diff --git a/configurations/nixos/infinitude-nixos/configuration.nix b/configurations/nixos/infinitude-nixos/configuration.nix
new file mode 100644
index 0000000..a537775
--- /dev/null
+++ b/configurations/nixos/infinitude-nixos/configuration.nix
@@ -0,0 +1,55 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  # Bootloader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "infinitude-nixos"; # Define your hostname.
+
+  # Enable networking
+  networking.networkmanager.enable = true;
+
+  # Set your time zone.
+  time.timeZone = "America/Toronto";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_CA.UTF-8";
+
+  services.openssh.enable = true;
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  # services.xserver.libinput.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.admin = {
+    isNormalUser = true;
+    description = "admin";
+    extraGroups = [ "networkmanager" "wheel" ];
+    packages = with pkgs; [
+      #  thunderbird
+    ];
+  };
+
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "25.05"; # Did you read the comment?
+
+}
diff --git a/configurations/nixos/infinitude-nixos/default.nix b/configurations/nixos/infinitude-nixos/default.nix
new file mode 100644
index 0000000..8c4eb29
--- /dev/null
+++ b/configurations/nixos/infinitude-nixos/default.nix
@@ -0,0 +1,21 @@
+{ flake, pkgs, lib, ... }:
+
+let
+  inherit (flake) inputs;
+  inherit (inputs) self;
+in
+{
+  nixos-unified.sshTarget = "admin@infinitude-nixos";
+
+  imports = [
+    inputs.agenix.nixosModules.default
+    ./configuration.nix
+    (self + /modules/nixos/shared/github-runner.nix)
+  ];
+
+  services.tailscale.enable = true;
+
+  # Workaround the annoying `Failed to start Network Manager Wait Online` error on switch.
+  # https://github.com/NixOS/nixpkgs/issues/180175
+  systemd.services.NetworkManager-wait-online.enable = false;
+}
diff --git a/configurations/nixos/infinitude-nixos/hardware-configuration.nix b/configurations/nixos/infinitude-nixos/hardware-configuration.nix
new file mode 100644
index 0000000..4b80bdd
--- /dev/null
+++ b/configurations/nixos/infinitude-nixos/hardware-configuration.nix
@@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ ];
+
+  boot.initrd.availableKernelModules = [ "virtio_pci" "xhci_pci" "usbhid" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-uuid/f1cf07bd-ef5a-4584-8fdf-348ac7ca8891";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    {
+      device = "/dev/disk/by-uuid/229C-1BE1";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [{ device = "/dev/disk/by-uuid/5afde2f2-cf66-416c-ae0f-3a84b56e13d4"; }];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}
diff --git a/flake.lock b/flake.lock
index 1f592b1..d515464 100644
--- a/flake.lock
+++ b/flake.lock
@@ -842,11 +842,11 @@
     },
     "nixos-unified": {
       "locked": {
-        "lastModified": 1751174231,
-        "narHash": "sha256-OLPo3ZI/gKH0C6P6l2W9RYm1ow/Jl4qBrasQ3rjAA0E=",
+        "lastModified": 1753730363,
+        "narHash": "sha256-IB+0W+n6cMnYwYjFGsJi7TIJA26pSaFhgzwmnmB9Pdc=",
         "owner": "srid",
         "repo": "nixos-unified",
-        "rev": "05eb3d59d3b48460ea01c419702d4fc0c3210805",
+        "rev": "e91aecaaa310065b067b946774660febc7f212a2",
         "type": "github"
       },
       "original": {
diff --git a/modules/nixos/shared/github-runner.nix b/modules/nixos/shared/github-runner.nix
index e08608b..e1b5e37 100644
--- a/modules/nixos/shared/github-runner.nix
+++ b/modules/nixos/shared/github-runner.nix
@@ -31,6 +31,7 @@ in
       "srid/emanote".num = 2;
       "srid/ema".num = 2;
       "srid/t".num = 1;
+      "srid/srid".num = 1;
