diff --git a/flake.lock b/flake.lock
index 4e6e9a82..37b92965 100644
--- a/flake.lock
+++ b/flake.lock
@@ -57,11 +57,11 @@
     },
     "secrets": {
       "locked": {
-        "lastModified": 1615329773,
-        "narHash": "sha256-AxW1lvjEkBoLmJECdZEb+EAUOq/iAQGx/B0gkxUiY4c=",
+        "lastModified": 1615474462,
+        "narHash": "sha256-fuRO3+iHXzU8Gqjui+BO2Abx9PttTrXh7XtHAkMX6aA=",
         "ref": "master",
-        "rev": "07639fa938722fbf7f74dce5e08efa3bcfe2e465",
-        "revCount": 85,
+        "rev": "7047060f6a79ec6a4c1b2046ba476512aad63667",
+        "revCount": 89,
         "type": "git",
         "url": "ssh://git@gitea.c3d2.de:2222/c3d2-admins/secrets.git"
       },
diff --git a/flake.nix b/flake.nix
index 34d33545..332200d9 100644
--- a/flake.nix
+++ b/flake.nix
@@ -71,6 +71,8 @@
           matemat-nixos-rebuild = mkDeploy "matemat" hostRegistry.hosts.matemat.ip4;
 
           scrape-nixos-rebuild = mkDeploy "scrape" hostRegistry.hosts.scrape.ip4;
+
+          dn42-nixos-rebuild = mkDeploy "dn42" hostRegistry.hosts.dn42.ip4;
         });
 
       nixosConfigurations = let
@@ -166,6 +168,17 @@
           system = "x86_64-linux";
         };
 
+        dn42 = nixosSystem' {
+          modules = [
+            ./lib/lxc-container.nix
+            ./hosts/containers/dn42
+            ({ ... }: {
+              nixpkgs.overlays = [ secrets.overlays.dn42 ];
+            })
+          ];
+          system = "x86_64-linux";
+        };
+
       };
 
       nixosModules.c3d2 = import ./lib;
diff --git a/host-registry.nix b/host-registry.nix
index 629e2d26..d065e14f 100644
--- a/host-registry.nix
+++ b/host-registry.nix
@@ -92,6 +92,10 @@ rec {
       publicKey =
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGxPgg6nswoij1fBzDPDu6h4+d458XL2+dBxAx9KVOh";
     };
+
+    dn42 = {
+      ip4 = "172.22.99.253";
+    };
   };
 
   hqGlobal = builtins.attrNames hosts;
diff --git a/hosts/containers/dn42/configuration.nix b/hosts/containers/dn42/default.nix
similarity index 93%
rename from hosts/containers/dn42/configuration.nix
rename to hosts/containers/dn42/default.nix
index 95db2e5a..7165e0db 100644
--- a/hosts/containers/dn42/configuration.nix
+++ b/hosts/containers/dn42/default.nix
@@ -3,14 +3,8 @@
 let
   address4 = "172.22.99.253";
   address6 = "fe80::deca:fbad";
-  neighbors = import ../../../secrets/hosts/dn42/neighbors.nix;
+  neighbors = pkgs.neighbors;
 in {
-  imports = [
-    ../../../lib/lxc-container.nix
-    ../../../lib/shared.nix
-    ../../../lib/admins.nix
-  ];
-
   networking.hostName = "dn42";
   # networking.defaultGateway6 = {
   #   address = "2a02:8106:208:5201::c3d2:4";
@@ -44,9 +38,6 @@ in {
   '';
   services.openvpn = let
     openvpnNeighbors = lib.filterAttrs (_: conf: conf ? openvpn) neighbors;
-    keyfile = name:
-      builtins.toFile "${name}.key" (builtins.readFile
-        (../../../secrets/hosts/dn42/openvpn + "/${name}.key"));
     mkServer = name: conf: {
       config = ''
         dev ${name}
@@ -60,7 +51,7 @@ in {
         ping-restart 45
         verb 1
         ${conf.openvpn}
-        secret ${keyfile name}
+        secret ${pkgs.openvpn-keyfile name}
       '';
       up = ''
         ${pkgs.iproute}/bin/ip addr flush dev $1