diff --git a/configs/common.nix b/configs/common.nix
index 44e5f8e..18b6b95 100644
--- a/configs/common.nix
+++ b/configs/common.nix
@@ -127,6 +127,11 @@ in {
   };
 
   services = {
+    openssh = {
+      enable = true;
+      openFirewall = lib.mkDefault false;
+    };
+
     vscode-server.enable = true;
 
     resolved = {
diff --git a/configs/server.nix b/configs/server.nix
index 698031c..f818031 100644
--- a/configs/server.nix
+++ b/configs/server.nix
@@ -6,7 +6,7 @@
     sshUser = "root";
     buildOn = "remote";
     substituteOnTarget = true;
-    hermetic = true;
+    hermetic = false; # hermetic fucks up for cross-system deployments
   };
 
   services = {
diff --git a/secrets/etna/apiRsEnv.age b/secrets/etna/apiRsEnv.age
index 2099b08..6f3a638 100644
--- a/secrets/etna/apiRsEnv.age
+++ b/secrets/etna/apiRsEnv.age
@@ -1,16 +1,16 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4b2x2RXh6ZFIyZHJkaXU0
-ejdZaE5saG1JVm5vTEJEYmh3aUxyL0duRFUwCm5QN3crSGM2ZXlkaWtYWmk4OW9h
-Sm1NVFZ0bUJ3aWVrV2JVV1VFV1F0alUKLT4gWDI1NTE5IHJtYTdzY0c3bndJVHJT
-QlFkWmN0Y1VpSGx4MkxjSjdaQllEWFNDcUZReE0KclQ0SjZGY0I3cTZYMEhheWIv
-SHVrT3lxR2QrcVpGemE4MHlaQ3RHRHlwVQotPiBYMjU1MTkgdlM3RlZrd0NST0ZK
-cHVJUmxlbGVmS0RlZ2pqc3ZUVmhyMHlVTzU4R2hISQpHZER1MFBlUFFnRTc5L2dD
-ZTZxbnNNTjdlMW5uNWJvSVRpcnVaZkYraE9BCi0tLSBhbHQ3c3JGSENqYWxXLy9V
-UWZ0Z1hOTzcvcWdYdkdCWnE1WUU3cE1zaTVVCiSh8yVJ9wclHtD6uiayDr98hL1K
-WzTl1e5NmK4XMUkD9lJc2amN3Yta3FXPCcZnFzOv77g4/OsrFAL/91fHZFnTLj2e
-2CVa0gQ9lOmHW9Z6QPjfrrEawq1GH1stRsoaQI1iKVSJXBOzM87FsHsYiluory43
-zfPDQtIxFR1nTtKbfYefhbyckYQYUaoa1rS1iOxN40pZFzPydIwm9+eKsEF1Lsb9
-7CbMGiQw7Q71OUp2CFnxeYPs2yr3NU15Aqwpey49qjcepn/4YF0a42gFT/vQJCVv
-19O3FGPS1wNv9/6qQD9IBWsCLvXyaqOX57uYqtN2sxpxkEE5RnehVM5FlGKy2b2U
-c9shjDwpOnlHrJvlSf82lyc=
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6TVVCMVoyVFBlaUk0bTRs
+RC9uUW5zWnlrRFRhaWlVRDc4aXdDYkJDaVZZCndNaGthZUJ5YVBuMGlOWmJoU2RN
+WkpUaDBSV0QzVXZ3UURVZVVYb2FvWmcKLT4gWDI1NTE5IC9uUW5BMUJHY2lxb01Z
+VHJOR0dWbjczaHFuME5JOHQvMExHTytsWWRkajQKdUNnM0pkamVXd3Z2b2hwSHNU
+UWdHbExjVWR5eWwzL1JST242SjluSkxiQQotPiBYMjU1MTkgeUIyL0VHMTQrZDc5
+S1hEdHBpc3RRV2RuYVJmVFRFcHEzOTd4Ukg0TDJWawpVbEU0Z0FsMFhLUjRZWWkx
+aUtpZjlhcktpVWZpRkc3UTRmNC9jNTJjM1JNCi0tLSBLVHdOMFBvaDVYaHJudlFw
+d2hMR1lPVEprdDNReGE4VkFiT2swUEtWUzA4CkfptSqFfv5azebWn0g1FD4+eRQK
+wO3QPWjK3mIpIj4OPFDg3c3sYqOTtfO8NvuERueY5ZowomE3dcGG6WvtBs66f2Yb
+IUTDfHlumu9EYxoMYmPS9Pqk9jgnsRw/T30+CxG3UlCE2FlzQkuIMp9bLGSbTD8w
+bbHZiCythZmKmveuJMcP/U5rHytdC/qV0YNGvsAh0DUyFfDbXt3MgjU7tuiqJXdr
+XG2qrBZlP3PbG0cIb5pcfBc/nYdWPHJFnQRzGb7+tIWSa3q0NgH69NCjnDr5rcYV
+f/cKDNoiAaixrSxyJJ542t45s2AAHW6VmD9s4bW5y34qzyqjWC54/RV2b8nSfdbI
+a7DXb+RPBAG4nqve+Q28uy0=
 -----END AGE ENCRYPTED FILE-----
diff --git a/secrets/etna/dendriteKey.age b/secrets/etna/dendriteKey.age
index bc6b4fa..94e8554 100644
--- a/secrets/etna/dendriteKey.age
+++ b/secrets/etna/dendriteKey.age
@@ -1,14 +1,14 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXUXIwUHJvMGlqMThoNDJQ
-bW9jb1paekhHN25MSDIrdWxDa29EbGExaWtvCkJGQmt2d0VTYXd5eTZDS25KVlhQ
-dm1CeW1acDVkMHZORGJpaDNEUER3N0EKLT4gWDI1NTE5IHpRaFB5cWZjSTlocGda
-SitEbC9TQ1JxUi8vQ3dCbkxWbmkvOVdkQlM4UlUKYnlOMVM3YmRrT1Vld3VDMzlt
-Z1VLeEZvZzFEME85OVJjcVBRZU1taTc5TQotPiBYMjU1MTkgSi9velVpRUJrcXA3
-L05EVDNGdEZqR0JOUVpjV1hQZ3VIa2hRT1RVZWtTdwpQMWVNYzJKZyttOFlyRDNQ
-RnhxQ3dsVno2UldGQjJCZGp0ZThVVExmanEwCi0tLSBTK1hqUTNMV1MvVFNpbmsy
-Zm9PWjM4N2VCbkRkN0JxVFBiZHB4TnR1a1c0Cn+cp0DpgCFW2dIiZ6DQllFG4eTh
-GrFXVyxw65wz/rjZlNE2xp4R5h7et7m1uUQf50UzFXw47NwiNqhw3/baegxdDUDk
