diff --git a/hosts/sire/guests/grafana.nix b/hosts/sire/guests/grafana.nix
index fff12c5..78a68f7 100644
--- a/hosts/sire/guests/grafana.nix
+++ b/hosts/sire/guests/grafana.nix
@@ -29,7 +29,14 @@ in {
     group = "grafana";
   };
 
-  age.secrets.grafana-influxdb-token = {
+  age.secrets.grafana-influxdb-token-machines = {
+    generator.script = "alnum";
+    generator.tags = ["influxdb"];
+    mode = "440";
+    group = "grafana";
+  };
+
+  age.secrets.grafana-influxdb-token-home = {
     generator.script = "alnum";
     generator.tags = ["influxdb"];
     mode = "440";
@@ -45,8 +52,8 @@ in {
 
   nodes.sire-influxdb = {
     # Mirror the original secret on the influx host
-    age.secrets."grafana-influxdb-token-${config.node.name}" = {
-      inherit (config.age.secrets.grafana-influxdb-token) rekeyFile;
+    age.secrets."grafana-influxdb-token-machines-${config.node.name}" = {
+      inherit (config.age.secrets.grafana-influxdb-token-machines) rekeyFile;
       mode = "440";
       group = "influxdb2";
     };
@@ -54,7 +61,19 @@ in {
     services.influxdb2.provision.organizations.machines.auths."grafana machines:telegraf (${config.node.name})" = {
       readBuckets = ["telegraf"];
       writeBuckets = ["telegraf"];
-      tokenFile = nodes.sire-influxdb.config.age.secrets."grafana-influxdb-token-${config.node.name}".path;
+      tokenFile = nodes.sire-influxdb.config.age.secrets."grafana-influxdb-token-machines-${config.node.name}".path;
+    };
+
+    age.secrets."grafana-influxdb-token-home-${config.node.name}" = {
+      inherit (config.age.secrets.grafana-influxdb-token-home) rekeyFile;
+      mode = "440";
+      group = "influxdb2";
+    };
+
+    services.influxdb2.provision.organizations.machines.auths."grafana home:home_assistan (${config.node.name})" = {
+      readBuckets = ["home_assistant"];
+      writeBuckets = ["home_assistant"];
+      tokenFile = nodes.sire-influxdb.config.age.secrets."grafana-influxdb-token-home-${config.node.name}".path;
     };
   };
 
@@ -177,11 +196,22 @@ in {
           access = "proxy";
           url = "https://${sentinelCfg.networking.providedDomains.influxdb}";
           orgId = 1;
-          secureJsonData.token = "$__file{${config.age.secrets.grafana-influxdb-token.path}}";
+          secureJsonData.token = "$__file{${config.age.secrets.grafana-influxdb-token-machines.path}}";
           jsonData.version = "Flux";
           jsonData.organization = "machines";
           jsonData.defaultBucket = "telegraf";
         }
+        {
+          name = "InfluxDB (home_assistant)";
+          type = "influxdb";
+          access = "proxy";
+          url = "https://${sentinelCfg.networking.providedDomains.influxdb}";
+          orgId = 1;
+          secureJsonData.token = "$__file{${config.age.secrets.grafana-influxdb-token-home.path}}";
+          jsonData.version = "Flux";
+          jsonData.organization = "home";
+          jsonData.defaultBucket = "home_assistant";
+        }
         {
           name = "Loki";
           type = "loki";
diff --git a/hosts/sire/guests/influxdb.nix b/hosts/sire/guests/influxdb.nix
index e5465ef..f937e4c 100644
--- a/hosts/sire/guests/influxdb.nix
+++ b/hosts/sire/guests/influxdb.nix
@@ -133,6 +133,7 @@ in {
         tokenFile = config.age.secrets.influxdb-admin-token.path;
       };
       organizations.machines.buckets.telegraf = {};
+      organizations.home.buckets.home_assistant = {};
     };
   };
 
diff --git a/hosts/zackbiene/README.md b/hosts/zackbiene/README.md
deleted file mode 100644
index 021ccb4..0000000
--- a/hosts/zackbiene/README.md
+++ /dev/null
@@ -1,7 +0,0 @@
-# First Setup
-
-- Install Tow-Boot (version 006 is broken, currently used 005) to SPI flash to be able to use UEFI. <3
-
-- In HomeAssistant, MQTT integration needs to be added
-  manually, and the mqtt connection details must be entered
-  localhost:1883, user=home_assistant, pass=<see corresponding secret file>
diff --git a/hosts/zackbiene/home-assistant.nix b/hosts/zackbiene/home-assistant.nix
index ee5f97e..44ff4e9 100644
--- a/hosts/zackbiene/home-assistant.nix
+++ b/hosts/zackbiene/home-assistant.nix
@@ -1,7 +1,8 @@
 {
-  lib,
   config,
+  lib,
   nodes,
+  pkgs,
   ...
