diff --git a/docs/hosts.org b/docs/hosts.org
index 8943937..d59d3c4 100644
--- a/docs/hosts.org
+++ b/docs/hosts.org
@@ -1,7 +1,5 @@
 #+title: Hosts
-* [[file:../hosts/reykjavik/README.org][Reykjavik]]
-* [[file:../hosts/kopavogur/README.org][Kopavogur]]
-* <<new_host>> Setting up a new host
+* Setting up a new host
 ** Generate a host ssh key pair
 Generate the key pair (we'll use the name `id_<host>`)
 #+BEGIN_SRC bash
@@ -37,3 +35,6 @@ Host remotehost
   IdentitiesOnly yes
   IdentityFile ~/.ssh/remotehost
 #+END_SRC
+* List of hosts
+** [[file:../hosts/reykjavik/README.org][Reykjavik]]
+** [[file:../hosts/kopavogur/README.org][Kopavogur]]
diff --git a/docs/install.org b/docs/install.org
index b6e7143..0aa0f8d 100644
--- a/docs/install.org
+++ b/docs/install.org
@@ -1,9 +1,9 @@
 #+title: Installing
 * Set up
-** If new host, follow [[new_host][Setting up a new host]]
+** If new host, follow [[file:hosts.org][Setting up a new host]]
 ** Open a nix-shell with dependencies
 #+BEGIN_SRC bash
-nix shell nixpkgs#git
+nix-shell -p git
 #+END_SRC
 ** Obtain the flake
 + Via git clone
diff --git a/hosts/thingvellir/README.org b/hosts/thingvellir/README.org
new file mode 100644
index 0000000..02c4373
--- /dev/null
+++ b/hosts/thingvellir/README.org
@@ -0,0 +1,2 @@
+* Thingvellir
+Servidor a Vultr
diff --git a/hosts/thingvellir/default.nix b/hosts/thingvellir/default.nix
new file mode 100644
index 0000000..f502fc2
--- /dev/null
+++ b/hosts/thingvellir/default.nix
@@ -0,0 +1,45 @@
+{ config, pkgs, lib, inputs, ... }:
+
+with lib;
+{
+  imports = [
+    ./hardware.nix
+  ];
+
+  # - Basic --------------------------------------
+
+  user.name = "marc";
+  user.shell = pkgs.zsh;
+  networking.hostName = "thingvellir";
+  networking.firewall = {
+    enable = true;
+  };
+
+  # - Bootloader ---------------------------------
+
+  boot.loader.grub = {
+    enable = true;
+    device = "/dev/vda";
+  };
+
+  # - Modules ------------------------------------
+
+  samfelag.modules = {
+    # - Common -----------------------------------
+    # See modules/common.nix for common packages installed
+
+    # - System -----------------------------------
+    system.utils.enable = true;
+    system.gpg.enable = true;
+    system.pass.enable = true;
+    system.ssh.enable = true;
+    system.sshfs.enable = true;
+
+    # - Editors and development ------------------
+    dev.git.userName = "marc";
+    dev.git.userEmail = "marc@sastre.cat";
+
+    dev.docker.enable = true;
+    dev.docker.users = ["marc"];
+  };
+}
diff --git a/hosts/thingvellir/hardware.nix b/hosts/thingvellir/hardware.nix
new file mode 100644
index 0000000..8d24782
--- /dev/null
+++ b/hosts/thingvellir/hardware.nix
@@ -0,0 +1,36 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [  ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
+      kernelModules = [ ];
+    };
+    kernelModules = [ ];
+    extraModulePackages = [ ];
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-label/nixos";
+      fsType = "ext4";
+    };
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-label/swap"; }
+  ];
+
+  networking = {
+    useDHCP = lib.mkDefault true;
+    interfaces = {
+      ens3.useDHCP = lib.mkDefault true;
+    };
+    nameservers = [ "108.61.10.10" ];
+  };
+
+  virtualisation.hypervGuest.enable = true;