-fHx93pRl7UvZuBm/FLNxUN25+oEpx29adZud+ij/TfUhx864k3LXrWec0o2DQzfv
-TmpzvpGX4Fq+oBSw2RHnUByDPYW9idnYdvoEetjOegoAcUhfqAUriZyddtRgn8Ka
-n3u/Ss03
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzY0E0NEdFRVN4dnVmQ3Rs
+MitOZTlhUTZUVVk1T0dJNmtSTUROTThHYlF3CnVUWVFLN2JCbERlSDhaT3FyUm1o
+OStLeW5xSm1XamNpMXVoSzRlTThkQ0UKLT4gWDI1NTE5IE9Ec2dvSVVTRjJGajVz
+a3B2MkZrdGNGaXpYakRMa21razY1QWRIVzhBeFEKeCtTUHMyOXlmd01ndE1nVmxP
+MkJxSndHNkNXREhSUWxGdUdKVDFISEI1WQotPiBYMjU1MTkgS3RONmx4RStwZlRV
+blBVNzBQcnFGVFQ5NEhLTHRjdWZRcW5rdHpwV1hpVQpuNFBVNUhPK2NPTVNITlBq
+MDNFZk00RGxhNjc2S0Q0ZmMxS2w3YnZBK0JjCi0tLSBwQ1gzbmRQWTVvMUZMTlJJ
+d1R6aHZWOTlpZGw3c3l3WHU0Y1BPQkY2aUtRCgQufSRK1p122vsFnItuZIEJHDEt
+fPMlnVpv7uk9TQ3FeuJV/mRKOkBcbZaBYHXq5tn8ieVFmQFiKcifRs6bkdrxq1wF
+7+kOvFb4pPgEQy9pyUkmqV8MrPMgO3bRmHVDnozMKN5uxLvuyu/kOGXAVBM2/QeH
+Mw3TdsuPNwpCZThUFD+lrGXEPF/JRyYbDgGlFQVoYKn79P+QmvZ1TcGn2yGsou24
+iRfqWt++
 -----END AGE ENCRYPTED FILE-----
diff --git a/secrets/etna/frpToken.age b/secrets/etna/frpToken.age
index d177951..c3e45d1 100644
--- a/secrets/etna/frpToken.age
+++ b/secrets/etna/frpToken.age
@@ -1,14 +1,16 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1NXQ2WjRZVi80RDV4Sk9Y
-K3lBV01SZjA1dG1kMmZyT1VhbGZHYUE2cGw0CjkxQmUzV1hPWmJiTThFNVJ5b1ho
-anE4VnE4Q2NWTURQaVhkRXgxcUZOK3cKLT4gWDI1NTE5IEI1SFlEVndDejEycWlN
-RklLUHRzTHlVR1BuRVEvelZkc1BwV0V3YWJrRGsKMUVoYkR2Y05uWEZiQVJlSk83
-VE9FV3VkWjJwb0s4Q09MUFVMQnFWSGV5NAotPiBYMjU1MTkgbE5TMnVKL1dSNkQr
-TmV3S3pqdTdUTkx3RDY4S1BQS1NOKzZFTmwzVmhDdwp3VVNyRWhJcisrYzJpZWJY
-VEUwcFZtbFdHNHhjWjVrR1BoSmJ2RWYyOUJ3Ci0tLSBzSWU5V3RtanpIRnZGMm85
-VDBYVFN4amZ1TjZkQ0pPOUtJOTNhTTlhV25nChNeUHLoQWLy2V2iovF7AAi+0idD
-Uy9YLOA7w+mxdvNA+qqBvlmuMExu68Ij8Fi1CEofathH9mnxpHxITczWCfdQHnke
-bCcwnAWAKbXq1/aetBlTd4AQ8TRWTFScC+/TSuItSJdOsR/6lQAa6gzhqu/YutWy
-0pVd4XPAaMjlWpXSznkSN6feEl3m0sNwAU4MwrAY22qeTneFq0nGrUaDI7yuP/pC
-7IXea6PmIQ==
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuT3FwQnkxUjJNWGFmREkx
+bXQzdmp2VVhaOFI5Wk5VdGdid01BWHNkbkFzClVYNEY4dTFJZFFMVFpVMGozNHdt
+dFdTVmJoS1hXVlZtZmFTbHQ4SHI1U1EKLT4gWDI1NTE5IDVSQ2RxWEhNcmVnTUJ4
+RmFoS1g0L1B6U012ajByd0N1RHJzQ0Y5UjNOMUUKWHdUY1YxY0J2N3poN0JNckVM
+b3BvSWhLVWxtcVQ3S2hObm5adWVMdis4awotPiBYMjU1MTkgVWxnS1FmVzBKRTRP
+L1JsUFRRZ1Y1YW01dWlWMXF1Ni9OM01Tc2NGOVVYSQpQN3JxdlhvckViYWtRcUtq
+U1lDNlg4U2VsWWRKOFA0cHZZVG1RQ2cyQ0VFCi0+IFgyNTUxOSA0dGF3ZjhidkJ6
+UjIxNE90ZDFUN1lNTURFOU50REdZV0dlU1pjTmd5T3hrClRZbzl0Si82Qk1XbHJi
+VEFFWUZrQzFqbm9LZ1lWOE1LQVl4WUo1NENXUU0KLS0tIHRNK2tCRjZWUW1aVjE5
+MVdzMzZtQnM5Nm1vd05DSk9YeWJhbzlnK0puUTQKjXPL21j5d7+WBM2myKPlQRJI
+QCTvkQMQuh1nGJMkK1nMVGWrmBtjVIaC5sN9dnbQHdPmo928iUz359t1fayAlZY0
+4351oXMRmbYi4eiC2ODw1WbIVbbGd5MqwAPEkiqHt8HNbZWuVerkSSe8xs2KUjVw
+6sU338d2KmCYFMupWpnBZCa6Ng3VrtukDTJ7h8XGg94ShpeGSnHVlNrpH8bs2mRd
+Vm+YK7bkpWEA
 -----END AGE ENCRYPTED FILE-----
diff --git a/secrets/etna/minecraftEnv.age b/secrets/etna/minecraftEnv.age
index 138613e..2ec1363 100644
--- a/secrets/etna/minecraftEnv.age
+++ b/secrets/etna/minecraftEnv.age
@@ -1,12 +1,12 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmYWFJajE0Kzc3WmxBQXYr
-WVVEUHB2bG1EUnNNdnJ4NjFhVlVJT2hnaERvCjUwQzkzcHlLODd5QmV4aFZwUjFP
-TlhEMlZpZ2k0cGlrUHgzMFdOZkdWcFkKLT4gWDI1NTE5IHVoTERCUUtFc3k3dVhP
-UlNhaS9yN3IwbTErd0I0eDBWZmdYblJhRFdtQkkKVXY5blhoMW9vbllyUlo5TDU3
-RG5KVGtIQjJEOTVpZHdxNEZDcE0wSVlobwotPiBYMjU1MTkgUzUyd050anRyZ1dv
-L3pFQVJnc3VBZjNuTEFKZ2dsVXp2RlE3QTFWSFRYRQpsdkdXeXh2MTlBZjZ2YUx0
-MmZwODF3ZFBwRmRURm56VEpON2xZYks0Ry9rCi0tLSByblkzRDlUQ3l0Ylc2eUZQ
