diff --git a/class/desktop/compatibility.nix b/class/desktop/compatibility.nix
deleted file mode 100644
index 7d72476..0000000
--- a/class/desktop/compatibility.nix
+++ /dev/null
@@ -1,67 +0,0 @@
-{pkgs, ...}: {
-  environment.systemPackages = [
-    pkgs.appimage-run
-    pkgs.wineWowPackages.unstableFull
-  ];
-
-  services.envfs.enable = true;
-
-  programs.nix-ld = {
-    enable = true;
-    libraries = [
-      pkgs.alsa-lib
-      pkgs.atk
-      pkgs.at-spi2-atk
-      pkgs.at-spi2-core
-      pkgs.cairo
-      pkgs.cups
-      pkgs.curl
-      pkgs.dbus
-      pkgs.expat
-      pkgs.fontconfig
-      pkgs.freetype
-      pkgs.fuse
-      pkgs.fuse3
-      pkgs.gdk-pixbuf
-      pkgs.glib
-      pkgs.gtk3
-      pkgs.gtk4
-      pkgs.icu
-      pkgs.libappindicator
-      pkgs.libdrm
-      pkgs.libGL
-      pkgs.libglvnd
-      pkgs.libnotify
-      pkgs.libpulseaudio
-      pkgs.libunwind
-      pkgs.libusb1
-      pkgs.libuuid
-      pkgs.libxkbcommon
-      pkgs.libxml2
-      pkgs.mesa
-      pkgs.nspr
-      pkgs.nss
-      pkgs.openssl
-      pkgs.pango
-      pkgs.pipewire
-      pkgs.stdenv.cc.cc
-      pkgs.systemd
-      pkgs.vulkan-loader
-      pkgs.xorg.libX11
-      pkgs.xorg.libxcb
-      pkgs.xorg.libXcomposite
-      pkgs.xorg.libXcursor
-      pkgs.xorg.libXdamage
-      pkgs.xorg.libXext
-      pkgs.xorg.libXfixes
-      pkgs.xorg.libXi
-      pkgs.xorg.libxkbfile
-      pkgs.xorg.libXrandr
-      pkgs.xorg.libXrender
-      pkgs.xorg.libXScrnSaver
-      pkgs.xorg.libxshmfence
-      pkgs.xorg.libXtst
-      pkgs.zlib
-    ];
-  };
-}
diff --git a/class/desktop/default.nix b/class/desktop/default.nix
index 7896690..4532d4b 100644
--- a/class/desktop/default.nix
+++ b/class/desktop/default.nix
@@ -1,7 +1,6 @@
 {
   imports = [
     ./clipboard.nix
-    ./compatibility.nix
     ./docker.nix
     ./flatpak.nix
     ./fonts.nix
@@ -17,5 +16,7 @@
     ./printing.nix
     ./syncthing.nix
     ./users.nix
+    ./vm.nix
+    ./wine.nix
   ];
 }
diff --git a/class/desktop/vm.nix b/class/desktop/vm.nix
new file mode 100644
index 0000000..d923a08
--- /dev/null
+++ b/class/desktop/vm.nix
@@ -0,0 +1,4 @@
+{
+  virtualisation.libvirtd.enable = true;
+  programs.virt-manager.enable = true;
+}
diff --git a/class/desktop/wine.nix b/class/desktop/wine.nix