 }: let
   homeDomain = "home.${config.repo.secrets.global.domains.me}";
@@ -77,11 +78,25 @@ in {
       webhook = {};
       zeroconf = {};
 
+      ### Components not from default_config
+
       backup = {};
       config = {};
       frontend = {
         #themes = "!include_dir_merge_named themes";
       };
+
+      influxdb = {
+        api_version = 2;
+        host = nodes.sentinel.config.networking.providedDomains.influxdb;
+        port = "443";
+        max_retries = 10;
+        ssl = true;
+        verify_ssl = true;
+        token = "!secret influxdb_token";
+        organization = "home";
+        bucket = "home_assistant";
+      };
     };
     extraPackages = python3Packages:
       with python3Packages; [
@@ -97,11 +112,41 @@ in {
 
   systemd.services.home-assistant = {
     preStart = lib.mkBefore ''
-      ln -sf ${config.age.secrets."home-assistant-secrets.yaml".path} ${config.services.home-assistant.configDir}/secrets.yaml
+      if [[ -e ${config.services.home-assistant.configDir}/secrets.yaml ]]; then
+        rm ${config.services.home-assistant.configDir}/secrets.yaml
+      fi
+      cat ${config.age.secrets."home-assistant-secrets.yaml".path} > ${config.services.home-assistant.configDir}/secrets.yaml
+
+      # Update influxdb token
+      INFLUXDB_TOKEN="$(cat ${config.age.secrets.hass-influxdb-token.path})" \
+        ${lib.getExe pkgs.yq-go} -i '.influxdb_token = strenv(INFLUXDB_TOKEN)' \
+        ${config.services.home-assistant.configDir}/secrets.yaml
+
       touch -a ${config.services.home-assistant.configDir}/{automations,scenes,scripts,manual}.yaml
     '';
   };
 
+  age.secrets.hass-influxdb-token = {
+    generator.script = "alnum";
+    mode = "440";
+    group = "hass";
+  };
+
+  nodes.sire-influxdb = {
+    # Mirror the original secret on the influx host
+    age.secrets."hass-influxdb-token-${config.node.name}" = {
+      inherit (config.age.secrets.hass-influxdb-token) rekeyFile;
+      mode = "440";
+      group = "influxdb2";
+    };
+
+    services.influxdb2.provision.organizations.machines.auths."home-assistant (${config.node.name})" = {
+      readBuckets = ["home_assistant"];
+      writeBuckets = ["home_assistant"];
+      tokenFile = nodes.sire-influxdb.config.age.secrets."hass-influxdb-token-${config.node.name}".path;
+    };
+  };
+
   nodes.ward-web-proxy = {
     services.nginx = {
       upstreams."home-assistant" = {
diff --git a/secrets/generated/sire-grafana/grafana-influxdb-token-home.age b/secrets/generated/sire-grafana/grafana-influxdb-token-home.age
new file mode 100644
index 0000000..98a8a61
--- /dev/null
+++ b/secrets/generated/sire-grafana/grafana-influxdb-token-home.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> X25519 MiVjKhmcPoryN213jpcDtwM82OG66AVVGHN/AL4H3EA