-M0lCRGUvMGd3dlJpOWJENkwvK0JZQUd1ZEpZCi0oToVyDQRXe8lF2WbYSZETeeeD
-kPQ52QYglhQJF+XQuAXdu0BlO2fHXgdw3Mc177lZMlp0GFD2T03j5PNRVvi7PNDT
-FJEPjpKIBw+y4pGlFNWDF4ENviF5OW/csctLedPA/i4l4vjS
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpMjlFc3ZEeDQwcWJGMUhD
+Wms5Z01iZjI0WnZ6MU5NeW52dklzUEJxejF3CnlXZTBkTlMxaHdzNUovc1B5Rm1Y
+SHgzYXJYV1Q5OFE5TTZjcHVpOWFjek0KLT4gWDI1NTE5IDMvYjBNdFNvUis1V3pq
+TGh3S0NXU0lRbFRGdnJiNkZqQS92eTJ6QWltU0EKUk0zbk5EYUhyaE9Tb1h6UWxR
+NUdDa1R1bWd2bFpGQ1RRbllaREN3ZzBaQQotPiBYMjU1MTkgRnpneFN2ZE5EL0V1
+UGJIQzF2MjVGWmVvcWwxZmpka2E2Y25PQmpKOTBoUQp6QnJURnBCR2ZLT1JoR2d1
+VS9NcUY0NmhuVGlUZkRac2R6QU1EcHYrY0pRCi0tLSBHaGkvUFY3RUkzaHN2MlM0
+QzBqWHRlY2VxQmdkeGpzVzNNT1gzOFk5R21JCtpMxr+w+AdbSCW8KRNqRy0EJDNi
+zizE2CvaSam4wPO9quzggX0frGzAW8wd1UALWLHpS7BdZKpTGPsNIy3g0XYcPWn2
+9iEMhpu99jpLLq4JFttKE5Oop7y3kq8XQzDbxvi99cSJ7dCh
 -----END AGE ENCRYPTED FILE-----
diff --git a/secrets/etna/nextcloudAdminPass.age b/secrets/etna/nextcloudAdminPass.age
index 3662e09..74ea8d5 100644
--- a/secrets/etna/nextcloudAdminPass.age
+++ b/secrets/etna/nextcloudAdminPass.age
@@ -1,11 +1,11 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMWXMyaloxNzU3V0RCR2hK
-dlN5ZllOZkd0SXRJZTJQc3Y2Znpma1hTcXl3CkJyTTFaQjBLaGJ5TmFWMUtuYkt5
-Q0tGTGtRb0QzbUtYbi9kK3ZETzVPODQKLT4gWDI1NTE5IFpyaEhSOHNjNElJSFJv
-MDNtWFFSemFaalQ4ME9RblJDVC9pbGIySXhCejAKV1BKdUFZVUVUcFAwbVZmcXQ2
-QnE3UzZoMGRveVpaeW8wL3hXRXhOTlhvbwotPiBYMjU1MTkgTUVoVnd4dWJKZFBG
-QmlGRk1COHNadEpRQ2M0MUhDMmxnelc3dlJFaTUzNApaQ29LUDR3cTFjSFE5dVRR
-SHQ5aDIydTZBWVVURVBCU2V0L1pNZi8yeVVVCi0tLSAwZTFmZTlJNzQ4Y2VQNjU1
-SUZGekxRajhlemdxSVc1MnhtZzlQc0JWVW5vChmcwf51/W4EnWjNXSuru1/TFgi+
-VpimT7zaDrh8exRftVRIk30gbza8/GGJRB8Y4uOPwXTbovyE+I9q7c2ZioM8
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTN1d6enZ4REtmbkNCK1Fi
+ZThQT2xOaUNmczU1T002SEVWS0lYM3ZKN3hrCkVoUFN3R05ZMHdQYi9JaVNMcmNC
+bHhpMkFTdHd3RExmR08rbW5FVmI3QnMKLT4gWDI1NTE5IFU3UWVkRGxwYVJoSEgx
+dC94anA4M1VMYmpUdkJsMkRYYnM4QmJUbEJxbWMKY3ZReFI0Yk15dHQvVUtqcEth
+c05nczlrWWE2S01PTStoQUYvKzdLUElRdwotPiBYMjU1MTkgODZTa3MwM2VUdUd5
+OWU2ME8wKytJRUZrdDBkN1ppemNYNHd3VUJyY3FrOApKSVM1UzhQd25TTjVKc21z
+V3ZjTndxTVJTcEFvQllNZ1hRNmJJK3pIUnBRCi0tLSBCMHhWY1FLb1daSEVIdWxR
+eERzVlZzK1o2eDlBd2h1S1ZOc2phMTJQOVJFCrc58iOfNCopZFfbePpT/ZW+NGVZ
+DyVCPQJL9JTC+O0qbF4Pwb/+O+IOhw2FDDYzI4wJw4jKqKlVl79oUM/tGcoU
 -----END AGE ENCRYPTED FILE-----
diff --git a/secrets/etna/rootPassword.age b/secrets/etna/rootPassword.age
index b308fe8..6905186 100644
--- a/secrets/etna/rootPassword.age
+++ b/secrets/etna/rootPassword.age
@@ -1,12 +1,12 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6THgvU2NXcW1GWWZKYjkr
-WUxpWWlDaUhSZTM4VEViTDNaaDFiVTVscTFNClYxcWQ5VlRyL1VDZlRsaHc2ZFll
-c0IwTlpxRk9lZXl5OFhMOEE0Qy9DVU0KLT4gWDI1NTE5IHFEWnBSWFRvRng5QUw3
-b0pWVVJ4NHRKNThVWXdob29XdGFFMUVyaXRYbFkKU1krdkNsaHNxWUFTTjR0T3RF
-NzQweWt4RDJLM2dWcTlJTm1oM2Nzejh5YwotPiBYMjU1MTkgSHAxbVFLMUdEZVVX
-c2Q1Ry93MnFxZkRJYkNsbEY3MmE5Qm9RV3JHSFBWdwp6T1NrUVAvMDIyU1BKUmdU
-MVJFVlhVTTNaK1RmUGdOYngwK3lNb0hWSUZJCi0tLSBaQUlPbkZuT2ZadEJNVnhi
-ajIzS1U5dWJZNXMremREcHRremkwdW52OVFVCmPZjl57/HBFD/fk9MTK4BMZdpN8
-koiVkfBDqLNSt7Htbfp1HtxxNxwTEBamW3uK+4H3jSWhMs5vKj48tl5uetjk2ncf
-qzqPvgyaCq95o/fGpyZIfu6/EdnWpQtfSa3V2IkpC0FSTijv0FQ=
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLZTkvWnVOd3UvVlpqQml6
+UzlZWE1wcStHRjJpUVBPQ2pyZ0RJRldqcVQwCm0vL28reC9TUnFKTElVMnJUWTk4
+Umg1Y1kyZTY3WTRkcDdmWWpzdnFGYVEKLT4gWDI1NTE5IENZWXlmNjZ2elpkTEY0
+akJwUzlCalR3SFQ0WmM2L3cwUFk2eGczcTZwQ0kKN240b2RidllGRXltaU5LWHlr