new file mode 100644
index 0000000..632cc98
--- /dev/null
+++ b/class/desktop/wine.nix
@@ -0,0 +1,3 @@
+{pkgs, ...}: {
+  environment.systemPackages = [pkgs.wineWowPackages.stableFull];
+}
diff --git a/common/users.nix b/common/users.nix
index b56b3c7..b1fdbee 100644
--- a/common/users.nix
+++ b/common/users.nix
@@ -11,10 +11,7 @@
       lukas = {
         isNormalUser = true;
         hashedPasswordFile = config.age.secrets.user-lukas.path;
-        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4U9RzV/gVGBfrCOye7BlS11g5BS7SmuZ36n2ZIJyAX lukas@glacier"
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAztZgcRBHqX8Wb2nAlP1qCKF205M3un/D1YnREcO7Dy lukas@flamingo"
-        ];
+        openssh.authorizedKeys.keys = builtins.attrValues (import ../pubkeys.nix).users;
         extraGroups = ["wheel" "networkmanager" "gamemode"];
         linger = true;
       };
diff --git a/pubkeys.nix b/pubkeys.nix
new file mode 100644
index 0000000..837ec24
--- /dev/null
+++ b/pubkeys.nix
@@ -0,0 +1,23 @@
+let
+  users = {
+    "lukas@flamingo" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAztZgcRBHqX8Wb2nAlP1qCKF205M3un/D1YnREcO7Dy";
+    "lukas@glacier" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4U9RzV/gVGBfrCOye7BlS11g5BS7SmuZ36n2ZIJyAX";
+  };
+
+  hosts = {
+    glacier = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHrKpoDV/ImivtTZVbSsQ59IbGYVvSsKls4av2Zc9Nk8";
+    abacus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHoUgClpkOlBEffQOb9KkVn970RwnIhU0OiVr7P2WVzg";
+    vessel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKkYcOb1JPNLTJtob1TcuC08cH9P2APAhLR26RYd573d";
+    flamingo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIInV+UpCZhoTwgkgnCzCPEu3TD5b5mu6tagRslljrFJ/";
+  };
+in  {
+  inherit users hosts;
+
+  desktops = {
+    inherit (hosts) glacier flamingo;
+  };
+
+  servers = {
+    inherit (hosts) abacus vessel;
+  };
+}
diff --git a/secrets/mail-lukas.age b/secrets/mail-lukas.age
index 097c9e0..46f32f4 100644
--- a/secrets/mail-lukas.age
+++ b/secrets/mail-lukas.age
@@ -1,9 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 SFHVrw LiDCAhLHNnb0AbtKaSxP32Erwaqpm9rkVqqTYsg7VX4
-rgZBcTW88Zynex2AWXHpJ5VdlLAe3MtNN4vRhV03/yw
--> ssh-ed25519 S+dwQQ b1tjzc5ipNB1O5+sj+NTdPquv842V1SNfVLwlhllpmo
-q0KI/Rb1D359bRSsrwJrG0Sfy7YFe1y2qZZY6e5SySE
