diff --git a/clan.nix b/clan.nix
index fa65e3a..92e13a2 100644
--- a/clan.nix
+++ b/clan.nix
@@ -51,6 +51,19 @@
 
       roles.controller.machines."m1" = {};
     };
+    
+    k3s = {
+      module = {
+        name = "@amarth/k3s";
+        input = "amarth";
+      };
+
+      roles.server.machines."c1" = {};
+      
+      roles.agent.machines."c2" = {};
+      roles.agent.machines."c3" = {};
+>>>>>>> 81bc14dcb9b649451939a01d3828ca4c170dc897
+    };
   };
 
   # Additional NixOS configuration can be added here.
diff --git a/sops/machines/c1/key.json b/sops/machines/c1/key.json
old mode 100755
new mode 100644
diff --git a/sops/machines/c2/key.json b/sops/machines/c2/key.json
old mode 100755
new mode 100644
diff --git a/sops/machines/c3/key.json b/sops/machines/c3/key.json
old mode 100755
new mode 100644
diff --git a/sops/machines/m1/key.json b/sops/machines/m1/key.json
old mode 100755
new mode 100644
diff --git a/sops/secrets/zitadel_inital_password/secret b/sops/secrets/zitadel_inital_password/secret
new file mode 100644
index 0000000..a4eec86
--- /dev/null
+++ b/sops/secrets/zitadel_inital_password/secret
@@ -0,0 +1,15 @@
+{
+	"data": "ENC[AES256_GCM,data:goNAmzE7VSnSeW3VmCg8ZM6iq66WN2Lo8UqSTN3t9rbmqm0L+Ho8SqfqiKX7gCrid1A=,iv:fgU2T94TRRH00GcLtUc6/TaTv/HyvZrOok5zrBFpyoI=,tag:lJr/KUSVupAwI1/Cp/er5A==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsMUQ5VkRnT3BtYlMvUVYx\nOEwrUjF4dUQxRU93ZkE0RUl5YlFRa29veVJzCjlLOGNGWEw0Sm5RaFFDekNhL1Ft\nY3NwNjZIRHpmMGVPU3FiS0VOVlV5WlUKLS0tIEQvc21HaER3VUQ2ZE5LdjREdFVo\nek95a3kwTWVLODJPRE5NM2paamZ1UHcKcdPkfgbrFOepolCt8Z/Qcd2FyUDHuDlG\nKLKqzwu5ieWk7A3BQ3Q03on5WYLhbY51PxAIDFbQzOgBSrcP7R52RQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2025-09-15T09:17:20Z",
+		"mac": "ENC[AES256_GCM,data:x58lVbUftxLT27hsSNSjX7Oy55W7UXiaLa4uQA4o+wxH4JlPR75sa/UGOVhufQoEi4hOPc/9b4kDt9jEasNJpdCaUrtsstfe69ZpWtCrnfZMAywlplKofRzMuxbvJHlU8Wn+gGll5BFz400fJMq2qPDLhVEo4eUzcX/RqDGymC0=,iv:BdkvmpEdMmTMkxbs+yvHxZWUgxf8flqhkjSitUlU3CU=,tag:usXzrIPEwKrQFs3vL/Ss4g==,type:str]",
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.10.2"
+	}
+}
diff --git a/sops/users/chris/key.json b/sops/users/chris/key.json
old mode 100755
new mode 100644
diff --git a/vars/per-machine/c1/k3s-ip/ip_v4/value b/vars/per-machine/c1/k3s-ip/ip_v4/value
new file mode 100644
index 0000000..7b9ad53
--- /dev/null
+++ b/vars/per-machine/c1/k3s-ip/ip_v4/value
@@ -0,0 +1 @@
+127.0.0.1
diff --git a/vars/per-machine/c1/k3s-ip/ip_v6/value b/vars/per-machine/c1/k3s-ip/ip_v6/value
new file mode 100644
index 0000000..20e29b1
--- /dev/null
+++ b/vars/per-machine/c1/k3s-ip/ip_v6/value
@@ -0,0 +1 @@
+::1
diff --git a/vars/per-machine/c1/k3s-token/token/secret b/vars/per-machine/c1/k3s-token/token/secret
new file mode 100644
index 0000000..0c21df6
--- /dev/null
+++ b/vars/per-machine/c1/k3s-token/token/secret
@@ -0,0 +1,15 @@
+{
+	"data": "ENC[AES256_GCM,data:KAyQJfDtHcwT2MP+C74ovM1k5Rw1rEjF5LsyH2CjS1VBxbQ+ACen/qEDzGw5db15/NZW,iv:1HzHYAgHtcyQbJRN2BHK+DPhhIPTao2yJMSZTDWO5xQ=,tag:vUKOJTpv/y6pm6pzzfEfZw==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1dmZJNCtGeXNCTEp6T2Fq\nRmxsUHBVRmszT0RhdDUyckh1MHZhNUxkUTB3ClYxWnFOaWpocXBhY2EvbWJCaEVa\nQUR6cnBmajkySVo4dHdlTnl0NVJFQTQKLS0tIEQ3UW5ZUGVQckorWlpMSkovaGZt\nblJRaVd1NkkxLzJRT0o0Y1JPMlpwaW8KaqYT1lqsLjzRScgSapz+5anOGaS/SXPW\nzZkKQbYKa6ZmjOwuBJ2GBdni7iNSd7BGmZhyzgvs1h30kMLEkW2GtA==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2025-09-16T12:18:00Z",