+y5NItWLZhVKgTrUDDU4euyOeB+9k33Gmguklx38csCY
+-> piv-p256 xqSe8Q A+IEiVKYZQoj1WIZupZdUWZ8m0Qi+7xd7DJIUd1TSXVc
+4MwF1yVTyoRp7QF6/rUpywEVpqS6lg8RZendWAMd5/U
+-> opvcX>!-grease omZ
+2xokmE8MrVzRcsPjTvovMN4+oENCc9I996b6ceiRbqATBHqghFofIyQlC+63BK9R
+zqsVYHsTj9xsHQ
+--- lsktZnNVUrWPii9QSAN8dCqFdqgNXqdPJpEL5NSlQtY
+üÈÁo>·äã›èæh«6¨ÝSJÙ§™ÑeðŸûÅ7?4Âþ×š°'?S)×i¿à!Q*Ó,ÿS••‘r$ Y¢ñÁå6¼ÌÓ×
\ No newline at end of file
diff --git a/secrets/generated/sire-grafana/grafana-influxdb-token-machines.age b/secrets/generated/sire-grafana/grafana-influxdb-token-machines.age
new file mode 100644
index 0000000..b9f686f
--- /dev/null
+++ b/secrets/generated/sire-grafana/grafana-influxdb-token-machines.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> X25519 8RST3xS+wVkBHfVo21d+fYDxjLyKAvm7YV2pdgTNmmA
+b03ClQlTW2I/qdUsqCse7WhbPhcj0s+g1WUlZ5SIxbA
+-> piv-p256 xqSe8Q A8lbeX/6k6fV+K2/YEiJJXWoXX9OLJ9tDIbO0qJPwRLg
+SjOddGF5dQbDxtmAAWuUmehieP7X5C9jj9CIalDSSxA
+-> -4gr-grease Dg3nr, bBf9!>h
+Kb0310cWQZGEZLpBI969WbCU3OT2hCJ7KzLA2PgDBnagP/x4aZS7MSEof9amXIrb
+jgyIAMySsC2ZjmGPYiNzFSUxZpsBK90NxFCNFpVgupAz6PtXMz4U3QDq3G4Hq37m
+JQ
+--- zYoy9Lc9etflU4gmc6qYzrwaPrvo8q6O6RvkKVb8iw0
+Ôá×ôkŽGJßñï–©µ7F„¿pµ‹n'Â¢çY gå8ô´=þå}zèÂAqí¥¦Ã©•×B2h3ª[„*'ñ€`,A†½ÿ©Xª¹å
\ No newline at end of file
diff --git a/secrets/generated/sire-grafana/grafana-influxdb-token.age b/secrets/generated/sire-grafana/grafana-influxdb-token.age
deleted file mode 100644
index cceb552..0000000
--- a/secrets/generated/sire-grafana/grafana-influxdb-token.age
+++ /dev/null
@@ -1,10 +0,0 @@
-age-encryption.org/v1
--> X25519 Bo6kBRQL230lQ3HcTc3AajPp/gw7PA8oTM8gYSg62y8
-o2VKru7J29Nk+pLPIIodPwIRT9dY8iemtPy/PDTaPDU
--> piv-p256 xqSe8Q AldXLqMr0qwEaKHsed9nLXLWyMs1GLAd7fDY+kwelRUW
-p1soq4J7A73ZgoUcQJknAHBo54sFVCaTZ+hirVjL9OE
--> g6z"P-grease (@ Y
-TM39Zea9KUhp85YkmHg7Qd069qelJ3rgHIW4MFHhAvRxGpTnq02uRlkUJC1KdOH3
-kkx0bXhb9ueJ5i0kvQYeURM6j6rIcFy0a4GZgH/QjjF/GDsx0Yj55SPYmfD/
---- ncrTYfKfUkwg2T6xI0dxf5+8qzNWpiUQirMn0G9/w80
-µôc×uÎË¢ÒpË+­Mç´lãƒâ—÷Hxž|ž§zDj\lz+?I2>`¦6lUÂLHq¦™¢Í€¿ªÙ9•Îæm¬ÛWÔëäæDïIäˆ,÷U„
\ No newline at end of file
diff --git a/secrets/generated/zackbiene/dhparams.pem.age b/secrets/generated/zackbiene/dhparams.pem.age
deleted file mode 100644
index e49ceb2..0000000
Binary files a/secrets/generated/zackbiene/dhparams.pem.age and /dev/null differ
diff --git a/secrets/generated/zackbiene/hass-influxdb-token.age b/secrets/generated/zackbiene/hass-influxdb-token.age
new file mode 100644
index 0000000..59a090b
Binary files /dev/null and b/secrets/generated/zackbiene/hass-influxdb-token.age differ
diff --git a/secrets/rekeyed/sire-grafana/aaf399ee7f5cf427ef41a2edf0a9b1e3-grafana-influxdb-token.age b/secrets/rekeyed/sire-grafana/aaf399ee7f5cf427ef41a2edf0a9b1e3-grafana-influxdb-token.age
deleted file mode 100644
index 613f0f6..0000000
