diff --git a/dev/effect.nix b/dev/effect.nix
index f78ea50..2dcc8b0 100644
--- a/dev/effect.nix
+++ b/dev/effect.nix
@@ -20,10 +20,10 @@
               effectScript = ''
                 writeSSHKey hercules-ssh
                 cat >>~/.ssh/known_hosts <<EOF
-                darwin02.nix-community.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBt6uTauhRbs5A6jwAT3p3i3P1keNC6RpaA1Na859BCa
+                darwin02.nix-community.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICJqwpMUEl1/iwrBakeDb1rlheXlE5mfDLICVz8w6yi6
                 darwin03.nix-community.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKX7W1ztzAtVXT+NBMITU+JLXcIE5HTEOd7Q3fQNu80S
                 EOF
-                ${hci-effects.ssh { destination = "m1@darwin02.nix-community.org"; } ''
+                ${hci-effects.ssh { destination = "hetzner@darwin02.nix-community.org"; } ''
                   set -eux
                   newProfile=$(nix-store --realise ${darwin02})
                   sudo -H nix-env --profile /nix/var/nix/profiles/system --set $newProfile
diff --git a/devdoc/hosts.md b/devdoc/hosts.md
index f7064fc..b1539e7 100644
--- a/devdoc/hosts.md
+++ b/devdoc/hosts.md
@@ -41,10 +41,10 @@ This machine is meant as an aarch64 builder for our hydra instance running on bu
 
 This machine is meant as an aarch64 and x86_64 builder for our CI.
 
-- Provider: Scaleway
-- Instance type: [Apple Mac mini M1](https://www.scaleway.com/en/hello-m1/)
+- Provider: Hetzner
+- Instance type: [Apple Mac mini M1](https://docs.hetzner.com/robot/dedicated-server/mac-mini/getting-started/)
 - CPU: Apple M1
-- RAM: 8GB
+- RAM: 16GB
 - Drives: 256GB SSD
 
 ### `darwin03`
diff --git a/hosts/darwin02/configuration.nix b/hosts/darwin02/configuration.nix
index bc5f7e0..5ea6487 100644
--- a/hosts/darwin02/configuration.nix
+++ b/hosts/darwin02/configuration.nix
@@ -19,7 +19,7 @@
 