       "srid/haskell-flake".num = 2;
       "srid/nixos-unified".num = 2;
     };
diff --git a/secrets/github-nix-ci/srid.token.age b/secrets/github-nix-ci/srid.token.age
index f82355c..48757b6 100644
--- a/secrets/github-nix-ci/srid.token.age
+++ b/secrets/github-nix-ci/srid.token.age
@@ -1,9 +1,12 @@
 age-encryption.org/v1
--> ssh-ed25519 96IXNQ KBrrdrg2WOOIHMYRGK6UcwUrPWvaVgmUuau5qsohQD4
-4XVlhSSb431o+4FFa/eFuCMcJeveh8b+F3XqVRYacng
--> ssh-ed25519 Ysxvmg aYxitWy7xeY3su7nXo1FV3UGfIGrvruO2+VPMbzK82I
-GbEFVAZXb2mdbg8GaesEeq6TJWkhi+c/cY3s3CATIyE
--> ssh-ed25519 HQ+y9w SpQmQIwViY75uPCIKK785/2QYv8piO6K8eg0548AvgM
-KatJYMrtpMTqGi5gtfQtwHzISA9FlQZAjWzliXcfFIc
---- fGYDeZ9VW8Zrh9UGPnlm8Ea1SjRtRDeeJNmBxSun6A4
-O4�a+�B�(��@I|�D��Sֿ5h�'х49-V|��CO��*Q/���F��b�1�a�I_�ݩ���3k�E���9�yU�����g�U��K�E�p�+_)��h�	��$.au1����ȍ
\ No newline at end of file
+-> ssh-ed25519 96IXNQ qxnWrc61w1kSBf3m7ofJWrTTdhrKSMmp9iW5y9RzdUU
+epgghGOuuMctx4uyYWrvN33tu4dL91E8VNxlMuvxw/g
+-> ssh-ed25519 Ysxvmg ZjHA3/xCKFO+sk9RGRXkfGcxixk4arKP6PlRnLKRqi0
+CJITJ6M4KRM5lH23O5kWY8qjs+WEZLe5OooaIa7LInE
+-> ssh-ed25519 HQ+y9w MyD/org+yNN0HhLh3GLG9PbCxIjffsMOxcJaQAmeThI
+jGFfuzJmA+AXgG9OI1c88TD4GHFA4C4GnzBPYlbvjQY
+-> ssh-ed25519 p0qplg dod6JyHjstJGo0LgxlG4z5zrca8qunco+UuFLYZUyxo
+cWZElzFjbZESN2tlbna76yn77qm6e1og7OhoLzYsqVc
+--- dD6aThNJBsJXoIS+6JbkIk1o3FJUbvjjjRwX6k3Riz0
+�
+�tJ�$u�b��|�G�����#b���ж春+���O�M���`���B�݈¡	�o(�!�w�t-�v�(�&�‚8ƴ�*;_�6�}I��uG����`U?g�:�7����L�� j�
\ No newline at end of file
diff --git a/secrets/hedgedoc.env.age b/secrets/hedgedoc.env.age
index 90af5fa..122e6b8 100644
Binary files a/secrets/hedgedoc.env.age and b/secrets/hedgedoc.env.age differ
diff --git a/secrets/pureintent-basic-auth.age b/secrets/pureintent-basic-auth.age
index 267e243..5cce440 100644
--- a/secrets/pureintent-basic-auth.age
+++ b/secrets/pureintent-basic-auth.age
@@ -1,10 +1,11 @@
 age-encryption.org/v1
--> ssh-ed25519 96IXNQ P3pVYQzSm77sy04g/Y2asjjTJnraXLO9rYfWWYqRfH4
-5TpD16U53+kC41MkRnjo1o3X210fRdH2pC9qUNDZBjY
--> ssh-ed25519 Ysxvmg A9A8coA49aRDhLDu6OmqDuur2eNq/YMl5jOqX4UrXAQ
-YxyXQW+VOFCTf5osrqx1iEsDIoSxXAkH4tyn9PRMnDw
--> ssh-ed25519 HQ+y9w 2eRoF4XuC227syIZ+t6+8lP77CbjHEXPt27GiZqUdRQ
-9mlHSj/XKOFbnyWc5cmvTwolqXPEZXEPMmC+dTO8BRc
---- nKy6Gb7HhzVDo2BoZJhxlqMWmbnXGhGyhpf5WOlMUkw
-6"��;����,����ԁbY�
b�:
-��I�r�zHT���m#��6���I���TT�KO�jhj��].���fp"����ud���V�_�:q:
mzI�
\ No newline at end of file
+-> ssh-ed25519 96IXNQ 0/NuV8hDzg51QcJGiwG0/baeBQc+W9h9q66AzEm+EnY
+V1xUVHQQmXo6YN+BF+ZCn9Ew+bcUqP0975JmvaiSY4o
+-> ssh-ed25519 Ysxvmg DxRnKZodptsoekhgqYHvRTmuDoqwsvzZ+lsXA2wU8U8
+lJxE8eCxkBCd5uHUSrOMywBgy0HQEekU5HEn9k7v6xE
+-> ssh-ed25519 HQ+y9w sjoTiMATKONmXTmEfmUEsURXxKOEnYS8K3wcTP6OEWU
+kmj2v92yAR8mo/5bL24GMJ9idN4DXPoBh41sGmJFu6U
+-> ssh-ed25519 p0qplg 1TuM1BqPK2U5prLL/zEel4nHLEtxud34aSslvCS1k1k
+PvnOGEDrQ0Mek3Z/VeHAcvhdurAN1RZxACiLsali6WQ
+--- 2AiI3tw705Kala8qEBWg0PIlXn+yOyeDns01nZ7YjGw
+����t�����u
#`=��U&S�p6C�E�:~v;b}��ӛ.'�T�-x�(;Þ|���\S�!�R�dWy��
���D��5�8�qA}*ѱZS
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index dfd5751..06c05df 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -4,7 +4,8 @@ let
 
   pureintent = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICkY5feaNt4elPqRQimB9h3OFxtFAzp98p1H+JezBv92 root@nixos";
   infinitude-macos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjg6aknmaXdQ/arHcTD+USFwCTsUGyJv9R1dXnejdby";
-  systems = [ pureintent infinitude-macos ];
+  infinitude-nixos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhLuTee/YS04uBhg9Zri5OKfQySoeUXxVVpz6xVUtB5";
+  systems = [ pureintent infinitude-macos infinitude-nixos ];
 in
 {
   "hedgedoc.env.age".publicKeys = users ++ systems;