diff --git a/modules/services/nix-build-farm/hosts.nix b/modules/services/nix-build-farm/hosts.nix
index 5b14d4b..8271634 100644
--- a/modules/services/nix-build-farm/hosts.nix
+++ b/modules/services/nix-build-farm/hosts.nix
@@ -1,4 +1,9 @@
 {
+  cloud = {
+    host = "cloud.tinc";
+    pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE87ddj0fTH0NuvJz0dT5ln7v7zbafXqDVdM2A4ddOb0 root@nki-personal-do";
+  };
+
   home = {
     host = "home.tinc";
     pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6N1uTxnbo73tyzD9X7d7OgPeoOpY7JmQaHASjSWFPI nki@kagamiPC";
diff --git a/nki-personal-do/configuration.nix b/nki-personal-do/configuration.nix
index 1e2b881..8d65ae4 100644
--- a/nki-personal-do/configuration.nix
+++ b/nki-personal-do/configuration.nix
@@ -12,6 +12,9 @@
     ../modules/cloud/conduit
     ../modules/cloud/gotosocial
 
+    # Encrypted DNS
+    ../modules/services/edns
+
     ./headscale.nix
     ./gitea.nix
     ./miniflux.nix
@@ -57,18 +60,15 @@
 
   services.do-agent.enable = true;
 
-  system.autoUpgrade = {
-    enable = true;
-    allowReboot = true;
-    flake = "github:natsukagami/nix-home#nki-personal-do";
-  };
-
   nix = {
     extraOptions = ''
       experimental-features = nix-command flakes
     '';
   };
 
+  nki.services.edns.enable = true;
+  nki.services.edns.ipv6 = true;
+
   # Secret management
   sops.defaultSopsFile = ./secrets/secrets.yaml;
   sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
@@ -81,6 +81,10 @@
   services.my-tinc.rsaPrivateKey = config.sops.secrets."tinc/rsa-private-key".path;
   services.my-tinc.ed25519PrivateKey = config.sops.secrets."tinc/ed25519-private-key".path;
 
