diff --git a/flake.nix b/flake.nix
index 4ce5570..a4b4aeb 100644
--- a/flake.nix
+++ b/flake.nix
@@ -169,14 +169,18 @@
             (commonConfig {})
           ];
         };
-        "dragonwell" = nixpkgs.lib.nixosSystem {
-          system = "x86_64-linux";
-          modules = [
-            home-manager.nixosModules.home-manager
-            agenix.nixosModules.default
+      };
+      colmena = {
+        meta = {
+          nixpkgs = import nixpkgs {
+            system = "x86_64-linux";
+            overlays = overlays;
+          };
+        };
+        dragonwell = {
+          imports = [
             golink.nixosModules.default
             ./machines/dragonwell
-            (commonConfig {gui = false;})
           ];
         };
       };
@@ -187,6 +191,7 @@
       devShells.default = pkgs.mkShell {
         nativeBuildInputs = [
           agenix.packages.${system}.agenix
+          pkgs.colmena
         ];
       };
     });
diff --git a/justfile b/justfile
index 1c4d46b..0ca7c47 100644
--- a/justfile
+++ b/justfile
@@ -13,6 +13,10 @@ rebuild *args:
 switch *args:
 	@just rebuild switch {{args}}
 
+# Run colmena for remote deploy
+colmena node:
+	@nix run nixpkgs#colmena -- apply --on {{node}}
+
 # Update the flake
 update-flake:
 	@nix flake update
diff --git a/machines/dragonwell/caddy.nix b/machines/dragonwell/caddy.nix
index 619e604..ae2b77d 100644
--- a/machines/dragonwell/caddy.nix
+++ b/machines/dragonwell/caddy.nix
@@ -3,7 +3,7 @@
   lib,
   ...
 }: let
-  packages = ["tmpl" "git-age" "ffmd"];
+  packages = ["tmpl" "git-age" "ffmd" "kv"];
 in {
   services.caddy = {
     enable = true;
diff --git a/machines/dragonwell/default.nix b/machines/dragonwell/default.nix
index d413d27..64b23fe 100644
--- a/machines/dragonwell/default.nix
+++ b/machines/dragonwell/default.nix
@@ -1,7 +1,8 @@
 let
   username = "jolheiser";
+  key = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfKqCWtDlS3tgvfT6hQN+ii8UtabIZ+ZNmYN+bLwIa8PHOEW5MbfaqXSlhKkSi4+7SfQDCHphw0SMfhsQ4qMEcoywZ+4niDgKlQEVkl+S/VGbLuPe92NRStkyreZBLPr3Rh7ScNlGHcmHmoV9v7725fMnsMmabGVhpGO84PwNHOfJyv2tx2h6LxFbAV8S44UQu2lc8YLWCK2UvKuRnBerBXLnDQThUUX8UuCFzb786gQzD5XDU0MENbByxiy0XdVGAC+tFXEiSIgFZlFbFYyShgdTP9MzX2MOglEi+ae+1UIFncraW7ptUey7qHFJylpHWWWvE+GTwsg2G50i0FvFj jolheiser@jolheiser'';
 in {
-  imports = [./caddy.nix ./golink.nix ./hardware.nix ../common/nogui];
+  imports = [./caddy.nix ./golink.nix ./hardware.nix];
 
   boot.tmp.cleanOnBoot = true;
   zramSwap.enable = true;
@@ -18,12 +19,15 @@ in {
   services.openssh.enable = true;
   virtualisation.docker.enable = true;
 
-  users.users."${username}" = {
-    extraGroups = ["wheel" "docker" "storage"];
-    isNormalUser = true;
-    openssh.authorizedKeys.keys = [
-      ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfKqCWtDlS3tgvfT6hQN+ii8UtabIZ+ZNmYN+bLwIa8PHOEW5MbfaqXSlhKkSi4+7SfQDCHphw0SMfhsQ4qMEcoywZ+4niDgKlQEVkl+S/VGbLuPe92NRStkyreZBLPr3Rh7ScNlGHcmHmoV9v7725fMnsMmabGVhpGO84PwNHOfJyv2tx2h6LxFbAV8S44UQu2lc8YLWCK2UvKuRnBerBXLnDQThUUX8UuCFzb786gQzD5XDU0MENbByxiy0XdVGAC+tFXEiSIgFZlFbFYyShgdTP9MzX2MOglEi+ae+1UIFncraW7ptUey7qHFJylpHWWWvE+GTwsg2G50i0FvFj jolheiser@jolheiser''
-    ];
+  users.users = {
+    "${username}" = {
+      extraGroups = ["wheel" "docker" "storage"];
+      isNormalUser = true;
+      openssh.authorizedKeys.keys = [
+        key
+      ];
+    };
+    "root".openssh.authorizedKeys.keys = [key];
   };
 
   system.stateVersion = "22.11";
diff --git a/secrets/shared/ssh-config.age b/secrets/shared/ssh-config.age
index 6676608..bb10901 100644
Binary files a/secrets/shared/ssh-config.age and b/secrets/shared/ssh-config.age differ