diff --git a/hosts/lazyworkhorse/configuration.nix b/hosts/lazyworkhorse/configuration.nix
index 52799d9..bb2770c 100644
--- a/hosts/lazyworkhorse/configuration.nix
+++ b/hosts/lazyworkhorse/configuration.nix
@@ -58,31 +58,6 @@
     LC_CTYPE = "en_CA.UTF-8";
   };
 
-  # Private host ssh key
-  age = {
-    identityPaths = paths.identities;
-    secrets = {
-      lazyworkhorse_host_ssh_key = {
-        file = "${self}/secrets/lazyworkhorse_host_ssh_key.age";
-        owner = "root";
-        group = "root";
-        mode = "0600";
-        path = "/etc/ssh/ssh_host_ed25519_key";
-      };
-    };
-  };
-
-  # Public host ssh key
-  environment.etc."ssh/ssh_host_ed25519_key.pub".text = keys.hosts.lazyworkhorse.main;
-
-  # Prevent sshd from generating new keys and use this one
-  services.openssh.hostKeys = [
-    {
-      path = "/etc/ssh/ssh_host_ed25519_key";
-      type = "ed25519";
-    }
-  ];
-
   # Configure network proxy if necessary
   # networking.proxy.default = "http://user:password@proxy:port/";
   # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
@@ -145,12 +120,45 @@
 
   # List services that you want to enable:
 
-  # Enable the OpenSSH daemon.
+  # Enable the OpenSSH daemon
   services.openssh = {
     enable = true;
     settings.PermitRootLogin = "no";
+    hostKeys = [
+      {
+        path = "/etc/ssh/ssh_host_ed25519_key";
+        type = "ed25519";
+      }
+    ];
   };
 
+  # Private host ssh key managed by agenix
+  age = {
+    identityPaths = paths.identities;
+    secrets = {
+      containers_env = {
+        file = ../../secrets/containers.env.age;
+        path = "/run/secrets/containers.env";
+        owner = "root";
+        group = "root";
+        mode = "0400";
+      };
+      # lazyworkhorse_host_ssh_key = {
+      #   file = ../../secrets/lazyworkhorse_host_ssh_key.age;
+      #   owner = "root";
+      #   group = "root";
+      #   mode = "0600";
+      #   path = "/etc/ssh/ssh_host_ed25519_key";
+      # };
+    };
+  };
+
+  fileSystems."/".neededForBoot = true;
+
+  # Public host ssh key (kept in sync with the private one)
+  environment.etc."ssh/ssh_host_ed25519_key.pub".text =
+    "${keys.hosts.lazyworkhorse.main}";
+
   services.fstrim.enable = true;
 
   services.zfs.autoSnapshot.enable = true;
diff --git a/lib/keys.nix b/lib/keys.nix
index e61a0fe..e82a203 100644
--- a/lib/keys.nix
+++ b/lib/keys.nix
@@ -9,7 +9,7 @@
 
   hosts = {
     lazyworkhorse = {
-      main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBmPv4JssvhHGIx85UwFxDSrL5anR4eXB/cd9V2i9wdW";
+      main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINmXqD+bBveCYf4khmARA0uaCzkBOUIE077ZrInLNs1O";
       github = "";
       gitea = "";
     };
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
index 0d44c89..855b2f2 100644
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -5,6 +5,5 @@
       # ./programs
       ./services
       ./filesystem
-      ./services/systemd
     ];
 }
diff --git a/modules/nixos/services/systemd/default.nix b/modules/nixos/services/systemd/default.nix
index b93d2d4..fbcaff2 100644
--- a/modules/nixos/services/systemd/default.nix
+++ b/modules/nixos/services/systemd/default.nix
@@ -13,17 +13,4 @@
       "dns" = [ "1.1.1.1" "8.8.8.8" ];
     };
   };
-
-  age = {
-    identityPaths = paths.identities;
-    secrets = {
-      containers_env = {
-        file = self + "/secrets/containers.env.age";
-        path = "/run/secrets/containers.env";
-        owner = "root";
-        group = "root";
-        mode = "0400";
-      };
-    };
-  };
 }
diff --git a/secrets/containers.env.age b/secrets/containers.env.age
index 897b9b0..2a8c362 100644
--- a/secrets/containers.env.age
+++ b/secrets/containers.env.age
@@ -1,7 +1,8 @@
 age-encryption.org/v1
--> ssh-ed25519 GhMD8A 9Tjo08Hbj3S+nCdLUylZoUK6meXtuHq9F/qwSJZBYho
-iu2MmQ2VHm+QEvqGjkEy02V0cNRanAyhrA8Xu7UWRFk
--> ssh-ed25519 eB5ENw 8UTi2pmZML1Zyh9zCfEx4JqJhQ1vM/jZCEhrkuc1Hh4
-et6FoN8E4tgo2DXlt/KTGLRsByJFyDu2oHA/Js/pIB8
---- dmEv5Fz1iUJ3W93lFtkHgtknfQGQNkMqglJZ+3e1qM8
-„UÂïÂ.ëï#C\»þí	¦Vê-ˆ‡«ÎtpíwØnÞ©òÁn×<ŒE—Ýô~»ÑbXº»‚_è›«²àôuÝl?ñ),s­Ec7ª®›†v•;žA–U…-ÏIþ7YÛ-²3g[Ëjh~Ì/£Ï<3ƒT	ñl–)º#¬bÐh@&
\ No newline at end of file
+-> ssh-ed25519 GhMD8A rV+MVE/yCBXffr3Za8av5+lL8B/473Owe7phe2oKzXs
+1Y3qBT07SKzO0EaSzLelbz5/whoEVfBD52N4+WwVScU
+-> ssh-ed25519 kYn3oA fHmhGCOWPfUOQpGEY0+lA6akxhJcCzn1zmiBQFeD4wg
+k48jDsxD7uXfg+VUgM0+PIL1WOBdSOGsLyvsuqYOziY
+--- PXyg0xCJqashEWw9FNHv5g9UWWZ/vzvgKfZJ85OyNKU
+Ü;O*ììþ½¬àEü[¶ƒ	ú„z4XG‘;R~ÓSê\çÂ7Ð‚ßîì¯>ÌZ¥¬Uö,üéì“ÎÈ¬êç³¿’#³„ß`:Ô%' ixû…ÉŸMfßÆW
+Å&EÇÌ›ó›C °>íH–,´ëîÁíW«Zºä‰%×@ênèY Ã
\ No newline at end of file
diff --git a/secrets/lazyworkhorse_host_ssh_key.age b/secrets/lazyworkhorse_host_ssh_key.age
index 1307960..6fc1a13 100644
Binary files a/secrets/lazyworkhorse_host_ssh_key.age and b/secrets/lazyworkhorse_host_ssh_key.age differ