diff --git a/modules/networking/ssh-keys.nix b/modules/networking/ssh-keys.nix
new file mode 100644
index 0000000..f55b087
--- /dev/null
+++ b/modules/networking/ssh-keys.nix
@@ -0,0 +1,58 @@
+{ config, lib, ... }:
+{
+  options.custom = {
+    sshKeys = lib.mkOption {
+      type = with lib.types; attrsOf str;
+      default = {
+        vili-bw-main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJowj9IJIgYjDwZm5mEttiwvPfu1dd4eVTHfaDnbwcOV";
+        cert-store = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKNhPvGogPY/O6kIqrpbz0EcK4L5QQShvD+vuyk7FxFd";
+        ci = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFgT2MGhvvJkWSNCfN0my/lNsTQtTV6+OcTHBSPVlGFA";
+        cache = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFgT2MGhvvJkWSNCfN0my/lNsTQtTV6+OcTHBSPVlGFA"; # Duplicate
+        forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG74oN4MnrCm/rm1WyYy7M7Lv1qMRgcy3sDCgj6YN2zE";
+        gaming = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM5HaiVVOfb8l19aVGG1CTkZ25G439Llg4aieZdKFzSq";
+        helium = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG3Feiu/KsAWubv6Lffnc38TK8q5quiHxUIWSyT+qEXU";
+        idacloud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGbOwFM599I7trhizhUe1ZpnXf8q4Uz3zgAnMCwwCf0K";
+        lithium = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRtE6KCyD6BFfzff9cuD2ZhEdPKEgp+WGsD0s81736J";
+        opnsense = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsctvJR4JOVoTAas0+lb8662EXFsQVNozTntnR7o5R1";
+        nextcloud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvVPRMrYsacSWyVSFFydgIB9vSiu5gKs7Pn+jipTGpV";
+        siit-dc = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCp67Rr03FH0DGhl6d2w/otBNaC5sI1y6rt5Gfi2tP6";
+        syncthing = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII8s/x8NcdOHPVcTSuVj+X9/J+qbuZEB792YaOG0CUzD";
+        vaultwarden = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII10aYyPOgpd+WAtgSyomH3sE6Cq54GftVm5xeC8KKlz";
+        zfs-backup = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWGvIc4sq+WzPqT2y003zga3StMgj7F8vwTjNkZ//d8";
+      };
+      description = "attrSet of SSH public keys";
+    };
+  };
+
+  config = {
+    programs.ssh.knownHosts =
+      (builtins.listToAttrs (
+        builtins.attrValues (
+          builtins.mapAttrs (
+            host: key:
+            lib.nameValuePair host {
+              extraHostNames = [
+                "${host}.sinerva.eu"
+                "${host}.vsinerva.fi"
+              ];
+              publicKey = key;
+            }
+          ) config.custom.sshKeys
+        )
+      ))
+      // {
+        "github.com/ed25519" = {
+          hostNames = [ "github.com" ];
+          publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
+        };
+        "github.com/nistp256" = {
+          hostNames = [ "github.com" ];
+          publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=";
+        };
+        "github.com/rsa" = {
+          hostNames = [ "github.com" ];
+          publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=";
+        };
+      };
+  };
+}
diff --git a/modules/roles/base.nix b/modules/roles/base.nix
index 63b2987..d0d7675 100644
--- a/modules/roles/base.nix
+++ b/modules/roles/base.nix
@@ -13,37 +13,12 @@
     };
     networking.guaPref = lib.mkOption {
       type = with lib.types; nullOr (strMatching "^[0-9a-zA-Z:]+$");
-      default = null;
+      default = "2001:14ba:a090:39";
       description = "IPv6 GUA Prefix to use in other confs";
     };
-    sshKeys = lib.mkOption {
-      type = with lib.types; attrsOf str;
-      default = { };
-      description = "attrSet of SSH public keys";
-    };
   };
 