+cG9WQVZBczNPR2RDSzBmQzVtTER0ZnZYZwotPiBYMjU1MTkgNlAyTE4wUXBYZkxN
+WUsrSWRJSHZqQ1pIYmNVNU84ZWpuM0FtYWFvLzlWVQpXTGR0RUR1d1ljT09MUmd4
+dklTaFFUaTA0RTJWcEtzS2hSM0FpM0VUQVhnCi0tLSA1VjR0UzhrNlNaV0lxRGNR
+RXFiQnhCMCtNZzBtWVdXKzB3dlg1ZHRQcHZ3CjbI1a9Klj6FBNPekNeb+gZx11Dm
+TFLXb1E9mStaxnc9GuWkl+MbeVYZKe8g52gUcUrF9w5TbwjefvvAsLGYDCxZP8Xg
+MveI3JLEUV6XqWmCm6kyAyuY7wzpkmNZ1b9X3R2beG9WhiBU4yU=
 -----END AGE ENCRYPTED FILE-----
diff --git a/secrets/etna/tunnelCreds.age b/secrets/etna/tunnelCreds.age
index 1b854e0..e0fd4b3 100644
--- a/secrets/etna/tunnelCreds.age
+++ b/secrets/etna/tunnelCreds.age
@@ -1,14 +1,14 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVZWt2TVVTQk1zZVRZaW9S
-dTI3RHZqdTZiWE5TaUtuTmdwdGU0MDBHbEdFCnN3VXhrM05Oa3lhZTZZZ0tzZjVN
-Y3NDRDN6T2VuKzFUS08rKzhEcjhxcGMKLT4gWDI1NTE5IHU3dzlQelNQT1JINnJo
-QUFPUVl4UG5lNnNBZnEvejAzSGIyTHJQdzh2U28KN3M3RTZud2p0Yit3VWwyUUth
-eDFPaElQemlaL3dQQnJFUzZJU3A4a24zcwotPiBYMjU1MTkgd3pCMnJNQWpyTGRZ
-VDFTTkl3QVlsTUQ2eFpHaVVXSXdPMTBTQXludW5CYwptZFBTMFpaNHhqMFUyZFAv
-ZTFwd3RmUUFXT3MxYUdNdkRHRlRxNWRON05FCi0tLSBTR1ZRME9rREtYWWNXUDVT
-WXV3RkhNV25VUE5xcmFHc3BPRzBjUlVjVzRnChfpiOqANNHsSeDwXTAB2j/m3eQ9
-m28KHq8agBi90IU1fORG6MVPNgKIVHk5CY4thErTOrVpWQhIA0HrruyiS3sLkPv2
-aDPv4c/cYx3jWfzYyb1dovIVkB/4PVPxg8+YX7R7ZNesdLrEEAo+QbTfQ9cr6tYt
-8kQfmO4BUI+c8yILTtv/GtufLr+dYaP6pnzgjLM5koU6fUn2TwXqqVIV2Phb385Y
-WUBEmI717nhsBr5cYPmRYMfxiF3I01ZQ2bUC9iB3
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoNFhBSWhQZmdROGlzMklr
+WlQyK3V3WW8xOUNrbHJSQ3kwTys4Z1YyZkMwClhWbVl6dXF2dSt6bnpBVUpNeG5S
+bThwTnVpdS83NXBDRjBNL1pXdTJtZjQKLT4gWDI1NTE5IDBKNWJvUS9OUFViUWpt
+TE5iZWdOc2ROMzFSUm9lZGNucWVKQUdmNHB4bjgKWXg5aURybXhDQk04S0w5RnBw
+OUtzbkRVWmJkL2oxeUxyZFdlN3hPUmZFQQotPiBYMjU1MTkgREFiVWo1Y1dMMGtS
+ZFQ0eTFRc0JiUE00SUQ0SU9iTHVIWVEzUytESVNBVQpNR3dKZWxYajcwRnFHY3Mr
+R3BlWkRod25kWGJmbzhFSmVUZmdxTFhML2pjCi0tLSArKytmemplOWxCNTBUS0pp
+WS9jQ3Vkd2VlNDFLR1VVZmk0d0htcEZvMVA0ChXx6lxeuO2tHy/jpC86kOZnpudT
+x+BjGAZ50ymoVPZTEhYv0Z+6k5I54sYmwxQTkvDp9R1i7CiDC4PqpV6Cjfiw4txw
+pYjXFKjxika03Z5jpwd+RcIP4SNefrktHF+T0eJEQp2eAyyD5LXR2uWHUUjOHAgW
+89yHVv3bh3RFerJZ8QDGsXGPhlqYOxTawfYqo1MITxlOpkPlcZenn9heyKUPUyyU
+euOGKJDRLIBDVpoSPEwKtrjR7fkUZP4hZRGWkjly
 -----END AGE ENCRYPTED FILE-----
diff --git a/secrets/etna/turnstileSecret.age b/secrets/etna/turnstileSecret.age
index a16d10c..f153720 100644
--- a/secrets/etna/turnstileSecret.age
+++ b/secrets/etna/turnstileSecret.age
@@ -1,11 +1,11 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpSjVjZWp5M0lMRXNNYlBk
-SFFTVFVjakMzaUtkdW1JcmZLSTBlY1NJaVc4Cmx2aXFQdnk4SGJRTjZmZGNNQUJT
-ZkZnZ05QVStLaW9YekdvYzdnZC9SQ1kKLT4gWDI1NTE5IENvcGJiOC9QWHAxNjJJ
-S0VweVNaK294OHVJZFVPV2FCZlRBR1BjQm5VVmMKQXlPUi8zNjFJTVBFdjdOUi9z
-RytwbDFtVTRCbFhWREZuMithSXJSUXNXawotPiBYMjU1MTkgL3dJVFJ3MGkzbTVq
-N3BoZ0lvRnlKS0k2RHYrc3hZa082VW1Pcm9ESkxqawpJaUVtaGJxMmVNUnI1NDNI
-TFdJQ2d4aWc4TXh2dHd6TDEvL01LdG1aYUhvCi0tLSBnNnFuUS9zZEk1MFNYYkxt
-a29rQkg2ZGpmZnl2RnI0TE0rdS8zc2twSmljCpN1q6y8jYDL3thaSoNWFzaVkX1u
-qoaCneZN4acO3oyrESyANR8zWNV/VqTr/hMOUBiyzn+Ys7l5v/y4gfTDZA6/hsQf
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOeVh3NjhsL1Y2T1pJMGU2
+bDJJVEQyY0FML0RxTDdVb21mV0RXeXJubEhvCnlhRjZlemFOa2lSMmJ6RzNYZzhz
+cVVMMUhjem9hYW1YV3N0emdlaVFPNEEKLT4gWDI1NTE5IFFqNS91ckl1KzRxT2lL
+WDNCZnlDMXF0eUdsbllxdUpVSTVBVi81MXpBMjQKdjM5SVhVZ2pVRmUweGxycTM1
+ZjBCYzk4OExicTRadWRVeDhxSGJ5N29rWQotPiBYMjU1MTkgWCswSzRKSFlNcDBB
+K0RYbTY5SmxiNGJPQm9HTGs5Z0pVb3BxWXVOKzVBNAprRnk1Q3RBY0NlN0x1MXE5
+VWZxeENGMzJGMCt5M1A5WEtJTm5MUG5qb2g0Ci0tLSBGdTlCcXdNUHd4MXg5by81
