMMWCoFIfB9SNJ15v3/HPiNsAG8L81+9DM3
+1nAsDbcB8OBNZ49h6wMFTvbw0EiITrj0vqbimzJX3Z+br+mOzCoo0ex2gS9eZ5/H
+UDpZjscbvDnE9g7mTDBYiYE3vgYzftqAsQRJ/4LJUGvcXMYMG6GmGYNslxZA+qoy
+5D2tqPLStocSh4B8mpIPxfSpxqPwETfBIHv99bPr1jaIbh+vD/FcG2JIuKweDEw2
+f2vthQ8yQmxt1SB2qOOkzLelKMLO7C1TOWN1Bqh9c3nfA6mIAo5x2TgTZTk0RjqX
+fpqNRLZ0NlNAjvuAyMB03yc4WiMIip3CcAXbh8dREj3AL4PQxY1m0l2X1oir8H9y
+/7xIrIXJb3xuoCkSqUuYsQmpypPoq4WJApPIhHecukoG3Nfk5cGODWb1no9mQ2sB
+l0UaFwccVM4dz2BxzpeqHbAleZ3epf47X5DVLV5xVCs
+-> piv-p256 zqq/iw A9RqRhcmvsSAe3wfGDCsfbhMAE78e9gWjjbay3AgeLg+
+dK7dIpJUDDNHcO2v/vmiO4UcQXu/PdqpdrxMw2DlNRc
+-> piv-p256 vRzPNw AgPzY2n7puPfU9FfzdRo0TmGYDsIKVltMGNVuR4kPOBI
+zj2hjF1XttfLE7I3dV3kQ592N3G2alrAAlDAX3lwq80
+-> @HqDT43-grease ("? dCOS\1 ?0)3&I2z
+QHtZzA1CoA
+--- QSybC1O37sTJG07UWHwMs2lmkcyGypCYIBulZPKSbuc
+–?Ò¬‘AÄ”X¯NKp£|ð|I×+±¦Š:NQ@”’ëÖÚP(²ù¶[èo
+!ÀªœY¦Å,Ÿ¬Ë™“;ˆíl	¯±S/¯þl†žD
\ No newline at end of file