diff --git a/users/myuser/secrets/user.nix.age b/users/myuser/secrets/user.nix.age
index 2357a46..7bc0bb9 100644
Binary files a/users/myuser/secrets/user.nix.age and b/users/myuser/secrets/user.nix.age differ
diff --git a/users/myuser/ssh.nix b/users/myuser/ssh.nix
index 7828eb6..8f07162 100644
--- a/users/myuser/ssh.nix
+++ b/users/myuser/ssh.nix
@@ -1,26 +1,8 @@
-{
+{config, ...}: {
   home.file.".ssh/yubikey.pub".text = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5Uq+CDy5Pmt3If5M6d8K/Q7HArU6sZ7sgoj3T521Wm";
   programs.ssh = {
     enable = true;
-    matchBlocks = {
-      "*" = {
-        identityFile = ["~/.ssh/yubikey.pub"];
-        identitiesOnly = true;
-      };
-      # TODO more from secrets nixosConfiguration.repo.secrets.global
-      meister = {
-        user = "root";
-        hostname = "meister.oddlama.org";
-      };
-      envoy = {
-        user = "root";
-        hostname = "94.130.104.236";
-      };
-      vm-base = {
-        user = "root";
-        proxyJump = "meister";
-        hostname = "172.16.0.01";
-      };
-    };
+    controlMaster = "yes";
+    inherit (config.userSecrets.ssh) matchBlocks;
   };
 }