diff --git a/roles/common/configuration.nix b/roles/common/configuration.nix
index c2b45d4..ba301c4 100755
--- a/roles/common/configuration.nix
+++ b/roles/common/configuration.nix
@@ -27,32 +27,15 @@
 			# enter the password A LOT of times. Only on the first setup tho
 			"/tmp/id_ed25519_bootstrap"
 		];
-	# Copy (NOT SYMLINK) host ssh keys into place
-		secrets = {
-			"ed25519" = {
-				symlink = false;
-				file = ../../secrets/${config.networking.hostName}/host-key-ed25519;
-				path = "/etc/ssh/ssh_host_ed25519_key";
-			};
-			"rsa" = {
-				symlink = false;
-				file = ../../secrets/${config.networking.hostName}/host-key-rsa;
-				path= "/etc/ssh/ssh_host_rsa_key";
-			};
-			"ed25519-public" = {
-				symlink = false;
-				file = ../../secrets/${config.networking.hostName}/host-key-ed25519-public;
-				path = "/etc/ssh/ssh_host_ed25519_key.pub";
-				mode = "0644";
-			};
-			"rsa-public" = {
-				symlink = false;
-				file = ../../secrets/${config.networking.hostName}/host-key-rsa-public;
-				path = "/etc/ssh/ssh_host_rsa_key.pub";
-				mode = "0644";
-			};
-		};
 	};
 
+	/*
+	I used to keep the host keys in the repo as a secret, but since I use the
+	host keys for decrypting too I'm not sure encrypting a key with itself
+	is a good idea. Now the host keys will need to be placed manually where they are needed
+	For first time installs they are generated by services.openssh.hostKeys on servers, and
+	manually on everything else
+	*/	
+	
 	system.stateVersion = "23.05";
 }
diff --git a/secrets/Archie/host-key-ed25519 b/secrets/Archie/host-key-ed25519
deleted file mode 100644
index ddd8e91..0000000
--- a/secrets/Archie/host-key-ed25519
+++ /dev/null
@@ -1,14 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 zhSyTg v0zMwf3PyU8i5Z8cKQAM8G/egqkmPONA7twvIsTtFUU
-4BlqeR6PpQrYwf7BT1UXqzaiiNwHAxsbbvX1Sk7YG7M
--> ssh-ed25519 AuWU1Q m0nCQcYG0Jz8AeouayMRTPiQvZxWDbci88ouaaW1kBE
-FMRP4tDLTQ8wo/9j6AaVhl4/amQAjgZDPKqmtzTwHbI
--> tR-grease jXU
-zPQZdJy9DQ9MUenFWBk
---- NY5Z2u04JmXtfy09gfYTziCNqdXfSXQLe3n/e7wburg
-åê
-šKàQoƒa|É—·²ëÞ âÜ.ýƒùhSÞ
-^aÉ¹L)m.	At‘}B¡RüÈ!7ÌJí¿%fÒ#f_/=´ïïÏÞd›:§‡\[ùTýãxÈ”—U³s(†:‘’ÝI¨ãˆ~-¢ºiº”-l!(íÌ®S†G¿»½^öä¹Ù¢ØVŒ¤Ú—ig¾ñ~ò™MDdn–WõqûÃ•b7¼ÃÊÖáñ‘†ôP\÷²CÎ±ˆØü½Iõþë}©ÍmsUè•4="™‚‰1Ï.Ùõ±:aT-Ooyˆ¢%v¥$iBåN—À)s8¿OV(EÇ…ì­¯ôtW•i;n·€Pè7æÝQº‡çó0†Â·„tRúá+W´’1Bdé„T’òTO…W¡f>å”æ6Cß>ö´nTÂ¾ô
-ÈKÙ)åDÍ81ÕilÃß3JPQw¢Õ.w\&6¢Åö¿j ”T:¥8E`,•Ò"ÔìaÒ‚<ÊdK×rc2ä´ƒ<´ÔÞ~¹ù
-h?FŽc
-ÐÎ£Jöüto›D€Æ
\ No newline at end of file
diff --git a/secrets/Archie/host-key-ed25519-public b/secrets/Archie/host-key-ed25519-public
