diff --git a/flake.lock b/flake.lock
index 619d6fb..042d3cd 100644
--- a/flake.lock
+++ b/flake.lock
@@ -58,11 +58,11 @@
     "nix-secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1716151250,
-        "narHash": "sha256-EobYnFYGrF+gtUimpECPMOyYrBpPyuM6jx9SJZHHOAY=",
+        "lastModified": 1716153530,
+        "narHash": "sha256-riMwDwr4q5XbaE/Vd7FrYOrf9huJznTIPwemUqBPljw=",
         "ref": "refs/heads/master",
-        "rev": "e46f3dde6dba9b31fd6dfb8c105f011c53519ff8",
-        "revCount": 16,
+        "rev": "80e1cc126aeaaf1244b713407f12d69aa255b57d",
+        "revCount": 17,
         "type": "git",
         "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
       },
diff --git a/home/common/optional/sops.nix b/home/common/optional/sops.nix
index 377d693..ab1bb1b 100644
--- a/home/common/optional/sops.nix
+++ b/home/common/optional/sops.nix
@@ -18,5 +18,13 @@ in
     defaultSopsFile = "${secretsFile}";
     validateSopsFiles = false;
 
+    secrets = {
+      "ssh_keys/${username}@${hostname}/${username}@${hostname}-ssh-ed25519" = {
+        path = "${homeDirectory}/.ssh/ssh_host_ed25519_key";
+      };
+      "ssh_keys/${username}@${hostname}/${username}@${hostname}-ssh-ed25519.pub" = {
+        path = "${homeDirectory}/.ssh/ssh_host_ed25519_key.pub";
+      };
+    };
   };
 }
diff --git a/hosts/common/core/sops.nix b/hosts/common/core/sops.nix
index 0cdbe31..ac5bda1 100644
--- a/hosts/common/core/sops.nix
+++ b/hosts/common/core/sops.nix
@@ -2,6 +2,7 @@
 let
   secretsDirectory = builtins.toString inputs.nix-secrets;
   secretsFile = "${secretsDirectory}/secrets.yaml";
+  homeDirectory = "/home/${configVars.username}";
 in
 {
   imports = [
@@ -9,18 +10,13 @@ in
   ];
 
   sops = {
-    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
-
     defaultSopsFile = "${secretsFile}";
     validateSopsFiles = false;
 
-    secrets = {
-      "ssh_keys/deploy_key/deploy_key-ssh-ed25519" = {
-        path = "/etc/ssh/deploy_key-ssh-ed25519";
-      };
-      "ssh_keys/deploy_key/deploy_key-ssh-ed25519.pub" = {
-        path = "/etc/ssh/deploy_key-ssh-ed25519.pub";
-      };
+    age = {
+      sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+      keyFile = "/var/lib/sops-nix/key.txt";
+      generateKey = true;
     };
   };
 }
diff --git a/hosts/common/optional/openssh/default.nix b/hosts/common/optional/openssh/default.nix
index 3a6f875..85c5aab 100644
--- a/hosts/common/optional/openssh/default.nix
+++ b/hosts/common/optional/openssh/default.nix
@@ -17,11 +17,5 @@ in
     };
 
   };
-  programs.ssh.extraConfig = ''
-    Host git.bitlab21.com
-        IdentitiesOnly yes
-        StrictHostKeyChecking no
-        IdentityFile /etc/ssh/deploy_key-ssh-ed25519
-  '';
   networking.firewall.allowedTCPPorts = [ sshPort ];
 }
diff --git a/scripts/bootstrap.sh b/scripts/bootstrap.sh
index 3396a4f..584c888 100755
--- a/scripts/bootstrap.sh
+++ b/scripts/bootstrap.sh
@@ -13,19 +13,16 @@ read -p "Confirm host had been setup using the above steps...(yes|no): " confirm
 [ "$confirm" != "yes" ] && echo "Exiting" && exit 0
 