--- a/secrets/rekeyed/sire-grafana/aaf399ee7f5cf427ef41a2edf0a9b1e3-grafana-influxdb-token.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 B7KO8w 8wCp1rYZS3lDaGRqUiTIUBpfcSA8vH1CddfRpcCmwFg
-F5t+bPiacZls0kXXmYlGditf0s1RiMcXSLl0nsSW+jI
--> C-,-grease <fcN F g
-GTedNm74HhMm
---- Y13a+/YSQ9MMjhRpfwVHQ0nphPG8qN4798HEgRVlovU
-mŽ§]ŠVºï^˜"²RÕ$ÏïÔâ÷•®±¿‘š¾J•ö±R©eiuH9pfÀ‚SFFa·Ò˜X{¿åQ¿‰ž&ìð¶ª+ÃÖ…ÅKœ
\ No newline at end of file
diff --git a/secrets/rekeyed/sire-grafana/b7cdee9d8b438cbb0ee99308e707f32a-grafana-influxdb-token-home.age b/secrets/rekeyed/sire-grafana/b7cdee9d8b438cbb0ee99308e707f32a-grafana-influxdb-token-home.age
new file mode 100644
index 0000000..c737d8c
--- /dev/null
+++ b/secrets/rekeyed/sire-grafana/b7cdee9d8b438cbb0ee99308e707f32a-grafana-influxdb-token-home.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 B7KO8w NtS2dqQU1BoTwoT/42UfEcOKVlrKDdT4zoSqtkvD2Cg
+E3gjjbUQwUAs/Gljfv0CfoPAKo6L9rcPBPP6rx9kBTI
+-> EXb+5IAV-grease e) G
+kvWs+CDtZg
+--- 97OhIK+gTO3VZe+lOmjFGe1RygiTPhbyK5ZhtIWW4tk
+”WÞÒ|N¼J±ˆÁêãzXÀò>ÈÛäf3iÙÀF°€áˆZÙ36MnJ úÌB7›ïMMcß¾W9eò»ZÆ>D¨±n}Ãr>&
\ No newline at end of file
diff --git a/secrets/rekeyed/sire-grafana/f4f9a0c80af2c983350250c972a30b68-grafana-influxdb-token-machines.age b/secrets/rekeyed/sire-grafana/f4f9a0c80af2c983350250c972a30b68-grafana-influxdb-token-machines.age
new file mode 100644
index 0000000..673362a
Binary files /dev/null and b/secrets/rekeyed/sire-grafana/f4f9a0c80af2c983350250c972a30b68-grafana-influxdb-token-machines.age differ
diff --git a/secrets/rekeyed/sire-influxdb/1fb396826d821005062459f27a453004-grafana-influxdb-token-machines-sire-grafana.age b/secrets/rekeyed/sire-influxdb/1fb396826d821005062459f27a453004-grafana-influxdb-token-machines-sire-grafana.age
new file mode 100644
index 0000000..694b7c2
--- /dev/null
+++ b/secrets/rekeyed/sire-influxdb/1fb396826d821005062459f27a453004-grafana-influxdb-token-machines-sire-grafana.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 1tdZKQ 7/FNR9qPfnog6Ci/YIfPv/SWstIvi9KNfoOJSKj3UhU
+pRyszE6vS1KWz/oqRddga6TDCKigzEHneOMtpiF+6ZM
+-> V]6Awl-grease
+vGI9Lof1yQ
+--- ugvostW30lRVwoa0y1CG2zlNnOsG6+Fl6xA3VZJAagA
+MRZöÕc×?,èÃ…²ûMí¶íûéË8æ’óR
+ÓŸåçŽüvºÝÜ„JŒÐ˜Öñh½‚ÍuƒoÒ€ã»ÔM¼ô¼îë»•È\({Óžu
\ No newline at end of file
diff --git a/secrets/rekeyed/sire-influxdb/85f8ae2b2465f6ce8f9354f8569d0320-grafana-influxdb-token-sire-grafana.age b/secrets/rekeyed/sire-influxdb/85f8ae2b2465f6ce8f9354f8569d0320-grafana-influxdb-token-sire-grafana.age
deleted file mode 100644
index 0b98ad8..0000000
--- a/secrets/rekeyed/sire-influxdb/85f8ae2b2465f6ce8f9354f8569d0320-grafana-influxdb-token-sire-grafana.age
+++ /dev/null
@@ -1,8 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 1tdZKQ zBATrC0W9c0OA8FO03FFxqPJaLsNb7O5ownBSmSn1gY
-X3oqnPWt8wv3PaHtdxZ9SRsz3fUtowpMA6LUz3Vvjxg
