diff --git a/flake.lock b/flake.lock
index 474c3aa..04719bc 100644
--- a/flake.lock
+++ b/flake.lock
@@ -663,17 +663,17 @@
     },
     "nixpkgsSisko": {
       "locked": {
-        "lastModified": 1747542820,
-        "narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=",
+        "lastModified": 1742288794,
+        "narHash": "sha256-Txwa5uO+qpQXrNG4eumPSD+hHzzYi/CdaM80M9XRLCo=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043",
+        "rev": "b6eaf97c6960d97350c584de1b6dcff03c9daf42",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043",
+        "rev": "b6eaf97c6960d97350c584de1b6dcff03c9daf42",
         "type": "github"
       }
     },
diff --git a/flake.nix b/flake.nix
index 145218e..440867f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -3,7 +3,7 @@
 
   inputs = {
     flakeParts.url = "github:hercules-ci/flake-parts";
-    nixpkgsSisko.url = "github:NixOS/nixpkgs/292fa7d4f6519c074f0a50394dbbe69859bb6043";
+    nixpkgsSisko.url = "github:NixOS/nixpkgs/b6eaf97c6960d97350c584de1b6dcff03c9daf42";
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
     nixosHardware.url = "github:NixOS/nixos-hardware";
     homeManager = {
diff --git a/hosts/default.nix b/hosts/default.nix
index cf4fc6f..7ed6ca8 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -109,7 +109,6 @@
           "home-assistant-token".owner = "prometheus";
           "grafana-password".owner = "grafana";
           "cloudflare-dyndns-api-token" = { };
-          "cloudflare-api-tokens" = { };
           "restic-hetzner-password" = { };
           "hass-ssh-key".owner = "hass";
           "sisko-attic-environment-file".owner = "atticd";
diff --git a/modules/nginx-base/default.nix b/modules/nginx-base/default.nix
index a79716e..5068162 100644
--- a/modules/nginx-base/default.nix
+++ b/modules/nginx-base/default.nix
@@ -14,7 +14,7 @@
         dnsProvider = "cloudflare";
         dnsPropagationCheck = true;
         group = config.services.nginx.group;
-        environmentFile = config.age.secrets.cloudflare-api-tokens.path;
+        environmentFile = config.age.secrets.cloudflare-dyndns-api-token.path;
       };
     };
   };
diff --git a/modules/nix/default.nix b/modules/nix/default.nix
index 000ede4..1b2258d 100644
--- a/modules/nix/default.nix
+++ b/modules/nix/default.nix
@@ -92,7 +92,7 @@
         ];
         protocol = "ssh-ng";
         sshUser = "root";
-        sshKey = "/home/${config.ccr.username}/.ssh/id_ed25519";
+        sshKey = "/home/${config.ccr.username}/.ssh/id_rsa";
       }
       ++ (lib.lists.optional (config.networking.hostName == "picard") {
         hostName = "mac.staging.mlabs.city?remote-program=/run/current-system/sw/bin/nix-store";
diff --git a/secrets/cloudflare-api-tokens.age b/secrets/cloudflare-api-tokens.age
deleted file mode 100644
index 57e68b8..0000000
--- a/secrets/cloudflare-api-tokens.age
+++ /dev/null
@@ -1,17 +0,0 @@
-age-encryption.org/v1
--> ssh-rsa /AagBw
-hD7PDjueXimBVI/rjcYxN77LHV2eGytKcUbmh17aSL1CNM+eriURFao3tj52Hiaz
-3VMB6FxWUk9kzgjMPvf5WZukuZ2WbpPH8xlDV+6ZH7e/IzmjIfx8Ny14Mr1IF/Rx
-TBiCIAM19/1/mR9MiIBW85bb+Bb/waWIZAgxW3N1RpqH5+vAVqx0iY3XRF5+0gOq
-blP3yEw3QaL6FuY0+a+d/TnCsrz2Gi1Rba9oCUmkzOP96TsJYdN58Ut6nrHFkURK
-mShL2xBMLmfA8Z5ep+D8ueyQbcYpeU3KHcIcRM6dRTwQKvWXAVkRt1nUGasKrO9Y
-oJT9BrcxjtqgF/xhHRjWpamjFSI3mlJnJNEbruddDwQUccrJOvEzvqZ7GK0WoFX2
-HmhdDOiocMGWFeBPAKlNtU3+QmtZvhvOIgbjKhNxmCt1A/qxfvRk7Y2IDIBo+CFo
-sKMrT1tCo4UYaJdZYl64XYNCQb3C2EfO7Exrq3d2urNidzUbr9OBx7CCI1nu375c
-Qol9Kr28fLtxRuSZlrqIe9vKVYyLDPznrRlh6TmgqmMLIW70Y8cZwMtT8L8sOkcm
-A8MoxpWFzK4BKo0Iqmw6eZ3nx/0LAzkz005ZEwrmi2W/XxOWJgBiaLmu7YwnoGq0
-gzwwvA5V5MT6Iy7FzkQpMi0h/H4MZ0mcbihKdPun85Q
--> ssh-ed25519 +vdRnA 23Gviu8hfWCEBPHP7xYIaOx34kFsxJJgJ/BNUDlb9Cg
-ROiMY2gw/rpNBmJnlRVb7Qhi5+8TY3Velj8gEZcaedI
---- dhmvfQoCjuRUJtvXNI/eCjH0W+IeJm8bFRvYk1JihD0
-qMCÐ,Ýˆ½Ôêì‹9-\‘KJ¡ã]Á­ÿJ ð½(¡SnŸ°.ñQpá~Z$ó±eØ"êí”’\ù£'rS’l‰ÿuÜ+UD <äÕvÐÚáÓ]|/g[†	W_“È>-fl•›8|w­ÊÙŠÈlš–¢ÜõB•[\òá.k(W±{=w 3N}¤qGÏ-w´Mb^‰ŒQ{
\ No newline at end of file
diff --git a/secrets/cloudflare-dyndns-api-token.age b/secrets/cloudflare-dyndns-api-token.age
index 6f09f52..57e68b8 100644
Binary files a/secrets/cloudflare-dyndns-api-token.age and b/secrets/cloudflare-dyndns-api-token.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 7b341b1..8724ce7 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -92,10 +92,6 @@ with keys.users;
     deltaflyer
     pike
   ];
-  "cloudflare-api-tokens.age".publicKeys = [
-    ccr-ssh
-    sisko
-  ];
   "cloudflare-dyndns-api-token.age".publicKeys = [
     ccr-ssh
     sisko