diff --git a/assets/ssh.nix b/assets/ssh.nix
index 413daa9..c03bc8f 100644
--- a/assets/ssh.nix
+++ b/assets/ssh.nix
@@ -11,11 +11,13 @@
     kazuki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIImsFb9qRxX0n2Bmy00T8iPam+Fc3mgKkm7dfM7AQRHN nikodem@rabulinski.com";
     legion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILHX2MNGZGSTedYAepZHgcx+KK0A6ASulwSrpf9ytb5h nikodem@rabulinski.com";
     miyagi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEIf4Ypws+1v9WL9MibW1dELpa/7YixElaBE7S71jsTy nrabulinski@antmicro.com";
+    ude = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDm3M/i/4wP2BM4+9hHAOMospwvlBZ+FT+pJtVgaaMq nikodem@rabulinski.com";
   };
 
   system = {
     kazuki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEyYhYWDNmKSrpcslD3NzWW+lQmDcLJdjLh7CSkL4hW5 root@kazuki";
     legion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0Ktyj0FSn8KLRwRGd0Tp/qNUPXV7+XyxAsWGWdMYp8 root@legion";
     miyagi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILbUcsZrZgGHojG+1yVyNEW5Fgr7/7qNaWxOt+lFrJaD root@miyagi";
+    ude = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZW15ObZ6XG776pdEvs9yqSuIiWlbGveEVA774Ri9/o root@ude";
   };
 }
diff --git a/hosts/default.nix b/hosts/default.nix
index 17921d2..ecc6cdd 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -12,6 +12,7 @@
     ./legion
     # TODO: Custom installer ISO
     # ./installer
+    ./ude
   ];
 
   builders = let
diff --git a/hosts/ude/default.nix b/hosts/ude/default.nix
new file mode 100644
index 0000000..0840d56
--- /dev/null
+++ b/hosts/ude/default.nix
@@ -0,0 +1,30 @@
+{
+  configurations.nixos.ude = {
+    config,
+    modulesPath,
+    lib,
+    ...
+  }: {
+    imports = [
+      "${modulesPath}/profiles/qemu-guest.nix"
+      ./disks.nix
+    ];
+
+    nixpkgs.hostPlatform = "aarch64-linux";
+
+    boot = {
+      loader.systemd-boot.enable = true;
+      loader.systemd-boot.configurationLimit = 1;
+      loader.efi.canTouchEfiVariables = true;
+    };
+
+    common.hercules.enable = true;
+    services.hercules-ci-agent.settings.concurrentTasks = 6;
+
+    virtualisation.podman = {
+      enable = true;
+      dockerCompat = true;
+      defaultNetwork.settings.dns_enabled = true;
+    };
+  };
+}
diff --git a/hosts/ude/disks.nix b/hosts/ude/disks.nix
new file mode 100644
index 0000000..9b0d955
--- /dev/null
+++ b/hosts/ude/disks.nix
@@ -0,0 +1,47 @@
+args: let
+  bootDevice = args.bootDevice or "/dev/sda";
+in {
+  disko.devices = {
+    disk = {
+      vdb = {
+        type = "disk";
+        device = bootDevice;
+        content = {
+          type = "gpt";
+          partitions = {
+            esp = {
+              priority = 1;
+              start = "1M";
+              end = "128M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+            linux = {
+              size = "100%";
+              content = {
+                type = "btrfs";
+                extraArgs = ["-f"];
+                subvolumes = let
+                  mountOptions = ["compress=zstd" "noatime"];
+                in {
+                  "/root" = {
+                    mountpoint = "/";
+                    inherit mountOptions;
+                  };
+                  "/nix" = {
+                    mountpoint = "/nix";
+                    inherit mountOptions;
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/secrets/alert-nrab-lol-pass.age b/secrets/alert-nrab-lol-pass.age
index 7fa96b1..089369a 100644
Binary files a/secrets/alert-nrab-lol-pass.age and b/secrets/alert-nrab-lol-pass.age differ
diff --git a/secrets/alert-plain-pass.age b/secrets/alert-plain-pass.age
index 29341a2..6ec01da 100644
--- a/secrets/alert-plain-pass.age
+++ b/secrets/alert-plain-pass.age
@@ -1,9 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 ioPMHA GErPiwFO6TluW+/QapeT0BhWH2yVd54UfCsi5s8STm8
-/rOO0+oXHGnJ54PdgPSJ/UWeZm1Ibtptnz+tv6zhTLA