+		"mac": "ENC[AES256_GCM,data:VD+Swc/5+f3vWHIoTBQmtiLc6GhEKX/suygfKJWpum3INnxCTvj4QXcGVc6Hzn5Yeat9tdiiXXcuu0F2zTcDjikGL167iuf6HlC1ASfBh/gt7yau5SiD0WYhouxZFo+b4FvnNv0sb4+JTGMSkOLdJD2h6UvA15iXe5vTS9+ZCq8=,iv:f4TZkVrriKxZBMcJLLtyR/RJ7vDtBOSx/stwoWV/A3A=,tag:JGIExjoT/zTj4NPEsJ+vBg==,type:str]",
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.10.2"
+	}
+}
diff --git a/vars/per-machine/c1/openssh/ssh.id_ed25519/machines/c1 b/vars/per-machine/c1/openssh/ssh.id_ed25519/machines/c1
deleted file mode 120000
index 01430a8..0000000
--- a/vars/per-machine/c1/openssh/ssh.id_ed25519/machines/c1
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../sops/machines/c1
\ No newline at end of file
diff --git a/vars/per-machine/c1/openssh/ssh.id_ed25519/users/chris b/vars/per-machine/c1/openssh/ssh.id_ed25519/users/chris
deleted file mode 120000
index 91b7741..0000000
--- a/vars/per-machine/c1/openssh/ssh.id_ed25519/users/chris
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../sops/users/chris
\ No newline at end of file
diff --git a/vars/per-machine/c1/root-password/password-hash/machines/c1 b/vars/per-machine/c1/root-password/password-hash/machines/c1
deleted file mode 120000
index 01430a8..0000000
--- a/vars/per-machine/c1/root-password/password-hash/machines/c1
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../sops/machines/c1
\ No newline at end of file
diff --git a/vars/per-machine/c1/root-password/password-hash/users/chris b/vars/per-machine/c1/root-password/password-hash/users/chris
deleted file mode 120000
index 91b7741..0000000
--- a/vars/per-machine/c1/root-password/password-hash/users/chris
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../sops/users/chris
\ No newline at end of file
diff --git a/vars/per-machine/c1/root-password/password/users/chris b/vars/per-machine/c1/root-password/password/users/chris
deleted file mode 120000
index 91b7741..0000000
--- a/vars/per-machine/c1/root-password/password/users/chris
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../sops/users/chris
\ No newline at end of file
diff --git a/vars/per-machine/c1/zerotier/zerotier-identity-secret/secret b/vars/per-machine/c1/zerotier/zerotier-identity-secret/secret
new file mode 100644
index 0000000..ecbf66f
--- /dev/null
+++ b/vars/per-machine/c1/zerotier/zerotier-identity-secret/secret
@@ -0,0 +1,19 @@
+{
+	"data": "ENC[AES256_GCM,data:aWunrs+Y0zsINHpVRHpBsj1loN3K4qP8rfWz4QY7DyteXQbCoomZuoc+OCJuQ8Y2VPDlc93shaRXcarnKTwztVZezfs09KazxALmwQmKzExY/4Fg2pnc8A18JKAY0PmSbcpKiMCUfwuD8XsAUPQ09aJQTBPPWOq23VDujlnQTO/waO/zaYhgOHw9QKFxknOL+Jyd2T9coB6aK8pkgOu65RbC5nlzS7noUGIVPA+5pi1y16p6f/1MibIV0oMO7+7Tgx8jKKESYbQUCuPqJUJsiMTEu6JXf25eLaHEmsPYTkaPYXda2bcAt4nA5DEq+vFhb3KYiSXbxoRp2phaozZSb4VgzqNUaoDCPwsn4bo7,iv:NPDB2pe++UNXjM3MQUvDMh4qDD072G+onboqGuZb4QU=,tag:QWByLe294QAqmH0HVsnGOQ==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age19cnepqj2xclqwgv9esldz3znsezxazz0599ctkn2t5znsvxjxdjqvnxl80",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUMGlzZzEzTTNhRzYrNG9Q\nMTFGNEtmVVdMRlNrellBb0diR2dTWmhYbURNCmR3bmE3VWkvd1EzRFRKQWRkT2g0\nd0dVUUtKTTlmL3YvTUdPZ0VKT1ZabVEKLS0tIGVteVFCNnVHS25VY3U3OUpCNHg3\nSUZaYU9iVWY1MXRqZjhRYTRIVUpqNWsKFjrxGe+1zGBQrJzfPrPyTX5cQ2aQs2V7\njMUY6l9/RmYhmHnvaTiEzKfBmJKBV284G2N3zLg3jORboYNe6gmU0A==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBZWdqaVpwZjVHMlNJbmFF\nSjF3ODNiNGVGMkZNUDFycVNQNGFpVDJvU21FCmdML1VMMzFYcHd2Rk0vMUg1Uzg5\neEVhUW1FNWVzeHZlWldLQ1kxcmlyYzAKLS0tIEhMdkYwOHo0b2E2OS9RekY4a3c1\naW1uTklBQVgxdHYxYzRhbjVTRXBxNUEK7szc1EoEfLP7w5KM8p+Nt/zxNm/Zih7r\nyjMWJ8upJ3baL6fCJAwI8DhBQy3WenQKHXp4g2cH2AUxOnYk1jaPIA==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2025-09-16T12:11:44Z",