 # Target host details
-#cd ~
-#read -p "Enter hostname: " hostname
-#read -p "Enter username: " username
-#read -p "Enter ip address: " ip
-#read -p "Enter nixosSystem to build, e.g. 'bootstrap': " config
-hostname="sparky"
-ip="192.168.122.193"
-username="media"
-config=$hostname
-## Generate key name and dir
+cd ~
+read -p "Enter hostname: " hostname
+read -p "Enter username: " username
+read -p "Enter ip address: " ip
+read -p "Enter nixosSystem to build, e.g. 'bootstrap': " config
+
+# Generate key name and dir
 KEY_DIR="$HOME/keys/$hostname/"
 mkdir -p $KEY_DIR
-KEY_NAME="root@$hostname-ssh-ed25519"
+KEY_NAME="$username@$hostname-ssh-ed25519"
 
 # Delete key in known hosts if exists
 confirm_delete=""
@@ -33,27 +30,23 @@ KNOWN_HOSTS=$(grep "$ip" ~/.ssh/known_hosts)
 [ "$KNOWN_HOSTS" != "" ] && echo -e "Host found in: ~/.ssh/known_hosts\n\n$KNOWN_HOSTS\n" && read -p "Delete existing hosts from ~/.ssh/known_hosts? (yes|no) " confirm_delete
 [ "$confirm_delete" = "yes" ] && sed -i "/$ip/d" ~/.ssh/known_hosts 
 
-## Generate new keys for target host if none exists
-#echo "Creating ssh keys for new host."
-#overwrite=""
-#[ -f "$KEY_DIR/$KEY_NAME" ] && read -p "Target host key '$KEY_NAME' already exists, would you like to overwrite it? (yes|no) " overwrite
-#[  -z "$overwrite" ] || [ "$overwrite" == "yes" ] && ssh-keygen -t ed25519 -f "$KEY_DIR/$KEY_NAME" -C "$username@$hostname" -N ""
+# Generate new keys for target host if not exists
+echo "Creating ssh keys for new host."
+overwrite=""
+[ -f "$KEY_DIR/$KEY_NAME" ] && read -p "Target host key '$KEY_NAME' already exists, would you like to overwrite it? (yes|no) " overwrite
+[  -z "$overwrite" ] || [ "$overwrite" == "yes" ] && ssh-keygen -t ed25519 -f "$KEY_DIR/$KEY_NAME" -C "$username@$hostname" -N ""
 
 # Authorise source public key
 echo "Copying pubkey to target host"
 ssh-copy-id -i "$(readlink -f "$HOME/.ssh/ssh_host_ed25519_key.pub")" "root@$ip"
 
-## Copy deploy_key to target root for personal repo authorisation
-#scp -i "$(readlink -f "$HOME/.ssh/ssh_host_ed25519_key")" "$KEY_DIR/$KEY_NAME" "root@$ip:/etc/ssh/ssh_host_ed25519_key"
-#scp -i "$(readlink -f "$HOME/.ssh/ssh_host_ed25519_key")" "$KEY_DIR/$KEY_NAME.pub" "root@$ip:/etc/ssh/ssh_host_ed25519_key.pub"
-
-## Generate age key from target host public ssh key
-#echo "Generating age key from target host ssh key"
-#nix-shell -p ssh-to-age --run "cat $KEY_DIR/$KEY_NAME.pub | ssh-to-age > $KEY_DIR/age_key_$hostname"
-#[ $? != 0 ] && echo "Error generating age key" && exit 1
-#AGE_KEY=$(cat "$KEY_DIR/age_key_$hostname")
-#echo -e "Age key:\n$AGE_KEY\n"
-#echo "This key needs to be inserted into .sops.yaml file. This will be prompted again later."
+# Generate age key from target host public ssh key
+echo "Generating age key from target host ssh key"
+nix-shell -p ssh-to-age --run "cat $KEY_DIR/$KEY_NAME.pub | ssh-to-age > $KEY_DIR/age_key_$hostname"
+[ $? != 0 ] && echo "Error generating age key" && exit 1
+AGE_KEY=$(cat "$KEY_DIR/age_key_$hostname")
+echo -e "Age key:\n$AGE_KEY\n"
+echo "This key needs to be inserted into .sops.yaml file. This will be prompted again later."
 