   # TODO: refactor this to share /users with nixos
   # keys are copied, not symlinked
-  users.users.m1.openssh.authorizedKeys.keys = [
+  users.users.hetzner.openssh.authorizedKeys.keys = [
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOG/9rsFqC2tg+W5YZxthW5xhUJEfZ8ShqkRtVe+A6+u" # hercules-ssh-deploy
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE" # mic92
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOuiDoBOxgyer8vGcfAIbE6TC4n4jo8lhG9l01iJ0bZz" # zimbatm
diff --git a/modules/nixos/common/security.nix b/modules/nixos/common/security.nix
index 4de99b8..4fe12bd 100644
--- a/modules/nixos/common/security.nix
+++ b/modules/nixos/common/security.nix
@@ -21,7 +21,7 @@
     };
     darwin02 = {
       hostNames = [ "darwin02.nix-community.org" ];
-      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBt6uTauhRbs5A6jwAT3p3i3P1keNC6RpaA1Na859BCa";
+      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICJqwpMUEl1/iwrBakeDb1rlheXlE5mfDLICVz8w6yi6";
     };
     darwin03 = {
       hostNames = [ "darwin03.nix-community.org" ];
diff --git a/secrets.yaml b/secrets.yaml
index 5b2568e..a6fbd14 100644
--- a/secrets.yaml
+++ b/secrets.yaml
@@ -4,7 +4,7 @@ build02:
         User: ENC[AES256_GCM,data:zFoqhpzNAhZOlS29kiE=,iv:Dj8NXwa5OOeaY2iJ5dVtHl/D23pZOy2cAdh6ugyRXU0=,tag:LH777kzUGl3aV+ALPb2Rxw==,type:str]
         Password: ENC[AES256_GCM,data:HjKkBkGhPSj67CV1dBtNj5ywOv9STq8Ilt0fOGTFTRk68us1jl5cDXqp+4J/jvenIomDEtC/PyQwrssRKmYMPN7ufg24GOuLIz3BoWrit7HQqfi/9Dq2AecBeLHuLAurv4/u2Q==,iv:NKGMS69+0TBRXTSHnfHKCG3J3stSK13SGiVQRaDrAjE=,tag:SuT1zWb97gL4RixrJKE+bg==,type:str]
 darwin02:
-    m1: ENC[AES256_GCM,data:6pytGUJEqkFZ+duy,iv:EJU7klpTvAhC4+hgj7vGA9XzHHVPixJpRsQrd79/rEs=,tag:eCjTqrF8E5ABZgSBDdm38Q==,type:str]
+    hetzner: ENC[AES256_GCM,data:2ivyayF/bCI7BKGkRSg=,iv:ZKO9rViA7gvQplzaPz47WZlsq6kk7wekVrZOFO1zUqQ=,tag:BA9W7OZZk2Xt5nF7SECnQg==,type:str]
 darwin03:
     hetzner: ENC[AES256_GCM,data:JXcc5M1LY5s+y1q9zKU=,iv:nyux6gTWd/OBrOauY1DdZrvBcn7soqHSOnDe7Qn2YGE=,tag:nOOXlN3T6bQS7Oh9WaGpJw==,type:str]
 nix-community-alert-bot:
@@ -83,8 +83,8 @@ sops:
             MkcvL1JyVFBJV0Y5RFFCMGN1OUFXdU0Kdx1wy6ZOOTg1a6VKaq52SMBvC26lMsW/
             oMP+hmXc2WtoqZp+jZ9rrXz6cZW6/dO7CPqxl3aUEKg6BkXIwgyKeg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-07-17T06:19:31Z"
-    mac: ENC[AES256_GCM,data:VjQ33z7uiSEcS46NyWI2Ye2qYmwiLyC26zcTV3CwqDvxX9OKOxfAbzRVvAKN8fzG82MWLGQdTu3IZ0YHuF1dnGKzSOZ7b0cLY0ItWXp7fX3rOdefNKSdZQqN1lewIW0AphjMZyJGRGv+LOIuvI/wuPkk4occc27ZhQ8o9YPFO9c=,iv:Xw83SC1E8SDEUFuZkh8FPZiYPk16pPUQ3NZI4hmLN3c=,tag:EULbpCflJtt/dzSBAuYnFQ==,type:str]
+    lastmodified: "2023-07-18T06:28:59Z"
+    mac: ENC[AES256_GCM,data:HpdZCHgZmxvNtgeAFhnwz1gL+MuJWZJiZ75p3+heiNftAhiR1CSIWB1uAcAm0SVN5/mDOWs9SKH2IQv2clra4hkVnELtNjZVt576+OSq7Dy1LXvFEyafp8Sb6nJfMN3FgT+Mx/Y4YcGiLhllX2crkLBfiJu32n++Aejj5I0RxNA=,iv:qjXkgjB1PBB2cGPsI5pELlRONfaDL1cT3NzFPdmMQUU=,tag:BAF2WUF7v/Tp5IkEQ3oVZA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3
diff --git a/terraform/cloudflare_nix-community_org.tf b/terraform/cloudflare_nix-community_org.tf
index 13beeff..9382ebc 100644
--- a/terraform/cloudflare_nix-community_org.tf
+++ b/terraform/cloudflare_nix-community_org.tf
@@ -80,16 +80,16 @@ resource "cloudflare_record" "nix-community-org-darwin01-AAAA" {
 resource "cloudflare_record" "nix-community-org-darwin02-A" {
   zone_id = local.nix_community_zone_id
   name    = "darwin02"
-  value   = "51.159.120.155"
+  value   = "167.235.38.49"
   type    = "A"
 }
 
-resource "cloudflare_record" "nix-community-org-darwin02-AAAA" {
-  zone_id = local.nix_community_zone_id
-  name    = "darwin02"
-  value   = "2001:bc8:a01:3:1698:77ff:fe3a:d38f"
-  type    = "AAAA"
-}
+#resource "cloudflare_record" "nix-community-org-darwin02-AAAA" {
+#  zone_id = local.nix_community_zone_id
+#  name    = "darwin02"
+#  value   = "2001:bc8:a01:3:1698:77ff:fe3a:d38f"
+#  type    = "AAAA"
+#}
 
 resource "cloudflare_record" "nix-community-org-darwin03-A" {
   zone_id = local.nix_community_zone_id