--> ;}-grease O>
-ba89giA262+t2OeOhZ5ewG+AUHXjJnT9UkpPqQaZovpmWaV4lRLX/+e5DWVzXlzd
-n5fEjrhovARYQ9rTCIwI
---- LX956zk61RQNVOkrkxHRN4Ki6auA6crNbwl4SmysfO8
-µÝ2ë%y¹È»ƒZOe¾®üæRš6‘î§LÐï~0u¥(èi€è"xi¾+ŽfâîÈ]…5ÎfxÑàP×ÕWÉ«¹ÐMËV=¢9n åóö
\ No newline at end of file
diff --git a/secrets/rekeyed/sire-influxdb/8af19159b484f7ee716bbd8d0ef4b290-hass-influxdb-token-zackbiene.age b/secrets/rekeyed/sire-influxdb/8af19159b484f7ee716bbd8d0ef4b290-hass-influxdb-token-zackbiene.age
new file mode 100644
index 0000000..026d444
--- /dev/null
+++ b/secrets/rekeyed/sire-influxdb/8af19159b484f7ee716bbd8d0ef4b290-hass-influxdb-token-zackbiene.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 1tdZKQ 7hRaB/jl5aAQ0OaLaE84invNGJc4iuzxk/jGA7cxMS0
+nKH9M7KqbC2yQbjRY7h9yeCUPjii/PKbaArv7vF0tgs
+-> =Bq38rC-grease |< t'@ f
+WX5ZG96lJs4zzi4
+--- Msg4tXQbL4PdKR//oobUKg2lvMAp1IZgimw09W6BnK4
+Î	ýhÄ}ª@“hÝ4[ðœñ­ã¢Ø„=RýJ`O3ŠÍÐulàbÎ’íìŒ£â¦«zÌUBÙâµ¢ÍìÄ¸/]¦i¢-—®ë³ª±ÅN
\ No newline at end of file
diff --git a/secrets/rekeyed/sire-influxdb/b83247c406e7672605e94a6d354ecb29-grafana-influxdb-token-home-sire-grafana.age b/secrets/rekeyed/sire-influxdb/b83247c406e7672605e94a6d354ecb29-grafana-influxdb-token-home-sire-grafana.age
new file mode 100644
index 0000000..6e50193
--- /dev/null
+++ b/secrets/rekeyed/sire-influxdb/b83247c406e7672605e94a6d354ecb29-grafana-influxdb-token-home-sire-grafana.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 1tdZKQ AsgXjTnMlWoukmKdk3jBqZKildhbuhemjeXVEP6hxU4
+27r8siEl0mvMKMUxXapJqYgHkc/3pO3pGQwzKFV9lV8
+-> IzSa}-grease )hD+%g6Z
+jdkBplRj8opuM6K2D4j2g4CeyQ
+--- 9/pgTJnwXS0d4avPkE4joBUEiCxGOzzAM2+O4kAayxg
+: ÉQqA”Üx}‡hœW!ÇkËFKoC¿²<e•s¶²áSËŠ×ˆò(¿¸£ép£¨2y`nMZ<æ9EÆ@áóÿv¬ÿ¦E'‡S
\ No newline at end of file
diff --git a/secrets/rekeyed/zackbiene/31a04c4d82c35307e01835f3d41e6066-hass-influxdb-token.age b/secrets/rekeyed/zackbiene/31a04c4d82c35307e01835f3d41e6066-hass-influxdb-token.age
new file mode 100644
index 0000000..a802a62
--- /dev/null
+++ b/secrets/rekeyed/zackbiene/31a04c4d82c35307e01835f3d41e6066-hass-influxdb-token.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 DynNMA t66pK0Xp15NUNuTlvpUDfD+jfYmZr6vje8Zil3yV4xA
+NJ89Tcht+GvI7R8RgA0GniOLgbIS7IBTTal2FUN+Pn8
+-> L8|W-grease {#S
+6NoW21RijvL4DTAL7742L9eB5aG3X0fgvf+3vY6IGLW2vKPCIVr1rLkzzhfYnUp4
+avIHxxFbWVHqXUHO71WMcBiC+dHLYxJ9gEeY338
+--- 3zxIzft5E8Z9sQIrEMZKkqxugeS9g8LWYeY3hP8HHio
+.Üu€Å.BzLHNrpµÿÀ?å#ÍsÎÓ¸|•cxÛ¡\¦·$‰Ÿ¼ˆQæ]³¹æ.í¯¿¹>Œ@qö)ìj•ÛÕÇ"
\ No newline at end of file
diff --git a/secrets/rekeyed/zackbiene/c06371c0df2e7f04d986d0efb4c11c52-dhparams.pem.age b/secrets/rekeyed/zackbiene/c06371c0df2e7f04d986d0efb4c11c52-dhparams.pem.age
deleted file mode 100644
index 43589d0..0000000
Binary files a/secrets/rekeyed/zackbiene/c06371c0df2e7f04d986d0efb4c11c52-dhparams.pem.age and /dev/null differ
