diff --git a/common/nginx.nix b/common/nginx.nix
index 10e498d..a5a91c6 100644
--- a/common/nginx.nix
+++ b/common/nginx.nix
@@ -2,6 +2,8 @@
 
 {
   services.nginx = {
+    enable = true;
+
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
     recommendedProxySettings = true;
@@ -26,4 +28,6 @@
     acceptTerms = true;
     defaults.email = "accounts@katherina.rocks"; # TODO: replace with more appropriate email
   };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
 }
\ No newline at end of file
diff --git a/common/users/default.nix b/common/users/default.nix
deleted file mode 100644
index 9602472..0000000
--- a/common/users/default.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{
-  imports = [
-    ./qenya.nix
-    ./richard.nix
-  ];
-}
\ No newline at end of file
diff --git a/common/users/richard.nix b/common/users/richard.nix
deleted file mode 100644
index f910d93..0000000
--- a/common/users/richard.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let keys = import ../../keys.nix;
-in
-{
-  users.users.richard = {
-    isNormalUser = true;
-    home = "/home/richard";
-    openssh.authorizedKeys.keys = keys.users.richard;
-    uid = 1002;
-  };
-}
diff --git a/hive.nix b/hive.nix
index e930b29..5fa0e76 100644
--- a/hive.nix
+++ b/hive.nix
@@ -24,11 +24,10 @@ in {
       (import "${sources.home-manager}/nixos")
       (import "${sources.agenix}/modules/age.nix")
       ./pinning.nix
-      ./common/nginx.nix
       ./common/ssh.nix
       ./common/sudo.nix
       ./common/utilities.nix
-      ./common/users
+      ./users/qenya.nix
     ];
   };
 
diff --git a/hosts/yevaud/forgejo.nix b/hosts/yevaud/forgejo.nix
index 7c8f1ba..410c1d2 100644
--- a/hosts/yevaud/forgejo.nix
+++ b/hosts/yevaud/forgejo.nix
@@ -1,49 +1,46 @@
 { config, lib, pkgs, ... }:
 
 {
+  imports = [
+    ../../common/nginx.nix
+  ];
+
   # TODO: email out
   # TODO: interface customisation
 
-  services = {
-    nginx = {
-      enable = true;
-      virtualHosts = {
-        "git.qenya.tel" = {
-          forceSSL = true;
-          enableACME = true;
-          locations."/".proxyPass = "http://[::1]:3000/";
-        };
-        "git.katherina.rocks" = {
-          forceSSL = true;
-          enableACME = true;
-          locations."/".return = "301 https://git.qenya.tel$request_uri";
-        };
-      };
+  services.nginx.virtualHosts = {
+    "git.qenya.tel" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/".proxyPass = "http://[::1]:3000/";
     };
-
-    forgejo = {
-      enable = true;
-      stateDir = "/data/forgejo";
-      settings = {
-        DEFAULT.APP_NAME = "git.qenya.tel";
-        cache = {
-          ADAPTER = "twoqueue";
-          HOST = ''{"size": 100, "recent_ratio": 0.25, "ghost_ratio": 0.5}'';
-        };
-        database = {
-          DB_TYPE = "sqlite3";
-          SQLITE_JOURNAL_MODE = "WAL";
-        };
-        security.LOGIN_REMEMBER_DAYS = 365;
-        server = {
-          DOMAIN = "git.qenya.tel";
-          HTTP_PORT = 3000;
-          ROOT_URL = "https://git.qenya.tel/";
-        };
-        service.DISABLE_REGISTRATION = true;
-      };
+    "git.katherina.rocks" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/".return = "301 https://git.qenya.tel$request_uri";
     };
   };
 
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  services.forgejo = {
+    enable = true;
+    stateDir = "/data/forgejo";
+    settings = {
+      DEFAULT.APP_NAME = "git.qenya.tel";
+      cache = {
+        ADAPTER = "twoqueue";
+        HOST = ''{"size": 100, "recent_ratio": 0.25, "ghost_ratio": 0.5}'';
+      };
+      database = {
+        DB_TYPE = "sqlite3";
+        SQLITE_JOURNAL_MODE = "WAL";
+      };
+      security.LOGIN_REMEMBER_DAYS = 365;
+      server = {
+        DOMAIN = "git.qenya.tel";
+        HTTP_PORT = 3000;
+        ROOT_URL = "https://git.qenya.tel/";
+      };
+      service.DISABLE_REGISTRATION = true;
+    };
+  };
 }
diff --git a/keys.nix b/keys.nix
deleted file mode 100644
index 7573baf..0000000
--- a/keys.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{
-  machines = {
-    tohru = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8wuGzF0Y7SaH9aimo3SmCz99MTQwL+rEVhx0jsueU root@tohru";
-    yevaud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T root@yevaud";
-    orm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGc9rkcdOVWozBFj3kLVnSyUQQbyyH+UG+bLawanQkRQ root@orm";
-  };
-
-  users = {
-    qenya = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru"
-    ];
-    richard = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHAuYWPfYVKdjBY/gBMt2n11Seb+hMqjui1PQ6C4ph8i richard@tress"
-    ];
-  };
-}
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index c41523b..a4a270a 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,4 +1,6 @@
 let
-  keys = ../ssh-keys.nix;
+  tohru = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8wuGzF0Y7SaH9aimo3SmCz99MTQwL+rEVhx0jsueU root@tohru";
+  yevaud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T root@yevaud";
+  systems = [ tohru yevaud ];
 in
 { }
diff --git a/common/users/qenya.nix b/users/qenya.nix
similarity index 79%
rename from common/users/qenya.nix
rename to users/qenya.nix
index 74062f7..0dadb30 100644
--- a/common/users/qenya.nix
+++ b/users/qenya.nix
@@ -1,7 +1,5 @@
 { config, lib, pkgs, ... }:
 
-let keys = import ../../keys.nix;
-in
 {
   users.users.qenya = {
     isNormalUser = true;
@@ -11,7 +9,9 @@ in
       "networkmanager" # UI wifi configuration
       "dialout" # access to serial ports
     ];
-    openssh.authorizedKeys.keys = keys.users.qenya;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru"
+    ];
     uid = 1001;
   };