+		"mac": "ENC[AES256_GCM,data:bbZVtnTwkWC+9w/zM6FfAr42wmsm0ymDBmtc4ZGCDtsizMYKB955B4XG0jI8oavyv4HxPZo/XETo7Eo30T6LpGge0qQ53ZMygYP/xIsM9vwF8rk8f1qNGfNAUDYSBk95Fe5/l9YzCRwZunGw0Dz427VeSJnKLXPjYdvGctWlowM=,iv:DGMxTXhNHgoLI+8E6SaKbALwqsq68A/qXhqTmqRYvdE=,tag:6iSUxFnE1lb7kTc3+VTewQ==,type:str]",
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.10.2"
+	}
+}
diff --git a/vars/per-machine/c1/zerotier/zerotier-ip/value b/vars/per-machine/c1/zerotier/zerotier-ip/value
new file mode 100644
index 0000000..62c0836
--- /dev/null
+++ b/vars/per-machine/c1/zerotier/zerotier-ip/value
@@ -0,0 +1 @@
+fd03:2623:9523:e639:2899:933b:7273:40e9
\ No newline at end of file
diff --git a/vars/per-machine/c2/openssh/ssh.id_ed25519/machines/c2 b/vars/per-machine/c2/openssh/ssh.id_ed25519/machines/c2
deleted file mode 120000
index 42c1f4d..0000000
--- a/vars/per-machine/c2/openssh/ssh.id_ed25519/machines/c2
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../sops/machines/c2
\ No newline at end of file
diff --git a/vars/per-machine/c2/openssh/ssh.id_ed25519/users/chris b/vars/per-machine/c2/openssh/ssh.id_ed25519/users/chris
deleted file mode 120000
index 91b7741..0000000
--- a/vars/per-machine/c2/openssh/ssh.id_ed25519/users/chris
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../sops/users/chris
\ No newline at end of file
diff --git a/vars/per-machine/c2/root-password/password-hash/machines/c2 b/vars/per-machine/c2/root-password/password-hash/machines/c2
deleted file mode 120000
index 42c1f4d..0000000
--- a/vars/per-machine/c2/root-password/password-hash/machines/c2
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../sops/machines/c2
\ No newline at end of file
diff --git a/vars/per-machine/c2/root-password/password-hash/users/chris b/vars/per-machine/c2/root-password/password-hash/users/chris
deleted file mode 120000
index 91b7741..0000000
--- a/vars/per-machine/c2/root-password/password-hash/users/chris
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../sops/users/chris
\ No newline at end of file
diff --git a/vars/per-machine/c2/root-password/password/users/chris b/vars/per-machine/c2/root-password/password/users/chris
deleted file mode 120000
index 91b7741..0000000
--- a/vars/per-machine/c2/root-password/password/users/chris
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../sops/users/chris
\ No newline at end of file
diff --git a/vars/per-machine/c3/openssh/ssh.id_ed25519/machines/c3 b/vars/per-machine/c3/openssh/ssh.id_ed25519/machines/c3
deleted file mode 120000
index 4115c15..0000000
--- a/vars/per-machine/c3/openssh/ssh.id_ed25519/machines/c3
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../sops/machines/c3
\ No newline at end of file
diff --git a/vars/per-machine/c3/openssh/ssh.id_ed25519/users/chris b/vars/per-machine/c3/openssh/ssh.id_ed25519/users/chris
deleted file mode 120000
index 91b7741..0000000
--- a/vars/per-machine/c3/openssh/ssh.id_ed25519/users/chris
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../sops/users/chris
\ No newline at end of file
diff --git a/vars/per-machine/c3/root-password/password-hash/machines/c3 b/vars/per-machine/c3/root-password/password-hash/machines/c3