+  sops.secrets."nix-build-farm/private-key" = { mode = "0400"; };
+  services.nix-build-farm.hostname = "home";
+  services.nix-build-farm.privateKeyFile = config.sops.secrets."nix-build-farm/private-key".path;
+
   # Set up traefik
   sops.secrets.cloudflare-dns-api-token = { owner = "traefik"; };
   sops.secrets.traefik-dashboard-users = { owner = "traefik"; };
diff --git a/nki-personal-do/secrets/secrets.yaml b/nki-personal-do/secrets/secrets.yaml
index 374f850..43e4aa3 100644
--- a/nki-personal-do/secrets/secrets.yaml
+++ b/nki-personal-do/secrets/secrets.yaml
@@ -40,6 +40,8 @@ invidious: ENC[AES256_GCM,data:pCRlBaHRJyOHj2t04V6DkGVAPuAc8hz+Sn24nQ3IvcXNIdaYi
 invidious-rotator-env: ENC[AES256_GCM,data:Q5c/sga+Nn0C7bKkTphob3tWNvKE1Zz0CIbXIayc73cfEsUgOIZdrm8BlAW7,iv:f0ccZsjNJ9UQCcfN/lZQdtxSg9ADFuykb8qw07c1xFI=,tag:4mUzgOHOE16FPhSTlbx+Rw==,type:str]
 peertube: ENC[AES256_GCM,data:YWySVZVTC26qPMcgSV5v4Vp1u69jGt7VV2ElQBSxvG/R589PCJRDgBqjjLBLMrrnP/wo6o6xNoyLCSfzMQYoFnM=,iv:97gNEJ84u4Mt5GTlVV29MNHUHQRkaMK47ULNUx+HTUE=,tag:LGVWeaTaSQ3GgaIpav66EA==,type:str]
 peertube-env: ENC[AES256_GCM,data:ZrWBwSfMuepIYTzHVCCSnpsXb+MTcOfklI0O/UdcGaR3RzO1R+/wXQcFlV46g9dvKLMOaH7bxrHeWxqPh/7hlPEYFYwlbwcX31MGiSeRyeR5YtVi0CmhiGRA3l8X5NMCpvZmNhnjYNuri/My86SMkjhuaFQ5+BjYISoJ5WnbNSqE9qgQKuJVu64hsOgaQQbmaBL/LU7Pv/vushbNg421kdbRnzCPcc3IzkVzsFsgYH2fdEJa3gE8M63eLn99PbA+e5cWEwGNkuoNuro2tnaMaX1PM6iTF+q0A8HbiEioNMRIdD9czatgF7EwKgCFNu44cm2lp/c5qj+Lm/nC,iv:+MjpreGr9M+Oe5DrDe5SIBKtLuIqtb0a50YvGhDZT2Y=,tag:gYGlMcgWwa1ZpbQb4XfMmQ==,type:str]
+nix-build-farm:
+    private-key: ENC[AES256_GCM,data:bYQ5TAHgJ8rZmmnp0ZW9pM3p6e2ewAqz9+clp2lDnvPsU/YHr/POSW+UESvulT0UDI8t5th71py2G4BG3z9PdPaWw2iSm6hW3VITYCGYvLbF2yK6anSkww0ilpjwm5NXKJLTiPehkAqsZlZsAxeYw5bF0+7JjeH9+49jLOXtGD0uFSf5M3wVZcObzSYsdGaNKGYkokBYeZii1tdwZvAuUKKZ1eOvDAz5v6hjqZA7brDWr5IZXNCqRZOdyGQ5g3UP4o5XFnl57d1RAmKPK9WaTCjbi0hMfms4zldqGeXTRDAhvqMH2w/BY7KvgIOr+aQelTvQbOciq+DaZbzNgdI5gqrSUA19EEL04Qu/gjoVGwMhZ7Lq9+yS2Lb+xdhmn/99sbcRjaRqqjgzHRvbyirPT9EuEAdrijyuZzY9kASv8LN/Q8cawRZNk2vf0M8Qzg0F7iw2kcDrf+dwdcyrrAbg2XDlGsFBckBcPKA44PkOPtFLHZRU9pSpd15rL1JIes6m2YX7AmJFP2+FA5WjXQoqF+CRhBVUWXaXAmcq,iv:7Uqnu2xEcHotczRzIcDfq9bM7wNXdz0Fg2HNpxlV1/Q=,tag:w5aLsT9LN92+83rdP2YJTg==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -73,8 +75,8 @@ sops:
             by9kZFlTRVdCZFkxYTVVb0RIRk8zUlkKCqMw9oL9RaYBV5Hhy3o8Nm5xmGrPH8Sd
             hv36sxRFFNZT/DCKaHaSRbT3mfpBZSTXJt1dgl4nZe6whH54t/1KmA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-06-11T20:55:31Z"
-    mac: ENC[AES256_GCM,data:IdpNGX3E2TwGnmHhc7HXPjBEaYC7jO1dnEHQGoVra+scnKO66nt6uD2wK91G2wvdp2ekkR4qnF9/NYbpOt2vbzyaZG0xMHTr1w1Y5oqxzbTUned9sWjpsL2lCHpg4FQ+dImim05N76Qcna7gC5Y9wyh78/eB177SJ5mTEnyZhwE=,iv:3kjluCoHIMEQOTuDJbQZJWl3BLWzp/UqcC8jmlkVyDE=,tag:nmqkhmqXKB5/LKX7RpQB6g==,type:str]
+    lastmodified: "2024-08-17T15:08:31Z"
+    mac: ENC[AES256_GCM,data:ejelcIHDYd7zbIJVw62fj4EcgR8ln/jm32QlaE7shYHwt9nJEsV0aWy9rqEjAm8Z0z3ruT4hR9M7aFkNICR9W20r54V0aRfJsp0txe9LeisAE4gXmVo3/+6pBGOUQNtFO+WaLqDwAGNvfr7IlQFXJyrkuOGe+HGVkhlx+UHxRDI=,iv:pI2xAfhajEWt4RjL2Cu3QPX8bgJn1/ew8ldz8E5Jej8=,tag:KJoia8X/FpaSbuXSDOjQAQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.9.0