   config = {
-    custom = {
-      networking.guaPref = "2001:14ba:a090:39";
-      sshKeys = {
-        vili-bw-main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJowj9IJIgYjDwZm5mEttiwvPfu1dd4eVTHfaDnbwcOV";
-        cert-store = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKNhPvGogPY/O6kIqrpbz0EcK4L5QQShvD+vuyk7FxFd";
-        ci = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFgT2MGhvvJkWSNCfN0my/lNsTQtTV6+OcTHBSPVlGFA";
-        forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG74oN4MnrCm/rm1WyYy7M7Lv1qMRgcy3sDCgj6YN2zE";
-        gaming = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM5HaiVVOfb8l19aVGG1CTkZ25G439Llg4aieZdKFzSq";
-        # TODO Helium
-        idacloud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGbOwFM599I7trhizhUe1ZpnXf8q4Uz3zgAnMCwwCf0K";
-        lithium = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRtE6KCyD6BFfzff9cuD2ZhEdPKEgp+WGsD0s81736J";
-        opnsense = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsctvJR4JOVoTAas0+lb8662EXFsQVNozTntnR7o5R1";
-        nextcloud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvVPRMrYsacSWyVSFFydgIB9vSiu5gKs7Pn+jipTGpV";
-        siit-dc = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCp67Rr03FH0DGhl6d2w/otBNaC5sI1y6rt5Gfi2tP6";
-        syncthing = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII8s/x8NcdOHPVcTSuVj+X9/J+qbuZEB792YaOG0CUzD";
-        vaultwarden = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII10aYyPOgpd+WAtgSyomH3sE6Cq54GftVm5xeC8KKlz";
-        zfs-backup = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWGvIc4sq+WzPqT2y003zga3StMgj7F8vwTjNkZ//d8";
-      };
-    };
-
     ######################################## Packages ###############################################
     environment.systemPackages = with pkgs; [
       tmux
diff --git a/modules/services/cert-store-server.nix b/modules/services/cert-store-server.nix
index 1be88e1..ce6785f 100644
--- a/modules/services/cert-store-server.nix
+++ b/modules/services/cert-store-server.nix
@@ -75,8 +75,6 @@ in
       ];
     };
 
-    services.openssh.knownHosts."forgejo.sinerva.eu".publicKey = config.custom.sshKeys.forgejo;
-
     environment.systemPackages = [ update-cert ];
 
     programs.git = {
diff --git a/modules/services/nix-cache-client.nix b/modules/services/nix-cache-client.nix
index 9bfe0d0..c3155d4 100644
--- a/modules/services/nix-cache-client.nix
+++ b/modules/services/nix-cache-client.nix
@@ -42,7 +42,6 @@ in
         max-jobs = lib.mkIf cfg.remoteBuilds.exclusive 0;
       };
     };
-    services.openssh.knownHosts."cache.sinerva.eu".publicKey = config.custom.sshKeys.ci;
 
     programs.ssh.extraConfig = ''
       Host cache.sinerva.eu
diff --git a/modules/services/nix-cache-server.nix b/modules/services/nix-cache-server.nix
index ffb937a..1847fe7 100644
--- a/modules/services/nix-cache-server.nix
+++ b/modules/services/nix-cache-server.nix
@@ -41,7 +41,7 @@ in
             keys.cert-store
             keys.forgejo
             keys.gaming
-            # TODO Helium
+            keys.helium
             keys.idacloud
             keys.lithium
             keys.nextcloud
diff --git a/modules/services/zfs-replication.nix b/modules/services/zfs-replication.nix
index 3bbaf49..0b130a7 100644
--- a/modules/services/zfs-replication.nix
+++ b/modules/services/zfs-replication.nix
@@ -17,6 +17,5 @@ in
       remoteFilesystem = "zroot/backups/${config.networking.hostName}";
       username = "root";
     };
-    services.openssh.knownHosts."zfs-backup.vsinerva.fi".publicKey = config.custom.sshKeys.zfs-backup;
   };
 }