+MTU1TVBhSGc3YStOcm5Ub3oxVmFmNmFLVUpvCiedfGcKRDWB2mBpFsl94gvViC8r
+oHboB3opy6VDelQY+Y8JSDq2NSmHracFC9tgJ5R0CXDlwHDjd3eSeIfJXp03vFeT
 -----END AGE ENCRYPTED FILE-----
diff --git a/secrets/etna/ukubotRsEnv.age b/secrets/etna/ukubotRsEnv.age
index 29648b8..90bfbec 100644
--- a/secrets/etna/ukubotRsEnv.age
+++ b/secrets/etna/ukubotRsEnv.age
@@ -1,13 +1,13 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsd1M5ejJVNmFTSGcwR1pT
-SWUvMVNRSnNGSGR6WFpjZDNHZVpheHdNYnlBCjVtbFNPL2FGVDJEdGVtaFlLMUFK
-Smw0eXhvbStSeFJrTnNOdUgxbGp5Rk0KLT4gWDI1NTE5IGlYcGttMmUyYi9rYVZ6
-di9PK0xSTUpXOVRTckdlOFMwaWY1V3R4Vko4QzQKTGE5cnZtd2MzbnMvb3RyUGtp
-Yk1DMkllS2R4bjBHbE9vYmJuL3k4Z2x1awotPiBYMjU1MTkgeUdCTkFLaWVNRWZV
-TUFzdTk3L1dFZEs1V3JqNU9wdXlmdnRjaEJ1TlBqQQpHajJVNVFZd2lHZHdRSkZ3
-b0NXRGhrTU5UejJLMmVja3d5ODgvQVE1NUZJCi0tLSBKY3RqM052b3haVzNXc1I4
-SUZTaTZzSEhZZmgrZGkvbXBRdGFFZGRZL3NrCpKih9v0HxE509uL0VIPCOD5XLgm
-UNzpfuxGDhzCMVagTlp0v/ra7yeZcYtpQVIkLxeGI0sgQyH/oytDCcNzOOmymaF8
-gOGuht94I+pPDQ1NtsKWSUMNWuf5JzY3VQ84O17XNMpcmr0sS7wLuPr/G7i86f+z
-Kcs=
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNMjJUNkhWblRnYjhZcVBo
+N2RLWC9kT3pWMk1XZjcyWWdXMElKd2IrQ0M0Cld0M0srVGdEL2E2dVQ5aHlFaWxP
+TEhOeU1BS3dlRHB5TUFqQSsyWDVqdDgKLT4gWDI1NTE5IEFVWHlCeTM5bWdiZmdw
+VjZJR2FJdnllbllOeGZKbE5mbnpwakI2bzZCWGMKaEJtaE0rOXNBZldNMXpERlI1
+VVBaa1dUSm9yUXlRTHJTbk5VUUlOemFSVQotPiBYMjU1MTkgUk1UcDNpcmp2bXhU
+M3IyOC9JU2NEb0t5OWhWL3ZOVy94SFhKQSt5MEgwNApvK2krQjF5YVVEN0d4blJl
+YitxZ1VDdGpCN1VXb2wyWXNBaGRDa2xTVng4Ci0tLSBPZE95RnBMMFE0dmVMQ3Vk
+KzNEbnBTK0dJbjk1NHJmLy9meEdqeThCUU9FCl6/l7i2Nzs7vA7JMmIDHnN+wq19
+U0nu1ItHy/U4K5YtHk+kGxKi90QvxwWQdFRJO91g6wFoeFRlDPUoRdncfZAEKUqn
+szyGlzn9nZzSWq1aDMaoN0G93peNonBfww+xEayMf7ifhu0J98Xsa/vIsuDUJWuW
+OcU=
 -----END AGE ENCRYPTED FILE-----
diff --git a/secrets/fuji-wsl/rootPassword.age b/secrets/fuji-wsl/rootPassword.age
index 337c8af..19e812f 100644
--- a/secrets/fuji-wsl/rootPassword.age
+++ b/secrets/fuji-wsl/rootPassword.age
@@ -1,10 +1,10 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBObHk5b0diQ1BjZ2hQZXFY
-Z2h5aDZJOHkrSTV0NWlKbm1FMk55MjdnMzN3CkNGODdIK25PckV1U09weTRpbEFv
-anJqTGxGcms5RHVCZDhWOUlBNTcyZE0KLT4gWDI1NTE5IEZrME5wdGNneVIzdmdQ
-Tks4NDgwNVdCaXBYV21WdE9nc2JyNExneGREbFUKNEZWVXZiSHdwOGdrSVRmaEk0
-NFBxZDNWUlp0bzA1cXpVSDNQUUVDeXo4NAotLS0gRithOTVZelFUeVJDSjlmYmtL
-TkZKeTlwUlkyVVN2aVRrM01iUjBjRldkVQr/j+fpGsp+TpUPx+KHXuroJz+R0kNG
-F1tHo7SHc9mp5tZqt+NVROG7dqg+gRgXleeJ2vLkAP7rFVzXNY2UsvHA8WMxq90a
-G4uqp5DONVVA5EM43uxHroiUH4qYn0kLMhQI1Xy08h022E25
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnNHFwZ0RvMzB4cW1wcGdj
+RzMzWDUwbEZub3dkWlVyWVhpbmYvMVdGcEZzClFyamtCcXlRL3IvREoyK29SeGEz
+MG5uU04wL1BMZHNlVUFEQ05FOEhFNXMKLT4gWDI1NTE5IDJoUUdOUmZWZzNOd0J1
+UFdCTHpoOTd6MjJSQXJqNnlVd1hUS0M3ZTNBSDAKeis4OE1KMnJ1cmJ0WmtmRVRV
+QWJuQzBWSlN0K2ZmWDUvUy8xQXBxd1AydwotLS0gQko2NEIxM1Nma3lnYU44c1cx
+Sm9UREpTczErVVBwdnhVNXF5Uy9zNFNGSQokA3wj5XafH1zOAITBdrnJhSULGex9
+fYPeBAHub5siSw2bGy0MaiUU4gOaEnweExrhaYrQ9U1/GnyfZOszxdreFwKt+K+I
+F2CGhcAopuBpnIKBSPCEm9TyAU4+xKCQ44Bpl7yEP3Ng3YPe
 -----END AGE ENCRYPTED FILE-----
diff --git a/secrets/fuji/rootPassword.age b/secrets/fuji/rootPassword.age
index ae5d989..9f26190 100644
--- a/secrets/fuji/rootPassword.age
+++ b/secrets/fuji/rootPassword.age
@@ -1,11 +1,11 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3TWpqaU1VdExiNnBqM1Va
-TFdrOFNUMG42OXdlNDVCQk1jSXBvdVVXK3d3CnhxVDczMG5UUTY1aEJ1NXlmTElG
-L1FlM1hlTWxKRldkNUpCalBFRFJqSGMKLT4gWDI1NTE5IHlXNHJwelVCR0FodnJr
