diff --git a/configuration/hardware-specific/vm.nix b/configuration/hardware-specific/vm.nix
index 3d0a499..32423ab 100644
--- a/configuration/hardware-specific/vm.nix
+++ b/configuration/hardware-specific/vm.nix
@@ -19,11 +19,16 @@
   # Both so we have a predictable key for the staging env, as well as
   # to have a static key for decrypting the sops secrets for the
   # staging env.
+  environment.etc."staging.key" = {
+    mode = "0400";
+    source = ../../keys/hosts/staging.key;
+  };
+
   services.openssh.hostKeys = lib.mkForce [
     {
       type = "rsa";
       bits = 4096;
-      path = ../../keys/hosts/staging.key;
+      path = "/etc/staging.key";
     }
   ];
 
diff --git a/keys/staging.yaml b/keys/staging.yaml
index 193cc27..fb1d15d 100644
--- a/keys/staging.yaml
+++ b/keys/staging.yaml
@@ -1,5 +1,5 @@
-forgejo:
-    metrics-token: ENC[AES256_GCM,data:fy+RsphQT9E=,iv:/7dvDv/VLZHceTijRXJ69ELna5PbyVDmW1rVS7hquZI=,tag:dL2OBUshmoQafyExrjJwWA==,type:str]
+gitea:
+    metrics-token: ENC[AES256_GCM,data:T1NYXRWbruA=,iv:usgHYHwWJFbaEdHLO6JX3z/42MVheY2wu0YrXmnz2ng=,tag:W+B7pKGOc/wX/0My0dWY5w==,type:str]
 grafana:
     adminPassword: ENC[AES256_GCM,data:dYfaxUpQpzA=,iv:j5wSem8C5+V4c5qRzXQJhsU7/FOtpvrnaEyFBmW6zJ4=,tag:oc8n3TkEbjF2gjuOobZuLA==,type:str]
     secretKey: ENC[AES256_GCM,data:Atruvh2MsNY=,iv:y2MaCUCEzGIydHp6G0DJHfk289S1is0twKm2oUYwDhM=,tag:nAWeg+YqaYqk6k22oBkAhQ==,type:str]
@@ -26,43 +26,43 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2023-12-28T00:07:15Z"
-    mac: ENC[AES256_GCM,data:WRwC7ETtL5yUIgmNk+ktxtHTnDcS7dx07KAfgn8w8V/OAaNDaaTeNU99V2Sgk5emhlSr5PyHaAARpJk8SBYhmJZo/iIcG65yhsnv9D7/JFzBMjuoin3qIeGCZ2Yzagpospd1e1YB/cDATfPug3+iMxLysQSKBd5zRgeYPACZwMU=,iv:iSj+J239khh5PS5ZK6vqgHpD/SSJ+DYMeledOEXhcB0=,tag:UkK3/aoTBquY1cGlxjSGOQ==,type:str]
+    lastmodified: "2023-12-29T15:14:54Z"
+    mac: ENC[AES256_GCM,data:yJUprLcfw4ypsrSlhot7vsavVqzaFlJoJeEC/DdTfKDoJ0L607r6aCfXtCSg+qrR5JA2bvEATwDJM5qgA2vbMhSOqmc3zT7yBPUKC4Sk24Me3IOOum2DhNID/l/PLtxUIk3Rzz49PJZECUsIKnT7k6KvZ5nWe5sEUupCBgdKjG4=,iv:Axpml84/6wgBxld94AB+Ybdo3r/7Bym6Lsj/49P7jWE=,tag:wXAx3AoopQS7i6rbo70AYg==,type:str]
     pgp:
-        - created_at: "2022-10-12T16:48:23Z"
+        - created_at: "2023-12-29T15:25:27Z"
           enc: |
             -----BEGIN PGP MESSAGE-----
 
-            hQEMA7x7stsXx45CAQf/QKXxlgFzUn5ZS02JDiOLds6wjsiTbwQeIy+den+qH9KF
-            CyfC/8WhxojyhliG0zUzQ7oHtYYkbknF2DyrR7J4+S3SyvMS6MDGTUUn5dIcGwBO
-            2/Q2bt4ayOJFNTPePA0IfuMYNUiMl5B/0GCFRV9DE+gG/dcsOzM5q1Uya/yJ1966
-            RndWwbnE4j5yP4Nj2o3OiZFhlNi6W6UffYB0hsTTPmmebIZltDRbmLSSpKcfNEYw
-            h3st3WaJ0BCuQC5i/kvYTfJyBCoYnvFrb3RmXm3h+MvW0JZwHzfbST3nJCBHh5XJ
-            fVquF17oDJzn5S7EdWMhUbWwHgZwz2J6sZMgGEQ6WdJeAf2IlCuRYGjQMcB1WhxH
-            GCgbzUGoOGrxT3euzz9R1J98d1HQqtpFgeg9JgWndUdhoF80+AU7Wpyy6qOg2n/4
-            wCcb4pcqG1OqFezauEu8+sFdE07vfLoWzxJIark8WA==
-            =pc2z
+            hQEMA7x7stsXx45CAQf/RWxP6z7xjV5TqiA6lFhtygjrH9x3y1DUWG9aUb/dO+xH
+            zDbGMYqGe9RPlgi5sWPstdKXvCgs+AKNj93qJYMwEtaasJOinYXCGeAQmzg90+pt
+            bS6SoBHhGIxAvvLKKPtYx0V50I2reYR+32ux9bcrnzwIsV0P7/SSp1Cl8H+sotB8
+            yf+0ULXcpC+SYECmZqzR9qQ3S+3I6/+QS+QgWj4NsyF+apxnE9oQDcBLdYP4aKgR
+            JHERA9HYfDTKoS137pFHxgINqHkFRY6lhoZdz1yDzOjiPxd8YVfPdKyf022Rg+cX
+            J/Q2P+OhNZEG3gapNATp6wH3niovA89KwZKSmbTZOdJeAZ6NV6TiUP+TgGg5+CmV
+            pSLaGel2NZRnFVNdDFi0dsOwhHv3FpKhIpALJh08/jsmAAslfE7vVlcEnaoUJPTS
+            3v86AACUC5D/gUxmFrrED1qoxbELCmZ17xTwjQzxwg==
+            =KzdF
             -----END PGP MESSAGE-----
           fp: 535B61015823443941C744DD12264F6BBDFABA89
-        - created_at: "2022-10-12T16:48:23Z"
+        - created_at: "2023-12-29T15:25:27Z"
           enc: |
             -----BEGIN PGP MESSAGE-----
 
