diff --git a/secrets/dns_certs.secret.age b/secrets/dns_certs.secret.age
index 819a7a4..a02586f 100644
Binary files a/secrets/dns_certs.secret.age and b/secrets/dns_certs.secret.age differ
diff --git a/secrets/dns_dnskeys.conf.age b/secrets/dns_dnskeys.conf.age
index 32edd90..0084593 100644
Binary files a/secrets/dns_dnskeys.conf.age and b/secrets/dns_dnskeys.conf.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 7144752..db422be 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -21,23 +21,33 @@ let
   # for testing configs at home
   silver_homelab = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCG1JzosOwS7oKjgm0+FlqMKrUbu+M5403un+VA7LwiGRQnneawuq6aqQsIoDqAlb9AzUdLTeBQb+rBf94kx7yVGdEIz1i34WdMK3kgl176jnDIR4TWeNKdj8Q6+4d7tn5mZrqmpXZ/+1KSauV9JHxytR+7A4NVexkhGX1Mq3efGBYsCKzUQh83lHs2baWUYuxaPCCR6vy6uklzQRQfg+NsxCCUKkbgJwv1ar5U1ccr4N89EWiR2Yu4XsPzXr0JJUQcUy587l+G7QYVoCwVgUKHevCRqtRlmnI6JrzWctQJPpAmWF4EF66QnWccdXUS+aVc0IKP0ORqmz8Nps4NWWVPjRRxeshl2XfFawWxGlgT4WJ0+qv/EDVPZQvNBrjFvY5QBAaU08Nnkg6QzehlwD4/zQQMFiDjMb7sUuhXdq0vOK235QMhS4jtX7Sm2ki6mJdXrlErq9dIaqcoYuw9EtfajaM/NnGYIy97JUOrfztQTAwiuPgrc4DijpdR0QtvYK7NvefiJYcW+osmcv+FYM03kMXK9uGtM6KI44i27ZdsUFWTIHeiR1yBGUfP1ObFLLaNx5E42jSA77RLF8BSUaPbGgRv3OciACNftIKhAJrV4AZGvBbaUvAlzC8CryFAcRDgQwIVlXBJzChc7Rh9/V8I5342Tq7xMmzBQ2WcQdqZ9Q== root@galatea";
 
+  optimus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqYbbWy3WWtxvD96Hx+RfTx7fJPPirIEa5bOvUILi9r root@optimus";
 
   systems = [
     agentjones
     ash
-    galatea
-    vendetta
-    vigil
 
     silver_homelab
   ];
+
+  dns = [
+    vendetta
+    vigil
+  ];
+
+  # these need dns stuff
+  webservers = [
+    galatea
+    optimus
+  ];
+
 in
 {
   # nix run github:ryantm/agenix -- -e secret1.age
 
-  "dns_certs.secret.age".publicKeys = users ++ systems;
-  "dns_dnskeys.conf.age".publicKeys = users ++ systems;
+  "dns_certs.secret.age".publicKeys = users ++ webservers;
+  "dns_dnskeys.conf.age".publicKeys = users ++ dns;
 
-  "stream_ulfm.age".publicKeys = users ++ systems;
+  "stream_ulfm.age".publicKeys = users ++ [galatea];
 
 }
\ No newline at end of file
diff --git a/secrets/stream_ulfm.age b/secrets/stream_ulfm.age
index 39531ef..e7aa045 100644
Binary files a/secrets/stream_ulfm.age and b/secrets/stream_ulfm.age differ