 # Install Nixos to target
 cd "$HOME/nixos"
@@ -82,13 +75,9 @@ echo "$ip is now online and port 22 is open!"
 echo "Copying pubkey to target host"
 ssh-copy-id -i "$(readlink -f "$HOME/.ssh/ssh_host_ed25519_key.pub")" "$username@$ip"
 
-## Copy deploy_key to target root for personal repo authorisation
-#scp -i "$(readlink -f "$HOME/.ssh/ssh_host_ed25519_key")" "$(readlink -f "$HOME/.ssh/deploy_key-ssh-ed25519")" "root@$ip:/etc/ssh/deploy_key-ssh-ed25519"
-#scp -i "$(readlink -f "$HOME/.ssh/ssh_host_ed25519_key")" "$(readlink -f "$HOME/.ssh/deploy_key-ssh-ed25519.pub")" "root@$ip:/etc/ssh/deploy_key-ssh-ed25519.pub"
-#
-# Copy deploy_key to target user home for personal repo authorisation
-scp -i "$(readlink -f "$HOME/.ssh/ssh_host_ed25519_key")" "$(readlink -f "$HOME/.ssh/deploy_key-ssh-ed25519")" "$username@$ip:~/.ssh/deploy_key-ssh-ed25519"
-scp -i "$(readlink -f "$HOME/.ssh/ssh_host_ed25519_key")" "$(readlink -f "$HOME/.ssh/deploy_key-ssh-ed25519.pub")" "$username@$ip:~/.ssh/deploy_key-ssh-ed25519.pub"
+# Copy deploy_key to target for personal repo authorisation
+scp -i "$(readlink -f "$HOME/.ssh/ssh_host_ed25519_key")" "$(readlink -f "$HOME/.ssh/deploy_key-ssh-ed25519")" "media@$ip:~/.ssh/deploy_key-ssh-ed25519"
+scp -i "$(readlink -f "$HOME/.ssh/ssh_host_ed25519_key")" "$(readlink -f "$HOME/.ssh/deploy_key-ssh-ed25519.pub")" "media@$ip:~/.ssh/deploy_key-ssh-ed25519.pub"
 
 echo "Configuring target host ssh connection to enable connection to gitea repos:"
 read -r -d '' config << EOM
@@ -99,13 +88,6 @@ Host git.bitlab21.com
 EOM
 echo "$config" | ssh "$username@$ip" 'mkdir -p ~/.ssh/ && cat > ~/.ssh/config'
 
-# Generate age key from target host public ssh key
-echo "Generating age key from target host ssh key"
-TARGET_PUBKEY=$(ssh -i "$(readlink -f "$HOME/.ssh/ssh_host_ed25519_key")" "$username@$ip" "cat /etc/ssh/ssh_host_ed25519_key.pub")
-nix-shell -p ssh-to-age --run "echo $TARGET_PUBKEY | ssh-to-age > $KEY_DIR/age_key_$hostname"
-echo "$TARGET_PUBKEY" > "$KEY_DIR/$KEY_NAME.pub"
-AGE_KEY=$(cat "$KEY_DIR/age_key_$hostname")
-
 echo -e "
 Complete!
 
@@ -147,3 +129,5 @@ ssh -i "$(readlink -f "$HOME/.ssh/ssh_host_ed25519_key")" "$username@$ip" "nix-s
 
 echo "Successfully installed Nixos on the target host!"
 echo "Please remote into the new host and run 'sudo nixos-generate-config && cp /etc/nixos/hardware-configuration.nix /home/$username/nixos/hosts/$hostname/'"
+
+