diff --git a/hosts/artemis/default.nix b/hosts/artemis/default.nix
index 8d009d0..b4cae3c 100644
--- a/hosts/artemis/default.nix
+++ b/hosts/artemis/default.nix
@@ -25,6 +25,8 @@ in
     hostPlatform = "x86_64-linux";
   };
 
+  age.rekey.hostPubkey = ./ssh_host_ed25519_key.pub;
+
   boot.loader = {
     systemd-boot = {
       enable = true;
diff --git a/hosts/artemis/ssh_host_ed25519_key.pub b/hosts/artemis/ssh_host_ed25519_key.pub
new file mode 100644
index 0000000..9f2feb5
--- /dev/null
+++ b/hosts/artemis/ssh_host_ed25519_key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDXJmnp4LUE9AFjGHwvxAu4m/3PB2uYQ69F7wYv7cGGT
diff --git a/hosts/atlas/default.nix b/hosts/atlas/default.nix
index 98c55c6..27af587 100644
--- a/hosts/atlas/default.nix
+++ b/hosts/atlas/default.nix
@@ -9,6 +9,8 @@
 
   nixpkgs.hostPlatform = "x86_64-linux";
 
+  age.rekey.hostPubkey = ./ssh_host_ed25519_key.pub;
+
   boot.loader = {
     systemd-boot.enable = true;
     efi.canTouchEfiVariables = true;
diff --git a/hosts/atlas/ssh_host_ed25519_key.pub b/hosts/atlas/ssh_host_ed25519_key.pub
new file mode 100644
index 0000000..67272e8
--- /dev/null
+++ b/hosts/atlas/ssh_host_ed25519_key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPddvpZeCUelUGsnFvx87WOqKKc+MGPU6+rx6s1ReWQl
diff --git a/hosts/helios/default.nix b/hosts/helios/default.nix
index c3a84f4..1f94b4c 100644
--- a/hosts/helios/default.nix
+++ b/hosts/helios/default.nix
@@ -16,6 +16,8 @@ in
 
   nixpkgs.hostPlatform = "x86_64-linux";
 
+  age.rekey.hostPubkey = ./ssh_host_ed25519_key.pub;
+
   boot = {
     loader.grub = {
       enable = true;
diff --git a/hosts/helios/ssh_host_ed25519_key.pub b/hosts/helios/ssh_host_ed25519_key.pub
new file mode 100644
index 0000000..e3c5696
--- /dev/null
+++ b/hosts/helios/ssh_host_ed25519_key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL2tDij7eTDbljl6Crz4i7qrM0lgp8U2T9ZMXt7VQPT/
diff --git a/hosts/hypnos/default.nix b/hosts/hypnos/default.nix
index f287173..cbb7778 100644
--- a/hosts/hypnos/default.nix
+++ b/hosts/hypnos/default.nix
@@ -22,6 +22,8 @@
     };
   };
 
+  age.rekey.hostPubkey = ./ssh_host_ed25519_key.pub;
+
   boot.loader = {
     systemd-boot.enable = true;
     efi.canTouchEfiVariables = true;
diff --git a/hosts/hypnos/ssh_host_ed25519_key.pub b/hosts/hypnos/ssh_host_ed25519_key.pub
new file mode 100644
index 0000000..97228b6
--- /dev/null
+++ b/hosts/hypnos/ssh_host_ed25519_key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGlbvy+4QHbveFbS6r9S0JWUVHeI/MgYLyGtfpZqJ/3
diff --git a/hosts/mail/default.nix b/hosts/mail/default.nix
index be3b42b..91c756e 100644
--- a/hosts/mail/default.nix
+++ b/hosts/mail/default.nix
@@ -14,6 +14,8 @@
 
   nixpkgs.hostPlatform = "x86_64-linux";
 
+  age.rekey.hostPubkey = ./ssh_host_ed25519_key.pub;
+
   networking = {
     hostId = "08ac2f14";
     firewall = {
diff --git a/hosts/mail/ssh_host_ed25519_key.pub b/hosts/mail/ssh_host_ed25519_key.pub
new file mode 100644
index 0000000..e916aba
--- /dev/null
+++ b/hosts/mail/ssh_host_ed25519_key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGLHtC0JmFfct+lYl0EjgphutmeYY8BWDctY3+/TsO6L
diff --git a/hosts/odyssey/default.nix b/hosts/odyssey/default.nix
index 18837f7..6c9e81a 100644
--- a/hosts/odyssey/default.nix
+++ b/hosts/odyssey/default.nix
@@ -20,6 +20,8 @@
     };
   };
 
+  age.rekey.hostPubkey = ./ssh_host_ed25519_key.pub;
+
   boot.loader = {
     systemd-boot = {
       enable = true;
diff --git a/hosts/odyssey/ssh_host_ed25519_key.pub b/hosts/odyssey/ssh_host_ed25519_key.pub
new file mode 100644
index 0000000..c6a38e9
--- /dev/null
+++ b/hosts/odyssey/ssh_host_ed25519_key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJre8/cjdoUnbTu0x4ClTITcq4lq+FjpEyJBbLbOlox7
diff --git a/hosts/pi/default.nix b/hosts/pi/default.nix
index 232dc9c..64a4212 100644
--- a/hosts/pi/default.nix
+++ b/hosts/pi/default.nix
@@ -15,6 +15,8 @@
 
   nixpkgs.hostPlatform = "aarch64-linux";
 
+  age.rekey.hostPubkey = ./ssh_host_ed25519_key.pub;
+
   hardware = {
     raspberry-pi."4" = {
       apply-overlays-dtmerge.enable = true;
diff --git a/hosts/pi/ssh_host_ed25519_key.pub b/hosts/pi/ssh_host_ed25519_key.pub
new file mode 100644
index 0000000..15c4d78
--- /dev/null
+++ b/hosts/pi/ssh_host_ed25519_key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFYv5V6Lr1Er1dljwmunurIz1Q3Ce5FsFSxtUOW6aO9J
diff --git a/hosts/skycam/default.nix b/hosts/skycam/default.nix
index b0ef928..b96776e 100644
--- a/hosts/skycam/default.nix
+++ b/hosts/skycam/default.nix
@@ -11,6 +11,8 @@
 
   nixpkgs.hostPlatform = "aarch64-linux";
 
+  age.rekey.hostPubkey = ./ssh_host_ed25519_key.pub;
+
   networking = {
     hostId = "731d1660";
     firewall = {
diff --git a/hosts/skycam/ssh_host_ed25519_key.pub b/hosts/skycam/ssh_host_ed25519_key.pub
new file mode 100644
index 0000000..3c660c2
--- /dev/null
+++ b/hosts/skycam/ssh_host_ed25519_key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHv5+HwcRetBxtQZXpGbYv22S4prJu9bYCzKTSoMCl8D
diff --git a/hosts/vps2/default.nix b/hosts/vps2/default.nix
index e1ce65e..b137c4d 100644
--- a/hosts/vps2/default.nix
+++ b/hosts/vps2/default.nix
@@ -15,6 +15,8 @@
     hostPlatform = "x86_64-linux";
   };
 
+  age.rekey.hostPubkey = ./ssh_host_ed25519_key.pub;
+
   networking = {
     hostId = "60de4af8";
     firewall = {
diff --git a/hosts/vps2/ssh_host_ed25519_key.pub b/hosts/vps2/ssh_host_ed25519_key.pub
new file mode 100644
index 0000000..8a22207
--- /dev/null
+++ b/hosts/vps2/ssh_host_ed25519_key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1Ee9QHeGSVpmruNaMdaycYyNdTXVRWpwUk1EBEM7UW