-SHpKUm9lZm1XNnlYR2FyVGh1cERFQ3o1bmdEQ0kKbUN0RXgxUmM2SDFpeFViazFY
-dUk3M01ta2E3YWtCV2ZKWFdjZEw1YzZEVQotLS0gRE9SdXowMEJ6MGJkZUZ3c2wv
-eERmVVpPR0Q0clcvVHlrSjNjVjFxZWxVZwpdEe+lKo+vo/951iPdqMjcseWI+22Z
-gYUvvlmNt3T99tUh16ARsGLzi7BoPS4r7xhyvMj08Nl8cyYKMqAv6dxEaCs60aAe
-dTVMvltZlNY2TmcK9KPh2EIQI+d+roXVb23dfOs2MWR3l/Rpha40hc6rUxVyN3j0
-fwyQuuLMix6l3b5QGIkwSQIBtAr1
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxWnNxekpsclkvdG1TeHht
+amg2QW5SWEZlN1B4blZDdElRVGQ5KzRrK2lVCjNyekJ2NXZFV0ZhY0Y3ZUFxMUFt
+TFpSZXk1VktnMy84OW13ckxWOWFVWm8KLT4gWDI1NTE5IFZIdmpSbEh1S0pQSHIv
+TGpEVkppSWdVTzlFcmd6V20yTE04eDk0ZE1SM1kKVms4NWw5dUpBV21RNmpXbEU4
+Ty91UzdyZzNhRFpGYU1WNmhnSGw5SmU4bwotLS0gbTNuc0hDK0JrcWt1UnhLNUtV
+UnNIMkNhOWQ4TVMzWDJGeTI5d1JlMnFDdwqEMStdHffmD/I9paiwGWPreNLp+ap9
+dTgCv8iGXg+n/9Y7S/THcBgMEpwmqU1JofSgS5yqiuTIGlcygyt9QgDOLOve2XwN
+kc25yTwOKaNQ9BhfE1m7Za2aUL36/cgvKH1FcdTcCRchpPWDw/LE4yQe0u6vHLcj
+SdzVDfZlyAviR6X2iCT20Gco5/WF
 -----END AGE ENCRYPTED FILE-----
diff --git a/secrets/kilimandjaro/rootPassword.age b/secrets/kilimandjaro/rootPassword.age
index 20dfc5b..4a0255c 100644
--- a/secrets/kilimandjaro/rootPassword.age
+++ b/secrets/kilimandjaro/rootPassword.age
@@ -1,11 +1,11 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1RXBmZGNHVytRcTVwbGI4
-ckhjUW5qcnNleVdmeXdWbzJkbUxiQTlVelQ4Cnh6bHNzcG5XamlsL3hSTU9jRksv
-YUZFSG9seVVTY0lWNXhEQ1ZWL1lLOVEKLT4gWDI1NTE5IEdYUzEvSUh3MjNXekY4
-RkpXc245N1RkWlovTkN0QjNSUjdsR242eEhmd3cKZ0xVWmFKa3RjaXFKOWpRamxP
-MnhpeHhEK3BQTFliY0hTQW5MVnhWVjJ5YwotLS0gZlRYTmFaUll0YkF2QndXNy8z
-b3RUWFpxc3VtcDMvK0NyZGJJYTBFZU5ZdwpxTbL3m7WFKDE9Q2x25ubZMEwVZV1U
-ikReGYLeU/EsvsT4/1d6z2jvNgphtyNsEXpO+9F8WKk7tKw9d2Ogk9EoedFV285N
-wDs6JjEmi9dIIwkzF3fJBqZtD/edXUSWX9TDDcYtyg7HyoPbZJSWdhcl8cOH8v3W
-2AJqnwKQKmAVrMwN8+X3HjdfAmdt
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0TnNNTjBHSWZUVlEyUlh3
+QU84VHFYczhIMXVaZTJ4RGdDSVJ5Q1ROMUNNClZqMTlEUlhac25ES3ZiMm9SeFlK
+cmxxeTZCRXgrbW1CRVVsZzRMZTMwZ2cKLT4gWDI1NTE5IFVNNHZkZGtRMVFTa0RP
+ZXlzVnlGODFCTDlmam1FMFl3TXBGbHlrczRMZ2cKQ25kbHdERUZKUG1OM3l6VjMx
+MDdwNGVqVVpER1R2QUZaRGsxalF4NzhNdwotLS0gZEkrR3NEZGZPSDd2S2V4dTZU
+eFpFbnRnUFFjck12M3F4UGoyL3JIVVFhbwqrQqfaPSnNtQFwVzhID7LlGhsiERWG
+V/EBFNhQ66yCJUSJIB4mWSbWMyhdy7C6Mh4zUUS9HUg4/SuxXdbP5AX9Uqvor3Xo
+39M5G2TxRNO75HBlfMdoeCHC0XF1Wt6bwmT7eobP/QtMtLdghHX9+bk23Zcq1vN/
+Oo/U5LeQR1c3BD5OAqbvlfpjOrzR
 -----END AGE ENCRYPTED FILE-----
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index b32c654..4787799 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -2,9 +2,10 @@ let
   fuji = "age16ujdfcahmnhe4ygruf28n0urgxycv8zgsp4f8856a5suewhn49cs0mqk7w";
   kilimandjaro = "age1ny0re542mcvf829y28rz6eta9myaqlxasfnn933srw64dlgavpsqc59q79";
   etna = "age1m3jm6c5ywc5zntv5j4xhals0h28mpea88zzddq88zxcshmhteqwqu89qnh";
+  vesuvio = "age1g2z0tztrv2w7wtludjrd85q7px3lvjms0cjj32zej9dqpjwpscwsle6xhf";
 
   main = [fuji kilimandjaro];
-  all = main ++ [etna];
+  all = main ++ [etna vesuvio];
 in {
   "userPassword.age".publicKeys = all;
   "tailscaleKey.age".publicKeys = all;
@@ -13,6 +14,8 @@ in {
   "fuji-wsl/rootPassword.age".publicKeys = main;
   "kilimandjaro/rootPassword.age".publicKeys = main;
 
+  "vesuvio/rootPassword.age".publicKeys = main ++ [vesuvio];
+
   "etna/rootPassword.age".publicKeys = main ++ [etna];
   "etna/tunnelCreds.age".publicKeys = main ++ [etna];
   "etna/apiRsEnv.age".publicKeys = main ++ [etna];
@@ -20,6 +23,6 @@ in {
   "etna/minecraftEnv.age".publicKeys = main ++ [etna];