deleted file mode 100644
index 91e279e..0000000
--- a/secrets/Archie/host-key-ed25519-public
+++ /dev/null
@@ -1,10 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 zhSyTg Xkk6wPQm3Sm3RuNyKhnKVz/evGJtr0UwhB7m2iuhrR4
-RMheqKeCD+Py22+xmvp3Se1z84t60+6y1Bbt7uYGxFs
--> ssh-ed25519 AuWU1Q 5l5/vuIGxW+6ZzlDKjLzNCxyiW1+Kh651xpnwjfF3FQ
-ZIx/zZZMPpO8zDW5JdkucIBVH1xK4KtoA7Kovw+bcOU
--> 7%-grease [ wwEC MxP UF:U6Cy
-Hp7t6AxdTAfm4r/LMWAt22vOYvhfHJLX4BIB7eEUfQnNAPIx43SrK8QIrAGHWbxN
-hdO18C5g6xoE5HHz5uM5ASzUWC4Nws3OXwY
---- 2kwRA1NakiMhvMQgkaiEiJ93SkjTmOt77m0tO+e/p/w
-Ï ^^ðè”Ià=Õð•ñÏ*Ã='çVå[$-ÄÙÕÊ²}	.’¼²=€&°É­ºl@®l5êÇ×p¯—¯¼™IÈKVèˆN¼‡Œ“‹C¡ÔŽI¥¼š_<³g.…ïÄmf}Oá4(Ñˆûöø¾@Ç;
\ No newline at end of file
diff --git a/secrets/Archie/host-key-rsa b/secrets/Archie/host-key-rsa
deleted file mode 100644
index e323c7a..0000000
Binary files a/secrets/Archie/host-key-rsa and /dev/null differ
diff --git a/secrets/Archie/host-key-rsa-public b/secrets/Archie/host-key-rsa-public
deleted file mode 100644
index 8bb561d..0000000
Binary files a/secrets/Archie/host-key-rsa-public and /dev/null differ
diff --git a/secrets/Everest/host-key-ed25519 b/secrets/Everest/host-key-ed25519
deleted file mode 100644
index 0fe034f..0000000
Binary files a/secrets/Everest/host-key-ed25519 and /dev/null differ
diff --git a/secrets/Everest/host-key-ed25519-public b/secrets/Everest/host-key-ed25519-public
deleted file mode 100644
index 6b23715..0000000
--- a/secrets/Everest/host-key-ed25519-public
+++ /dev/null
@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 5qrYxA OECuD3X/YhnhNDjXFBsoq+mOQmadIQch2DhcVM2es3g
-Y9tNL/OXgxSrWtvrLDHBnaWGxDoSopQAVoFwx6WiHFE
--> ssh-ed25519 AuWU1Q RawOBsHa1yGd0Nn3QPaZNlh3Qy5D5TNU0VVc6t7uwmU
-M0OgClrDATN23KARdN8kee/tDSolbdVQwxclOwUlCY8
--> }|y:w-grease [|V >/-D+*J
-zPzM
---- st6EavuBsvVd84P9CGhxLpgckxCsYjucYvpMiNS0YVY
-ÈÈÅíà¾wÕÊav\ÏÄÎGÍU.ð„é<8\ÏÍ<Ú‚½>È^=Â„Ÿø’Ïè0[f,£!S0z%/eo48Ååÿ’ò«&Jì¾ÿ‚?ä@‹À©‚žZJ;1/á‚„*/t{Ê¹-dn¶a8.EÇS$Ë–¦:Žþ©
\ No newline at end of file
diff --git a/secrets/Everest/host-key-rsa b/secrets/Everest/host-key-rsa
deleted file mode 100644
index 18618b9..0000000
Binary files a/secrets/Everest/host-key-rsa and /dev/null differ
diff --git a/secrets/Everest/host-key-rsa-public b/secrets/Everest/host-key-rsa-public
deleted file mode 100644
index cbfbf9f..0000000
Binary files a/secrets/Everest/host-key-rsa-public and /dev/null differ
diff --git a/secrets/ddclient-passwd b/secrets/ddclient-passwd
old mode 100755
new mode 100644
index fb143cb..e8dac5e
--- a/secrets/ddclient-passwd
+++ b/secrets/ddclient-passwd
