diff --git a/darwin/default.nix b/darwin/default.nix
index e7e9985..3298f76 100644
--- a/darwin/default.nix
+++ b/darwin/default.nix
@@ -1,10 +1,24 @@
-{ pkgs, inputs, self, primaryUser, ... }: {
-  imports = [ ./homebrew.nix ./settings.nix ./yabai.nix ];
+{
+  pkgs,
+  inputs,
+  self,
+  primaryUser,
+  ...
+}:
+{
+  imports = [
+    ./homebrew.nix
+    ./settings.nix
+    ./yabai.nix
+  ];
 
   # nix config
   nix = {
     settings = {
-      experimental-features = [ "nix-command" "flakes" ];
+      experimental-features = [
+        "nix-command"
+        "flakes"
+      ];
       max-jobs = "auto"; # Use all CPU cores
       cores = 0; # Use all cores per build
       # disabled due to https://github.com/NixOS/nix/issues/7273
@@ -15,12 +29,14 @@
     # Garbage collection
     gc = {
       automatic = true;
-      interval = { Weekday = 7; }; # Run weekly
+      interval = {
+        Weekday = 7;
+      }; # Run weekly
       options = "--delete-older-than 30d";
     };
   };
 
-  # Disable Docs 
+  # Disable Docs
   documentation = {
     enable = true;
     doc.enable = false; # Skip large documentation
@@ -28,7 +44,9 @@
     info.enable = false; # Skip info pages
   };
 
-  nixpkgs.config = { allowUnfree = true; };
+  nixpkgs.config = {
+    allowUnfree = true;
+  };
   # homebrew installation manager
   nix-homebrew = {
     user = primaryUser;
@@ -43,6 +61,7 @@
   users.users.${primaryUser} = {
     home = "/Users/${primaryUser}";
     shell = pkgs.fish;
+    openssh.authorizedKeys.keyFiles = [ ../secrets/ssh-key ];
   };
   environment = {
     systemPath = [ "/opt/homebrew/bin" ];
diff --git a/home/default.nix b/home/default.nix
index 6b1b366..9389f29 100644
--- a/home/default.nix
+++ b/home/default.nix
@@ -1,4 +1,13 @@
-{ config, primaryUser, inputs, self, lib, isDarwin, ... }: {
+{
+  config,
+  primaryUser,
+  inputs,
+  self,
+  lib,
+  isDarwin,
+  ...
+}:
+{
   imports = [
     ./packages.nix
     ./git.nix
@@ -11,7 +20,9 @@
     ./floorp.nix
     ./obsidian.nix
     inputs.sops-nix.homeManagerModules.sops
-  ] ++ lib.optionals (!isDarwin) [ ./desktop ] ++ lib.optionals isDarwin [
+  ]
+  ++ lib.optionals (!isDarwin) [ ./desktop ]
+  ++ lib.optionals isDarwin [
     ./desktop/sketchybar
     inputs.catppuccin.homeModules.catppuccin
   ];
@@ -97,19 +108,21 @@
   sops = {
     defaultSopsFile = ../secrets/secrets.yaml;
     defaultSopsFormat = "yaml";
-    age.keyFile = if isDarwin then
-      "/Users/${primaryUser}/.config/nix/secrets/keys.txt"
-    else
-      "/home/${primaryUser}/.config/nix/secrets/keys.txt";
+    age.keyFile =
+      if isDarwin then
+        "/Users/${primaryUser}/.config/nix/secrets/keys.txt"
+      else
+        "/home/${primaryUser}/.config/nix/secrets/keys.txt";
 
     secrets = {
       GROQ_API_KEY = { };
       OPENWEATHER_API_KEY = { };
       ssh_private_key = {
-        path = if isDarwin then
-          "/Users/${primaryUser}/.ssh/ssh"
-        else
-          "/home/${primaryUser}/.ssh/ssh";
+        path = if isDarwin then "/Users/${primaryUser}/.ssh/ssh" else "/home/${primaryUser}/.ssh/ssh";
+        mode = "0600";
+      };
+      ssh_github_key = {
+        path = if isDarwin then "/Users/${primaryUser}/.ssh/github" else "/home/${primaryUser}/.ssh/github";
         mode = "0600";
       };
     };
diff --git a/home/git.nix b/home/git.nix
index 9314242..9d9f59e 100644
--- a/home/git.nix
+++ b/home/git.nix
@@ -1,13 +1,25 @@
-{ primaryUser, pkgs, ... }: {
+{
+  primaryUser,
+  pkgs,
+  ...
+}:
+{
 