-            hQIMA2HlP5TKoxTkARAAl+2Y+pd5oraYLgiiJ0CbMFef0zCpFwBwUCyzykMOICGa
-            TWCYs8K6hChjepe0p8+oZnp0wi8U1qrmgRtFljQfHoXq5EXDYKydkz8XHHDI7/W7
-            1BmETajv9Mx7j4BFNB3z0XvLJTPeNhygemuHhox5pA8CUt5FkYahpzYR9AlLiAwx
-            NtU+csrcGUqYllT5WYIKFVIwFk07IvgK/7vj3filO5G2GMiH7lsV6p7W/MYqCFTV
-            grE383/bGCT18XmHpe3Uu0NcotexiqKSXpnFNntWOgd/KynBn8Oa/DMr8ci/4QSF
-            rEV4+IGJSmfAzQYaIfzNRGyTQJKBFiXWQv53GWT9Y5EbdEYEBhyqlIaV5fp/61X+
-            8zhLz3b6QMkNkI6mNVVLK96g2p0dhVoq+R3Wlj/RIVDw/BzH+vJIArQhc8T2NEOX
-            lmLFTMoTRXPrw/UZKMoO+JSDwt2p3WI0sb/ThS+bd7eymxt5lFW1Ikc4Jgd/iHHu
-            JtUZ78i8jAV/nBJPaAYXoRxfpcAMFqJCnxTwCoF7vYP6hHeYW9PPqsClPxQ97TrO
-            /Ei01e9YSfdtIzKcwkOThffRr+7hxwEGQ3EZ+2ShOW9ASfLkIo4MgoLtDAoHCK5E
-            vc2JGWP+vlylTVnZ46Hp8BMRlSjdkS/qGU0lSTPC3q+PllCF2gkN6ZcdLv5L2DDS
-            UAFD70TIN2QAiYEZW6jxg2UtO9ULLT5NgrvfHD9aGAk7jIxeY+nH3S7KqFgmA21c
-            IkNZJSX/J85d13+kJADms3vI7uMOcSUiInaQHy9Cqjrr
-            =fnOr
+            hQIMA/3lh+ZzfS28ARAAm729dMouF7juUeHAb+aHMoyZVKsXapxnxebkjE/LSIbz
+            IEZwegTNrtxQJLclV4Km2gUaBTcE4vLJCpB7YxZvk7JV9OdVKi97o9PcXUXbz9ej
+            /WomnEvFyyxTZGTiHU+L4kNudl8UAKhTt3P4fR3PLpTily75Kn53tzLFJuCO8fAY
+            I/YwQAzayxhPcxk3FuPsD/ONiG7mW8n2ZwfwgOkKXwnrlJv7DreKJRYzu/EeuvX/
+            d4oz+k+xofniOeZmQjZllzR7/++MBg/e1U9VocN1EAWpWHP5taLiThfnVSGDhlQM
+            +4WT5ezH6EuUQlAyQNpDaCincBvCHInhrNlUPOpW51nHMb0y3n4x2hMtZA0JbYEu
+            mkWTYDe65cHjImHXQk9oO2/v4oIyq7ywHX7g2hqVbbiLHZqqTaGfV8lP30+r6/UQ
+            29iAdWac1hY5HDzwbqpY6b38i60j4bkiS83xqrGYBy037bCFk1oHJqwxp5P7vrzr
+            rTv5NBr95BlwF+s8xPEPZneaEu7N3UnhhSzDWp1jgsCxN9b/XHarchNt70xEt2VS
+            xpgs9GEXhsJcbrFNPYqTkFb8vjLFI+poGPTfadW17j4Pp5ftIBRNdKvDG0ni/AIp
+            K98R/nvaHEFuX31SkL8ZUIRqhJm3JVqilFxLAJrqGuSN3jA6wKrimUYpK+t+64jS
+            WAEN9jHYFQDTVHix3g15S5YTGh5ROyqxouDhvSDFTmGtbm5W/HYgnkZmh53TgVeJ
+            Rph/O9QptculzTN+nEqshBhbjhl/uDsLsjLYo/O1AyCwTUSd3OKn6uU=
+            =zThh
             -----END PGP MESSAGE-----
-          fp: 7762ec55a5727cabada621d961e53f94caa314e4
+          fp: 2f5caa73e7ceea4fcc8d2881fde587e6737d2dbc
     unencrypted_suffix: _unencrypted
     version: 3.8.1