   "etna/dendriteKey.age".publicKeys = main ++ [etna];
   "etna/nextcloudAdminPass.age".publicKeys = main ++ [etna];
-  "etna/frpToken.age".publicKeys = main ++ [etna];
+  "etna/frpToken.age".publicKeys = main ++ [etna vesuvio];
   "etna/turnstileSecret.age".publicKeys = main ++ [etna];
 }
diff --git a/secrets/tailscaleKey.age b/secrets/tailscaleKey.age
index b16aea9..18b1876 100644
--- a/secrets/tailscaleKey.age
+++ b/secrets/tailscaleKey.age
@@ -1,12 +1,14 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5ekxTaUVNMkh6Zi9FMytB
-UUpUL3F4ZElSMnIwSjVSUHBpS1E5eHNyTm1FCjRhV0JpSmRpZUtTUzdVL1JFaERQ
-OHhJb3B6TWxDZmZFVTNJREYzUStzR2MKLT4gWDI1NTE5IGk0d1J1NVJCNUtkV244
-aUpCVXF2V1Jqb0g5QUhjeWhoTUtxOEZLSEhCbXcKQXJkcndJQ1NoTi9razFQT0Fa
-bVM4aWVWZDcxUlF6ajdYQ1NXVEdnQ1AxbwotPiBYMjU1MTkgSDB2OTVabnplMm5B
-ZGQwa1NYT3FZTWpaRmJkUWxlcHdkS2FoZ05ha2cxdwo0MThpenVYc21lUHRtNWtT
-dVNwbUdXOG9lenR6MllZRExrdHRhWHRmTkMwCi0tLSA0b05yTFM4VTU4MTM4aUIw
-Ylg2dm5OM1cwSjFQZlNvWGNDSmxGU29ieGdFCriR8/qlSjt3LzBadqMxOTwvmMw+
-YG3i+tudpXGSd7iOyl7YTvyrvcPUfMpG5Hx29UNUlJEKTXL3oAsMtZorptjmi7GV
-AB6ZcYlAwSri2EBJueAveOEMwKtd4eI2VBYA
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNcEhGeURoajhhZnp0YXRo
+L01BRHY3UjBKRC9iQUNBUEpudUE4N2EzQmdJCjNBV2wvRXNTajd6WGpGMVZidjBZ
+ZmY4TENVY29ZZU5ERVdZNFl5VEk5VVEKLT4gWDI1NTE5IGZ3WEFVTHRYZUJCcWNs
+MlZLYnpRbld6U0ZtNzFpdTliQ0JWc3JuZG1tbmMKY3BSRzJURDlrT2habDgyVGVl
+VExCejRmMUI4aGp2WlVBWmZzU2dOS1NaNAotPiBYMjU1MTkgUzlpYzVBUHl6alhk
+d2VydmcyMHVBemxyc2VJQ3c3V2lWOE55UE5TS3NUWQpjMlRrc2NoeklrVzRjMFB4
+TzFlZTNhcnU3VXlieXlpUG1zbTJSWXFjUG1ZCi0+IFgyNTUxOSA2ZW1UUkw5K3BH
+dVFKYXFocU5wQmxWdG5oWmJBQThPN1cwb0hFTndyL0dVCld3Z2NiMGljb1IzYlpv
+NTB6dlpZRGJhUnI0NmxROUs0UUEwSWM0VXF6ME0KLS0tIEJjaDc0dFpKTzNYc0t4
+WVlETEZZZ2dWNUxGc0lEb01ZN003MXkvenNUNkUKa3mnAvgTgZB9hqvAETK5hXnL
+Q96Q7B1+gSJhhX36g3pzhmjTzRgSLfJhj1iT0+EEudjRV1v+qfvsB837t9ModDsj
+GadQ0ky7/WReS6QtKU5KF7CbSP/fmsVTZ1+0gZk=
 -----END AGE ENCRYPTED FILE-----
diff --git a/secrets/userPassword.age b/secrets/userPassword.age
index a98f378..08cc846 100644
--- a/secrets/userPassword.age
+++ b/secrets/userPassword.age
@@ -1,12 +1,14 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWUW8xcTRkZzhnQVR0dGZS
-QlcvS1hiZU00MUZzcDI2dzFvMUZzZmNLVERjCkJrcEd1a0ZYNk13TU40WVZGWnd2
-ckdjZmR4VjNPbDVtVE5XZzNUWnVoK2cKLT4gWDI1NTE5IDdzS3FDbk0yRXpZcmpQ
-QUh4ODg2aVZpV1d4NXNsM2VLVVR2UjFNUHNaQzQKR01wMDh1S2hmR25PSzl2STha
-OUovazBQSmJuUEtIclFIZ2xvYWhUUjh2SQotPiBYMjU1MTkgZ0E5UHdMYjJWZjkw
-czgwbFV1MDRuUUFBWTZHUVM4aTBGWUoyY3VqSE94SQpaYUFnTVpreWN6dG5vMGZj
-VWJoNFZjeDlGVDdPYnpTU0NxT01QRUlWdTcwCi0tLSBQZmp6di9nNUVoUzN6SFBF
-NXc0S3RCUVZKN3NFaWlXMm9tZVZnOFRKa01vClJVXOfU6jGk0tvfbV4pLayWuN9a
-cK5tGww1neVIn3uzJeYxG8IMoUA3hPdQyQ3hr3twFFXlLVt8Y+m/ZjTja9AACxYu
-Ui5oGghJzc+6aNiMcZGqilFmxxb75k1V/sn+X9b34B+9YMcA3Ag=
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHMGJUTzJnTjM0R29vb2ds
+bEJha01PSm9ON3NIOHk3V20rT05oNUNvdG5JCjh3bFhYL2xJUXZMY2IwWFc5U3E1
+TmtPcWZ3QW1PMlErbE5wbHplWTN5NDgKLT4gWDI1NTE5IFYyVTFmWXZZMWp2Rjcv
+NDRPMjFiMTkybno5bnNvenpaRUljNUlJMC81RFkKZkxkMTJUU0dLS1hDU1RXRE41
+ZFZIbWRFVGI0NVE2QkhhTW42T3FkWUFPbwotPiBYMjU1MTkgVmlLMEEwTDUweG5G
+QWR3Y2I1b3lmYzMrR01VTExqK1RGaUVqMUczOXdtQQpSNFRPUWsyTEZYdDdQenBl
+dlUzR2xlUVZxQ2NhQUd6OG1LRFJGRmgrZFNvCi0+IFgyNTUxOSBKZGhSSEhuREJ2
+MllJT3E3T2w5bDFqRFpuYkgzOGxnTEw1OGY2R3JML3hjCmRLQjFIQ3ZlQTI4bXFz
+eCszc3JveHYwdFJpaWUvZUxtZmgxbUZZV2grQ1UKLS0tIGpaa3ZVSXg1QmtJbU5P
+ams0WThZT25DaTcvSGxiQ2pHb3lueUVxYlc0blEKibpOZMM3Q/hdXjd4zp0bFvT/
+5S3S0zhAD+jo3C71Q5sUvbvBalRemzUEpBjXiOgMu3CIOi/R5GV1U3va5qHJxRiu