-  home.packages = with pkgs; [ gh gnupg ];
+  home.packages = with pkgs; [
+    gh
+    gnupg
+  ];
 
   programs = {
     git = {
       enable = true;
       settings = {
-        github = { user = primaryUser; };
-        init = { defaultBranch = "main"; };
+        github = {
+          user = primaryUser;
+        };
+        init = {
+          defaultBranch = "main";
+        };
         user = {
           name = "DerGrumpf"; # TODO replace
           email = "phil.keier@hotmail.com"; # TODO replace
@@ -15,8 +27,15 @@
       };
 
       lfs.enable = true;
-      ignores = [ "**/.DS_STORE" "result" ];
+      ignores = [
+        "**/.DS_STORE"
+        "result"
+      ];
     };
-    lazygit = { enable = true; };
+
+    lazygit = {
+      enable = true;
+    };
+
   };
 }
diff --git a/home/packages.nix b/home/packages.nix
index b4a17ef..fca5bcf 100644
--- a/home/packages.nix
+++ b/home/packages.nix
@@ -1,6 +1,8 @@
-{ pkgs, lib, ... }: {
+{ pkgs, lib, ... }:
+{
   home = {
-    packages = with pkgs;
+    packages =
+      with pkgs;
       [
         # dev tools
         curl
@@ -29,10 +31,12 @@
         zstd
         gnutar
         unrar
+        sops
 
         # Nix tools
         nix-index
-      ] ++ lib.optionals (!pkgs.stdenv.isDarwin) [
+      ]
+      ++ lib.optionals (!pkgs.stdenv.isDarwin) [
         # dev tools
         pciutils
         usbutils
@@ -60,6 +64,7 @@
         xonotic
         irssi
         blender
-      ] ++ lib.optionals pkgs.stdenv.isDarwin [ graphite-cli ];
+      ]
+      ++ lib.optionals pkgs.stdenv.isDarwin [ graphite-cli ];
   };
 }
diff --git a/home/ssh.nix b/home/ssh.nix
new file mode 100644
index 0000000..b156bc0
--- /dev/null
+++ b/home/ssh.nix
@@ -0,0 +1,18 @@
+{ primaryUser, isDarwin, ... }:
+{
+  ssh = {
+    enable = true;
+    matchBlock = {
+      "*.cyperpunk.de" = {
+        identityFile =
+          if isDarwin then "/Users/${primaryUser}/.ssh/ssh" else "/home/${primaryUser}/.ssh/ssh";
+        user = primaryUser;
+      };
+      "github.com" = {
+        identityFile =
+          if isDarwin then "/Users/${primaryUser}/.ssh/github" else "/home/${primaryUser}/.ssh/github";
+        user = "git";
+      };
+    };
+  };
+}
diff --git a/nixos/ssh.nix b/nixos/ssh.nix
index 3310f37..5d8fbd2 100644
--- a/nixos/ssh.nix
+++ b/nixos/ssh.nix
@@ -1,5 +1,4 @@
-{ ... }:
-{
+_: {
   services.openssh = {
     enable = true;
     openFirewall = true;
@@ -7,6 +6,7 @@
       PasswordAuthentication = false;
       PermitRootLogin = "no";
     };
+    authorizedKeys.keyFiles = [ ../secrets/ssh-key ];
   };
 