--> ssh-ed25519 ffmsLw OLoQCT99w3kM1wyzCWGeh6tO7fH46GbIzLSWJNxA+V8
-+hfzOs8JPE5/Paag/7PkIYmRG8ppJMouvxDcyyfrzv4
---- Q2ZHMtaw0pwEOOGBxnRRNzjfEbcQqzP82QNFPRgazGw
-°DŸ$|dtÚS³}NÙŠ{ß`vçÓb‘«Û†ºfÌÈ¡nü¤5””‹õˆßR*O@ŒÞ€Xw ‚óyÕ×–åj?Oë4b¸³Ô È÷©±Á]8N|+%
\ No newline at end of file
+-> ssh-ed25519 SFHVrw 9+APWz/u61v8zE6auzspntqrKNdCFb7fZPFMIdOBx0E
+KMMD8n0klfeMN41AHX7sgXOdjI4eCgODKpkaFBkiesQ
+-> ssh-ed25519 S+dwQQ nPqPcy5Ksk6W14xacleMie+mNKInhdlOcjtb3iEaSDU
+IB7VAISMPvD8goodgcahuCab5r59zD/O3fKAePLBKAc
+-> ssh-ed25519 ffmsLw Rf4/ibog+At3JqyvQkkXKAsmhkK6/8wWeMSrwsJzGSs
+To4HRcE12BiFQZp1z+dT9DiE24LxJdFVxYZUalstfgo
+--- dnS4XgHvGt9ZROAl+daSLO4VDj8ihnJenDNvfG43zFA
+›Ä•hƒqêËA#!ÞVÖ9T5Ó±KÓr¤uk¶t¬Ušªq\/W¶%ßFXó®R¶DYZx—ù+7SïwAQÛhÄrTz+8B>*üÑâ¬,»$+Efa…Al
\ No newline at end of file
diff --git a/secrets/nextcloud-lukas.age b/secrets/nextcloud-lukas.age
index dda3b74..2cb5aa7 100644
--- a/secrets/nextcloud-lukas.age
+++ b/secrets/nextcloud-lukas.age
@@ -1,9 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 SFHVrw jUO5Z4j1ADd4QMPziuvNDh0iUirvrV32Z1+xbnkoVks
-FJGle7Kr6knbPrgCg6Lk1ge+jV7Im4Z8FAmkQKlP6Ik
--> ssh-ed25519 S+dwQQ wKH3jZM/aruNPE5tYSROFGUdXw2o3lws76OvAXubhxk
-Jhv2kqxgHM26iuvDs0LTf4ahlaiRacN6wpH7iHuknF4
--> ssh-ed25519 ffmsLw kNKHrTEm4pFyC1r6Kjah3pl+0xnTuFt9ccha0uh0Z3Q
-bLP4RrHR5gUm2ZuFNcK2m6tnC24PiGdevnuNTQ9Kb0g
---- FznEfHzpAG79LYYxIBJYgCFeUrb9Tn9yS5wXfJVeeEU
-µ+³ß†cä8:vbT]4$\ƒ)Ð„ºš[T¯@W;”FfÏÌÂNâèFÖ’G
\ No newline at end of file
+-> ssh-ed25519 SFHVrw 6oAZL86Esb8hewQ6ylGb7k0RsQlJoQbwyHDB8cEiVH0
+TvD14WLXzxCvDb1/iWljWNgR+qF0yjwlSLZ06HoNh9I
+-> ssh-ed25519 S+dwQQ KoANzMyOZKHMFBg+nqblxAP+bWKGXceexVYUbExu80s
+kUIcinUKIvPuBlFgnPKIomq+yk9P8GnjsujM63+Hm68
+-> ssh-ed25519 ffmsLw Ad9EVWmpxhiAaREltE2J7APUn/NeNg9tw8vG8yeC3HU
+R26AmfZEq1Q0qKJ4npuQV5Yc/aIKJMiP68/Rd8l7lDg
+--- Y3yFHxXo16Z9hQVFdDut04ioZ0H4x4YUy/SBGn8+MWw
+[Œ@ƒ/õ1á¢¬Û[7RM,Bµ7A˜„_ÒiQõ'µ@ø<x“ØMø2Ò*
\ No newline at end of file
diff --git a/secrets/restic-vessel.age b/secrets/restic-vessel.age
index ba151dc..5e5bb1f 100644
Binary files a/secrets/restic-vessel.age and b/secrets/restic-vessel.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 056ce9d..4dc6efe 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,24 +1,4 @@
-let
-  users = {
-    "lukas@flamingo" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAztZgcRBHqX8Wb2nAlP1qCKF205M3un/D1YnREcO7Dy";