@@ -1,8 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 5qrYxA YZag1cf+LCNznpoLx8wXN0lqaDfcxpP8Axmgt1gyiDo
-DujRQ8hZtv6CyKWmOGK82jFoRkT/72Y1OmWcTb+aiVw
--> <VqXw-grease /l=NY
-GR5DcmYCCOReyAPxTCuH1GAJ1GA2KccU/Hy/CszPABNVUrP58EGa733eI7nZyqlD
-xooUCOLDwNF+LNA4ctKt+jSB/lLnLJT+chkkrtQ
---- RdGZN42joziXDu9EHSl00YyASXnPCxFU3tFk5QjQnNU
-€®diPÃvÀ|öm7Ú,gP ÃÜ_nª ´>ú–tRõ{…rv:IÚ“¶`Ëè¤%-×•Èvé©M³pD9Ï,
\ No newline at end of file
+-> ssh-ed25519 06objA y4bV1ytUwkmt9PbOrVgGT5UvhG122nbW1Uoj4X4G1ko
+iCncwjYew9IxINLtdTBCH1xVwMxlbEUj0+QDbqQo220
+-> R520hu&,-grease BU
+r02YR9brHoUAtWXZd1yzrnA1IEymE6EGi+INiYzaU/6ucoMpqD1kTbnNA/XImBw
+--- nHrpo/xmcD3yGS8tygN/HL5o4uyFBVJslY7xycLuJ9M
+äÞºÈ®P';25$«Nç}™níhÓ5Hóúû[ØŒØØÀ^ÍÃb_ØœS€¿RIÊXû±×jhíx×$ 
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 5c1d5a7..a6becb9 100755
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,18 +1,9 @@
 let
-	everest = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7GzKZIK/UAMfRjsaxWWKOBqG7sa1ttJ+Gp0zTQSBXM root@Everest";
-	archie = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINuqKOfYb2lyhoQYBQbuIEyMomze872rnpxDnax8BsC5 root@Archie";
-  bootsrtrap = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMKloSXSeF4dNXebd93uMuiFuXRHfxo/he4+O9SFTz1s bootstrap key";
+	everest = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEY+nRHGyId1eYdC0tk4eKDG8UPpWjNekif+XPPHa0XD root@Everest";
+	bootsrtrap = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMKloSXSeF4dNXebd93uMuiFuXRHfxo/he4+O9SFTz1s bootstrap key";
 in
 {
 	"ddclient-passwd".publicKeys = [ everest ];
 	"syncthing/key".publicKeys = [ everest ];
 	"syncthing/cert".publicKeys = [ everest ];
-	"Everest/host-key-ed25519".publicKeys = [ everest bootsrtrap ];
-	"Everest/host-key-ed25519-public".publicKeys = [ everest bootsrtrap ];
-	"Everest/host-key-rsa".publicKeys = [ everest bootsrtrap ];
-	"Everest/host-key-rsa-public".publicKeys = [ everest bootsrtrap ];
-	"Archie/host-key-ed25519".publicKeys = [ archie  bootsrtrap ];
-	"Archie/host-key-ed25519-public".publicKeys = [ archie bootsrtrap ];
-	"Archie/host-key-rsa".publicKeys = [ archie bootsrtrap ];
-	"Archie/host-key-rsa-public".publicKeys = [ archie bootsrtrap ];
 }
diff --git a/secrets/syncthing/cert b/secrets/syncthing/cert
old mode 100755
new mode 100644
index 9711922..576dd37
Binary files a/secrets/syncthing/cert and b/secrets/syncthing/cert differ
diff --git a/secrets/syncthing/key b/secrets/syncthing/key
old mode 100755
new mode 100644
index e0dd47d..4ea8d32
Binary files a/secrets/syncthing/key and b/secrets/syncthing/key differ