+cN7Zpn+45mG5lo+zSP5Ox8SiaFstpwSZ+BaBWGmzvBBzS4VVHS2PhA==
 -----END AGE ENCRYPTED FILE-----
diff --git a/secrets/vesuvio/rootPassword.age b/secrets/vesuvio/rootPassword.age
new file mode 100644
index 0000000..98e2b90
--- /dev/null
+++ b/secrets/vesuvio/rootPassword.age
@@ -0,0 +1,12 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBidzNDa3hteXMwcHI5TWk5
+YkJoU2hJTVQvcDVsY29uK01CaElQdDQ5UFU0CmtsRk0wNEFlNzZNL1UzWkIza2F1
+OVFydU9aa0R6YlMyOHVyWmc2Q3dMR1kKLT4gWDI1NTE5IEY4c0pvRTgxTnl1bTQ1
+dGpBNnhrMlZRZVBtYy9XSUFTYUNncDVjeUQxRlUKRlFNS0N0aGkrYnR2N3p3dmdx
+endjSjJqSTFETUVIOUxTYWtVMGRraVEzSQotPiBYMjU1MTkgdnZRa0VCdmtEamFV
+QmJYcFUvQXNjNnVJU1laMEFvSTcrUG9XeURqejEwOApSbjluODZMbWJmbWJJcXR2
+bkcyVHI3cE43TmtoWDR3RDVDM0dyNWYyYWpBCi0tLSB1R1BsRTc1TmFzYVZmdXF5
+K1JBNVNnekF5NmYvMXZzREp3YW51UDRQWnpBCvAL9FDvV/6DYMkR/OkVTdfW7z2c
+6uAAJkgf38z7ALWf+jC8qSh2lFKsghWAmhKZxU0Xl59sVJmNRAyQiUCNiZUsOzb+
+P8PYVbp6YYnauJMLA/PjnSSjDIe9CNrxbTSHDf9p4ZtSBd+HMjc=
+-----END AGE ENCRYPTED FILE-----
diff --git a/systems/default.nix b/systems/default.nix
index b7cebe9..19cd98e 100644
--- a/systems/default.nix
+++ b/systems/default.nix
@@ -3,9 +3,14 @@
   inputs,
   ...
 }: let
-  toSystem = name: role:
+  toSystem = name: {
+    role,
+    system,
+  }:
     inputs.nixpkgs.lib.nixosSystem
     {
+      inherit system;
+
       modules = [
         ./${name}
         ./${name}/hardware-configuration.nix
@@ -18,9 +23,29 @@
     };
 in {
   flake.nixosConfigurations = lib.mapAttrs toSystem {
-    fuji = "desktop";
-    fuji-wsl = "client";
-    kilimandjaro = "desktop";
-    etna = "server";
+    fuji = {
+      role = "desktop";
+      system = "x86_64-linux";
+    };
+
+    fuji-wsl = {
+      role = "client";
+      system = "x86_64-linux";
+    };
+
+    kilimandjaro = {
+      role = "desktop";
+      system = "x86_64-linux";
+    };
+
+    etna = {
+      role = "server";
+      system = "x86_64-linux";
+    };
+
+    vesuvio = {
+      role = "server";
+      system = "aarch64-linux";
+    };
   };
 }
diff --git a/systems/vesuvio/default.nix b/systems/vesuvio/default.nix
new file mode 100644
index 0000000..aa94cce
--- /dev/null
+++ b/systems/vesuvio/default.nix
@@ -0,0 +1,21 @@
+{config, ...}: {
+  boot.tmp.cleanOnBoot = true;
+  zramSwap.enable = true;
+
+  services.openssh.openFirewall = true;
+
+  services.frp = {
+    enable = true;
+    role = "server";
+    settings = {
+      bindPort = 7000;
+      auth = {
+        method = "token";
+        token = "{{ .Envs.FRP_TOKEN }}";
+      };
+    };
+  };
+
+  age.secrets.frpToken.file = ../../secrets/etna/frpToken.age;
+  systemd.services.frp.serviceConfig.EnvironmentFile = config.age.secrets.frpToken.path;
+}
diff --git a/systems/vesuvio/hardware-configuration.nix b/systems/vesuvio/hardware-configuration.nix
new file mode 100644
index 0000000..82aafb9
--- /dev/null
+++ b/systems/vesuvio/hardware-configuration.nix
@@ -0,0 +1,26 @@
+{modulesPath, ...}: {
+  imports = [(modulesPath + "/profiles/qemu-guest.nix")];
+
+  boot = {
+    loader.grub = {
+      efiSupport = true;
+      efiInstallAsRemovable = true;
+      device = "nodev";
+    };
+
+    initrd = {
+      availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
+      kernelModules = ["nvme"];
+    };
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/6FB6-65E7";
+    fsType = "vfat";
+  };
+
+  fileSystems."/" = {
+    device = "/dev/sda1";
+    fsType = "ext4";
+  };
+}