-    "lukas@glacier" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4U9RzV/gVGBfrCOye7BlS11g5BS7SmuZ36n2ZIJyAX";
-  };
-
-  hosts = {
-    glacier = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHrKpoDV/ImivtTZVbSsQ59IbGYVvSsKls4av2Zc9Nk8";
-    abacus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHoUgClpkOlBEffQOb9KkVn970RwnIhU0OiVr7P2WVzg";
-    vessel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKkYcOb1JPNLTJtob1TcuC08cH9P2APAhLR26RYd573d";
-    flamingo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIInV+UpCZhoTwgkgnCzCPEu3TD5b5mu6tagRslljrFJ/";
-  };
-
-  desktops = {
-    inherit (hosts) glacier flamingo;
-  };
-
-  servers = {
-    inherit (hosts) abacus vessel;
-  };
-in {
+with import ../pubkeys.nix; {
   "user-lukas.age".publicKeys = (builtins.attrValues users) ++ (builtins.attrValues hosts);
   "user-guest.age".publicKeys = (builtins.attrValues users) ++ (builtins.attrValues desktops);
   "mail-lukas.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
diff --git a/secrets/user-guest.age b/secrets/user-guest.age
index 63f9ff5..c517c72 100644
--- a/secrets/user-guest.age
+++ b/secrets/user-guest.age
@@ -1,12 +1,11 @@
 age-encryption.org/v1
--> ssh-ed25519 SFHVrw XwFbvZ91rDE2Ux6BOxWqa0tpmp9W93n6c15WewMd83g
-bHU1wwzxwEc2Ie6KcGBWhRv2IeQDKEtzWpRSujPvzLk
--> ssh-ed25519 S+dwQQ O9Nd+LXDcf7fP8xgqcmVpM44LEk1KaB8p9RHRfp+6Bw
-LOmhTxVX93XgM6lmr26MrNOMG2jf0ZAOAMiYR7KxRro
--> ssh-ed25519 d2fKsw 5jpAhGTQ7VqJrT7SWfaAudYrVtIFYRRv1R5FgL8FeCs
-rRJe5oiSVtjPBGTJOdgFTXOzld0SxKpqAtXz7hHgB6c
--> ssh-ed25519 US6ATA jol1HBmQUl3qjxLkSOZ17r9dqxu7lB/dDBqrccuq4Qk
-EyPFGHi1jI2fIRCourzGvvMJGQYsAjttEGiOUachi9Q
---- lhZyqOVkSJS/30/cyWdLTVNMltAIHYF4DOIyK32VR/0
-ò›¨500
-=0ëþôMÃKÇF¡ë<TEãtK$?üÀ/QÊ~/0i¦:è}Ò3×XlìP¼QåZe*ëŠçg8_|¥ËíHã0;ê³°'êpS3ðË¯V”)p_>Øu’
\ No newline at end of file
+-> ssh-ed25519 SFHVrw DCt2GZWNEMSghE2UN3bXoILlWnuJcwyC/NZeMq02CAc
++QUTcHu/7xuzWjwveWAlGvsI2cO47uGwR4BSvOLtjjs
+-> ssh-ed25519 S+dwQQ 6rAan8TWKoUaAhBHpNsMkVo2p+Lgz0ZoQmxFEaNTSHU
+PdiHcuv08y1iOlaLFVpSwd3Hhf2eVkhmAk+ERUgQcck
+-> ssh-ed25519 d2fKsw JVyjUdSyNjZwm+YT6ADU9NdtdB/b4BRXvNeY1Rf3j2E
+vMSNQGFCbIsK+QvurnxSk+bOhGAT0auQGUGi61Xu718
+-> ssh-ed25519 US6ATA 1P9NLhIOtAfIDoPkFhvcXKmABtKeT/DwcnpAKnZOFm8
+E4JXWldgwLJpVHObEL8x5WILVyXCwCzM3KUwtkitG6w