   programs.ssh.startAgent = true;
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index a84e516..0f7967c 100644
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -1,6 +1,7 @@
 GROQ_API_KEY: ENC[AES256_GCM,data:OyuC4jfw67sCDa0XBGr78S6pzPV1ruy7KiIqPMgWWcOCVm3Y/khXEYPMjUTGrq9YLOw1MLso0OE=,iv:0y9klMYVtGsqAaLc2JidjZYSLhhbcbWbnBf8sZiC3rM=,tag:r6G2pzZn2d9JIaS+ozKnmg==,type:str]
 OPENWEATHER_API_KEY: ENC[AES256_GCM,data:bcuLz70u40nZfNgPTaeNRXdR/zjx0SQjwMbMNNFqROI=,iv:VCzse1a1/k1ZDIpFPL1QhjuS6YaDyohWi61JZaoc0Ws=,tag:UJSNyniNNLfGGRY/uiJcRA==,type:str]
 ssh_private_key: ENC[AES256_GCM,data:R511mVFVk1ogAd5CKk/2P6rtT4NnHIFfKyqeCen545QgcvDqDFmW0rFBmPJyipaya2srJNoWvKJbnvxWtTYeJh2tPAybRMoUicStIFMUn3FPNfjx/WuQFLhKLoU3UOHHPJnkFqkQ9MBqLq2k5K7MVsNNFTxIDCKS1jPgkTmAWjRZ0EFiRXLa+Gvnz3GP5ltgfjDwdPeb5xp0/AqKPD8jea9w5ClR6ckrRHCLsfXhL2e9IaF4B96JlIv4rICLX3HmeIgM2PKl2MnSt8we5z39bBoLSA0yWG6BvpiMBaFqbo7jeHf1SxI6R404/emHhwW3pwSCDrq2ZE1ATG2UmA5NssFcVuaBPBoQer+n5haVYMNpNUp6rtKZeAIbf5JEOXJ6CJqiInfnnzOMNGhGFkGUYkhsy3p6Ti/lmNMPX/xtY+8ZqMwXf5drssm5KgnQ5nDbVqnTWAhoT/D3t+cJVAaXGTGw88fU0X95dZr8vaL/5nBCj1uUdv5cRBJ8PGhqbBX8PoiXrtGooBGhxf6nHbxIneSzG1++MZGo3e1G,iv:D1lgCnZKm3Gyv6cZpQ7zGW7JXN5RCwoaas+LroTkhPc=,tag:WI6Nr1cX8gm5pjFpu/Ok0w==,type:str]
+ssh_github_key: ENC[AES256_GCM,data:vZAH4cRDsgGXLAppQKOyUPOvmBJZ27bujMGz4hQ8tt0xhGFUP28llwGZz/VRuU02Yv4alLgVWBAIPuyhZT9f35KnjIR1Mmb7HXk/6oaNM59/lBiISLrnOpC10WmJ9O5krKdxwP8ZDvHA34B0s+oYNkTNXiU0S8AVg3icploax7ylKH5Dorj53kjdYSTjd8KN6ZsgCKmcz97+GnP0IgdmauyNL7e+kv9WIfE8Xx1kGvC8WVnidX2YhSxm6vt8l60eUj9etRigU88oFYTDZ+mIf4lucSpzaLZutz2fM/16D/o9SS7mmTrEllj2S+IXc9ZZTRKKDLbW+yv0XUi0XZi+OHAdZScjS54NZKyT9uWrc/IDJHammGsoHRQpHZtbGhkeFi/KdJsYBsWItslXjM0xJVtFIM2tMnd10kv9UGuXsSl9J4NC0rpz3aXnQqG4ZAhMjN9D/DTJpB4K0pcFyd2FDWdrbKq5iPfnU/V6ecnHPML6wCt6gua/LdK1MWoG3l2SqwMLYj1r7UW5fQZqSw1EK0BAtp9cQMLBL/2w8ykMfWpLekE=,iv:gcinU7xOoXQkFVkLNB3sQYHAcZy3pZN+bDRIq4sspys=,tag:yawgAHBKIkGpnKPHsRId4g==,type:str]
 sops:
     age:
         - recipient: age10pyhca0jy75wtqv5hrn0gf0jcam5272zx9h73a8xwwaxyfq89c0qs5dr9t
@@ -12,7 +13,7 @@ sops:
             N3I5dzUwc3JtYzczMUhyT04vSHlZamMKT+FzYcDLmlEFYxm/XoBpJb8XaZzBH1v9
             6fuez+zApathZfl14w41kAUojPWBznnxDqYtNvzVVLXwnpp3BMx+7w==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-03-27T10:23:01Z"
-    mac: ENC[AES256_GCM,data:mRI5VLjUDMhRpR5fmN6MMxaJdbXuMBNcXFX7ItDe1U3H3px+4k0hxhx/anO+VX+Qq4i9kTrqEVkkRY4rzQBEqZaSIlGgzpj4nwdC8469/PBVUCqZ6X47pc+TfG6PP8Iv9nyN+zk4whS+O6c2ZTGVQ+Cok+KIa6r5tlNu/3r85u0=,iv:eK/TDEJctNiMp1eW4b605bvvNHAqBBf6Ybgdg4jQyR4=,tag:D4oW5lTBd1z8Ey0EKhTvmQ==,type:str]
+    lastmodified: "2026-04-05T18:43:43Z"
+    mac: ENC[AES256_GCM,data:iWEd+beMs10MBc8v7EPo3W2uPKsWtlgePsq195T6FpYjNP5BMfW4p6yo2HG2VEzSFWoi16HR1aB+oUUGSSlctaurjCifGsKyB4rKSk5gAyin9G7qTJ1KPC1SZfTVlj75RLyV9r/wtEGd4Arom2UiYk0A2NWWdKx+CUGgESQyt0c=,iv:6sb0ejM5Y9iFSr2MtoV94tvFu0Hrt/5aiEoNKBqQKr8=,tag:6lmkvQQFzItR91x0Yuj1aA==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.11.0
+    version: 3.12.2
diff --git a/secrets/ssh-github b/secrets/ssh-github
new file mode 100644
index 0000000..32d3e9a
--- /dev/null
+++ b/secrets/ssh-github
@@ -0,0 +1,2 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIInrZgSE/iECNt+SrzmFXU32QdAeNplV1sax5c94gstr p.keier@beyerstedt-it.de
+