--> ssh-ed25519 GKhvwg MtNidti8d7qz3NERKPdoU0UtNj/SZp2htzXYB3NUMXM
-WKdKJtjfsWFgoO09wpw87JdOaGNqDpC9MRs7Fumfn/g
--> 'JP4o}-grease Thf
-jq5xoH6w3eDeGBGf1jKPCxEl
---- sI/u3P4XIpQOMPXhtCy4XqRo+FSi5IdUDNxw0S88gWc
-@ï;ÖÎ|U:B{ý…x3»§û!9A2‚Û€SÖúèNg#Ù‹Í‡r68ãS2‚
\ No newline at end of file
+-> ssh-ed25519 ioPMHA qqVh4A0E1AHAKWzkfGkJngMUdMc+HSxcKjyYQ2gaCAQ
+hKu0kGoC+DFFzhGI8hq0oiiRuKa0kiE1WqTjq5tfPt4
+-> ssh-ed25519 GKhvwg KBSfWjKPAhb+FmKet9HoUfcffcGvPvoM2eWWgysxWk8
+xhymHp+IWG6gH63U6dX9cSg7eIPD/Uhtj87cAS0vtfU
+-> @oU{zMr-grease
+tw95QJTmdroGQEQhYEGLUNBJTp6Zdytql07m8Cjt1OvnNdt5/A
+--- iM/8bokZsr5SDc73lZTloR/YpngXsy/mt1E89rNCmZI
+Kß“,{ÅGG ™Ù” ½3“ÈôF7(ÈÍôI0R,¤ƒêá!GìIl÷ýY[­ï
\ No newline at end of file
diff --git a/secrets/hercules-cache.age b/secrets/hercules-cache.age
index e7f01f6..3f8c310 100644
Binary files a/secrets/hercules-cache.age and b/secrets/hercules-cache.age differ
diff --git a/secrets/hercules-token.age b/secrets/hercules-token.age
index 92ded9f..e543469 100644
Binary files a/secrets/hercules-token.age and b/secrets/hercules-token.age differ
diff --git a/secrets/leet-nrab-lol-pass.age b/secrets/leet-nrab-lol-pass.age
index 5258560..263df90 100644
Binary files a/secrets/leet-nrab-lol-pass.age and b/secrets/leet-nrab-lol-pass.age differ
diff --git a/secrets/legion-niko-pass.age b/secrets/legion-niko-pass.age
index 9b9231d..1d226c2 100644
Binary files a/secrets/legion-niko-pass.age and b/secrets/legion-niko-pass.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 18f90ca..4cc0678 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -5,8 +5,8 @@ in {
   "alert-nrab-lol-pass.age".publicKeys = [keys.system.kazuki keys.other.bootstrap];
   "vault-cert-env.age".publicKeys = [keys.system.kazuki keys.other.bootstrap];
   # "bitwarden-env-file.age".publicKeys = [keys.system.kazuki keys.other.bootstrap];
-  "hercules-token.age".publicKeys = [keys.system.kazuki keys.system.legion keys.other.bootstrap];
-  "hercules-cache.age".publicKeys = [keys.system.kazuki keys.system.legion keys.other.bootstrap];
+  "hercules-token.age".publicKeys = [keys.system.kazuki keys.system.legion keys.system.ude keys.other.bootstrap];
+  "hercules-cache.age".publicKeys = [keys.system.kazuki keys.system.legion keys.system.ude keys.other.bootstrap];
   "alert-plain-pass.age".publicKeys = [keys.system.legion keys.other.bootstrap];
   "legion-niko-pass.age".publicKeys = [keys.system.legion keys.other.bootstrap];
 }
diff --git a/secrets/vault-cert-env.age b/secrets/vault-cert-env.age
index 3066029..2664b39 100644
--- a/secrets/vault-cert-env.age
+++ b/secrets/vault-cert-env.age
@@ -1,9 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 84j9mw vOJaWCNIGFgf6O0nTt+g1a5y5iKvMlr9nrpF1jTNGmM
-MxiliY7O3k0P47mYrmV6ovZu9+03JCCUvOe8Zu7gi34
--> ssh-ed25519 GKhvwg XSQNhU9xCPQu7iIcshQxncgqp37J8iS1H6FKDaChPTo
-uH8yhnQc184zK72pwwNod110/ehMiT/eWbHN894XThU
--> w>U?#&-grease <dWq wD?o*
-wMaIBnm2VLcz0dW+Hhv6
---- b4aPjwryeAsFAeNWUyMT1hI7G3yQinFIfoYfUxHk3s8
-µá|ý.os,!‡£$`#Ïçl)íˆ¹xè¡ûõO(L³,°eÈ¼ÇGñQi=m„ 6Ö1›¦#&îÙ©8dÄŠÛ”¥äC$5T"QÂ¼¯Ì‹þï
\ No newline at end of file
+-> ssh-ed25519 84j9mw iX2rMQ/L6p+pZO6HZWGk+LWuQzTbWrTMRHbAMONyMQI
+qwcUJ9BMDc4gaZS3voRtgZwuOqU7IeaOp1RMfmmeSMo
+-> ssh-ed25519 GKhvwg /O4i6P36CGqPwiHlV59QDlnZnE7mgz+u8wrt7hI6Z3M
+ytfwriyDoCROiePo8Ey+VETVPxd42ltj+8s91hRDWoM
+-> RB"-grease Ia=.
+J9xSMHsIpNTKbksUxqZM8M5bgJwxapjGp8VYKh7bXk8jH9nOhUuhrLA
+--- i3nJq19lE+kSfe3fzciLrZ0QOUT0ItuP62fXFBvnVrg
+]2•6ÚìÉF/á³!xlB¯M¸oN„p|«’J³o¹ŒÝÚ#c¿îÊª3\zÎ‘è»-1½’"4(ä”ìŽÁQÜ=øJJ¤c¹g°Y¾j þ
\ No newline at end of file
diff --git a/wrappers/default.nix b/wrappers/default.nix
index 01c477d..6b422ac 100644
--- a/wrappers/default.nix
+++ b/wrappers/default.nix
@@ -29,8 +29,10 @@
       ];
     };
   in {
-    packages = all-packages // {
-      inherit base-packages;
-    };
+    packages =
+      all-packages
+      // {
+        inherit base-packages;
+      };
   };
 }