deleted file mode 120000
index 4115c15..0000000
--- a/vars/per-machine/c3/root-password/password-hash/machines/c3
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../sops/machines/c3
\ No newline at end of file
diff --git a/vars/per-machine/c3/root-password/password-hash/users/chris b/vars/per-machine/c3/root-password/password-hash/users/chris
deleted file mode 120000
index 91b7741..0000000
--- a/vars/per-machine/c3/root-password/password-hash/users/chris
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../sops/users/chris
\ No newline at end of file
diff --git a/vars/per-machine/c3/root-password/password/users/chris b/vars/per-machine/c3/root-password/password/users/chris
deleted file mode 120000
index 91b7741..0000000
--- a/vars/per-machine/c3/root-password/password/users/chris
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../sops/users/chris
\ No newline at end of file
diff --git a/vars/per-machine/m1/openssh/ssh.id_ed25519/machines/m1 b/vars/per-machine/m1/openssh/ssh.id_ed25519/machines/m1
deleted file mode 120000
index 9be3644..0000000
--- a/vars/per-machine/m1/openssh/ssh.id_ed25519/machines/m1
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../sops/machines/m1
\ No newline at end of file
diff --git a/vars/per-machine/m1/openssh/ssh.id_ed25519/users/chris b/vars/per-machine/m1/openssh/ssh.id_ed25519/users/chris
deleted file mode 120000
index 91b7741..0000000
--- a/vars/per-machine/m1/openssh/ssh.id_ed25519/users/chris
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../sops/users/chris
\ No newline at end of file
diff --git a/vars/per-machine/m1/root-password/password-hash/machines/m1 b/vars/per-machine/m1/root-password/password-hash/machines/m1
deleted file mode 120000
index 9be3644..0000000
--- a/vars/per-machine/m1/root-password/password-hash/machines/m1
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../sops/machines/m1
\ No newline at end of file
diff --git a/vars/per-machine/m1/root-password/password-hash/users/chris b/vars/per-machine/m1/root-password/password-hash/users/chris
deleted file mode 120000
index 91b7741..0000000
--- a/vars/per-machine/m1/root-password/password-hash/users/chris
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../sops/users/chris
\ No newline at end of file
diff --git a/vars/per-machine/m1/root-password/password/users/chris b/vars/per-machine/m1/root-password/password/users/chris
deleted file mode 120000
index 91b7741..0000000
--- a/vars/per-machine/m1/root-password/password/users/chris
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../sops/users/chris
\ No newline at end of file
diff --git a/vars/per-machine/m1/zerotier/zerotier-identity-secret/machines/m1 b/vars/per-machine/m1/zerotier/zerotier-identity-secret/machines/m1
deleted file mode 120000
index 9be3644..0000000
--- a/vars/per-machine/m1/zerotier/zerotier-identity-secret/machines/m1
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../sops/machines/m1
\ No newline at end of file
diff --git a/vars/per-machine/m1/zerotier/zerotier-identity-secret/users/chris b/vars/per-machine/m1/zerotier/zerotier-identity-secret/users/chris
deleted file mode 120000
index 91b7741..0000000
--- a/vars/per-machine/m1/zerotier/zerotier-identity-secret/users/chris
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../sops/users/chris
\ No newline at end of file