+--- b838whGkA7DIZ58mqtWg/LYmXwSNNDBTLuRcsSwXQWg
+ðGQßÿhÜtà‰YP6xŸ	¿[ôõ)YUgêáy¾ŒgÒ´‘¹WÄ¥ºÿÏ‹iî¢LiákÏŸÀ;”Œâý¼‡V¥/EU²ÑDKU®meÅ³¡™¾„ïcÀ„o[öàìêCOí¾‹ë
\ No newline at end of file
diff --git a/secrets/user-lukas.age b/secrets/user-lukas.age
index 46e44f4..2a3f5bd 100644
--- a/secrets/user-lukas.age
+++ b/secrets/user-lukas.age
@@ -1,17 +1,16 @@
 age-encryption.org/v1
--> ssh-ed25519 SFHVrw RbCDTFm8etGA6wAA26l52Ezrj5g151L/uYmkCC57rh0
-az9uaQvCJy8ocB0ij+qmu1MayhkFYVK2NHvlB0+8RhA
--> ssh-ed25519 S+dwQQ xUmmLtRfmdxSWv9sU2OIgced3+hn6H2fvHxtlrThF3Q
-hr3tB+uqcv3JNBFyjf2O6xanN2hnlbCdHH5wLidcbfk
--> ssh-ed25519 ffmsLw NxXG3+tjYTxrAnZ/gIy/E08ozfSkl2GbUaaCAextd1E
-fKwGEIu4I1sczSvu2bsGcMZSkuYuO5gWFRyg1PoLfV4
--> ssh-ed25519 d2fKsw glKuNTvDZxE7SsxBKP+0P4Ldl/a4MwvpzwkgbqFNuEM
-8XqemFkix1MjVJm42fQ0vtWaxiFGZWOer+OoRaVLccg
--> ssh-ed25519 US6ATA J5l4UYEZVCUS4J69YTwEyTdFvPRoWlpp88iWgEEDe0Y
-ogUa74Vg22CN2zyDZzIoxUokMVPXzllfb1Vj53/CbmM
--> ssh-ed25519 Sm0lOA 5YoOeiPiEfqT9mWUTSUusm9h5CceeeCVJS1iofooTHw
-A47tIbHSaQzaxrBatwqQEE2JIa67sqMlstkDyWIuE7Q
---- QzbsNPZn7A5mPNUXOkkSZYt/mx/KrLiBHtI4wi2ynLE
-¨pç<GûÌþ¿è–ÅUlûäC&ux‡
-òÏFËä­éðKw“í7jv|¿·T\œ„ ¾®˜Äà	;R®ƒD¶—`ÂQ|\ˆë:
-v5ÑcõŸÆärDxáÔ«Š`à4#ñ,åè¦,Ï¬#óo•Ùkl²¢a¡Øtu*úËPÎÜée=6‰e®âS
\ No newline at end of file
+-> ssh-ed25519 SFHVrw Wu34V3CgoW7F6AlycCYTYS8V2BqzTiJEciHSmlYk3yY
+8PrJc2enz9lfjIZ19DnDWARp5bVc11H5xWzuzSQORYU
+-> ssh-ed25519 S+dwQQ QeMwBHRfGiAnVprkdWZvHxvZB2gfTI3L6L/A+LaA22U
+fI2BklLzA3oYtXD9ZJB7ckDIDZAzsGLXki1hsYDTe18
+-> ssh-ed25519 ffmsLw UxgpvU2hr7v4fVxPkakM+x/Gib7pgkOnAr0t9MtEMF8
+xBCEBjx++nBZVnmpOmQz8fjJNJhpqJO7RU6ApY0yUp8
+-> ssh-ed25519 d2fKsw zfmx5GJLF1xvvd9rnrtS28aCpLKtYzefXQ6ZBNKunSY
+a1//LH2PoCbKJXgMt2zxtNfv13GpP+Q9AgSitbPsi2c
+-> ssh-ed25519 US6ATA 6KqoDVREh7obNXYnpUW5rMfpYT3wLb3QwFZ03Ixe1Q8
+/F5qNiOBTgcjwjuwqU6T1s21AuaXVlpCg65AkSSaOuA
+-> ssh-ed25519 Sm0lOA GV5uqJ3ur7RDx+KyQbiDP94zJjBxDopOJoKPeS+Nino
+iQrxyMaKXcKk8pbbrrDNPXtX+kxifohBFNDDEa/bIWo
+--- /wyQ79QmsnO+louJTkcdUXx9+lZAu/dVJP03aFqKQ50
+Ý¸$ºœhS)/Þ”(¢ÉéÉ
+œ^3ÓÂá¹È“+>F¯ç#ðòÏVÓ5 }Ðo]æ)ÏX±3ópõf_BRtN‘îj2‡…™åÉéI&`Ò`žÓh’~µËNÜõ÷XÖ5ôdÏ5¢±ÓÕLõ¶ML©ŒÅ'­jé–(Ä—›G%T8ôÛRj>Ë
\ No newline at end of file
diff --git a/secrets/vaultwarden.age b/secrets/vaultwarden.age
index 516d531..faf5a6d 100644
Binary files a/secrets/vaultwarden.age and b/secrets/vaultwarden.age differ