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
diff --git a/secrets/consul.d/agent-token-reykjavik.json.age b/secrets/consul.d/agent-token-reykjavik.json.age
index 1bdf203..f292dfa 100644
Binary files a/secrets/consul.d/agent-token-reykjavik.json.age and b/secrets/consul.d/agent-token-reykjavik.json.age differ
diff --git a/secrets/consul.d/agent-token-thingvellir.json.age b/secrets/consul.d/agent-token-thingvellir.json.age
new file mode 100644
index 0000000..c736977
--- /dev/null
+++ b/secrets/consul.d/agent-token-thingvellir.json.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 GWuf0Q mCQbETRLULM4/f70NUKHvn9iSDdfnM1a1PDRGVnS9ys
+CNFbhSDNq3cOmyrc56w75ZUZXPfVgT29F5+fFoP5Kmk
+-> ssh-ed25519 kNjiNQ jSJAUXcGPZiKvLqab9BBfjCsSrM1FhYfbKgHg81L7E8
+xcbPJUR3TvY0PiBrY62+UxUeZ/dfVLt0uTj2+giwtkM
+--- roH7F9Fb3B1lcvSiDoM/e1vCmFRbUupKGF+pRUO7gek
+��1����X"
㡉)��K��S�P�pt�+�	��J*�& �< �#)9�7/�]��M��9w���q���ٹ�E-��:���5/�]7jf;���60�z/�zLYF�>����@��\: ��sO��������W��t������꒚��W���h�K�
)2X�Vٜ��5�s��4e
\ No newline at end of file
diff --git a/secrets/consul.d/consul-agent-ca.pem.age b/secrets/consul.d/consul-agent-ca.pem.age
index 277ffda..fcb06a4 100644
Binary files a/secrets/consul.d/consul-agent-ca.pem.age and b/secrets/consul.d/consul-agent-ca.pem.age differ
diff --git a/secrets/consul.d/gossip.json.age b/secrets/consul.d/gossip.json.age
index 32339d0..97d6681 100644
--- a/secrets/consul.d/gossip.json.age
+++ b/secrets/consul.d/gossip.json.age
@@ -1,5 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 GWuf0Q PZ9afqz3THF8vuV1bBzKU2QQ5j0cA7TriznFu1/eF1Q
-sk8JAVRjCyhjjkebWtqJaxoacxiYSdir7w9Ep9ch0/4
---- lBViOk0i5qkicV2kqyGSI/fiEjtyrGqKAoUIzz3V9lQ
-�8"�V�
���!yY�K}��{/����LD;?��g�9��p���;u�||�"�OӋ��rk#"�W,��p�$���7��x砾Z~V;�Խ߉�m�g�
\ No newline at end of file
+-> ssh-ed25519 GWuf0Q Mr94MtZjrZxrlA7IoiyDQmup8YiALGJqmf0A4JTUNUo
+y3Y+XaXPyGgAR0a48s0IKvAugOdeEIuRpWv7pacJxWw
+-> ssh-ed25519 zhVGHw MhDh4XhG85MU4J8VmR4/mhQOPF9KQFGcytrH0CFaYTQ
+9F5HgLtxP8fB7kQYjRxjFnoGL6+Hpa+/+QAiByJuPg0
+-> ssh-ed25519 kNjiNQ CnJ2jD2dbyixR0mBPu1ZjX3Ms/jDxkPQs03O222PN0U
+MkcCN9OVhcdI5ReVAR/uW+bX3kNNBBPR7YI0DygNr1I
+--- KzWsU/aTm7iuKmC9P5al90irn7+yvJSC6Z4jPd9uzhI
+�Rl�I�W�{>I�Vl��ua���;hD�4�J.���;��U·v�~>E�jY{�o�����X��n�V(�Ua�׸&�� �Oi������4+I��|��
\ No newline at end of file
diff --git a/secrets/nomad.d/consul-token.json.age b/secrets/nomad.d/consul-token.json.age
index a652390..e7d123a 100644
--- a/secrets/nomad.d/consul-token.json.age
+++ b/secrets/nomad.d/consul-token.json.age
@@ -1,5 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 GWuf0Q BbOx6cx+uu2ortgM+FKdQ58Mq/88oiilwQG4H9omY0c
-yfQ092ZhIXDUfRK/1McsaKo3RnGvbmjtZcU1k769GX0
---- ddjUdGmBLlYX2jY3FuEr11FudpoSP+gI+0PxIsJ1BZo
-��>_��F�$j?.�E��g�%kmǑ��9�/zf��&g*VG^.�ȖT^��H۷�>�p$�+���E�qP�&mu��LJ�����q�ʢf����vOn���H����W����c8Mn��l�p������j'�����xI���'|
\ No newline at end of file
+-> ssh-ed25519 GWuf0Q xVuLRTTmTLzFJKyh9RIdq0ZEgoIc6lQs4TlQ9ypb6As
+TtblfYeBV1RpE8717ShUFh2wLmM5K5PviOVr0EyG4Qk
+-> ssh-ed25519 zhVGHw hD2BDVwJMT1nQKvqFU04ih71pFhweIXK9+gk5KzbfGY
+KmyxI4yLdlnbvAbENN9bLHFNpB8Hz6EVCLeQNsaHEho
+-> ssh-ed25519 kNjiNQ 0WpE6n5Cu0F/r0LOpWV8DKtx90xssu6rA706/D0I+Q0
+nCSLiH6A5jsne2Z4tLq05EA3FDYThPvavJqtn4LfO5I
+--- qtwiXJDiyOdy3XRMZLdwEWdDkpHVn+COhqmHR86cDJM
+�3���0���l�����ިUȻǒ�-B���fu�Z#.��^q�����Tyi8�=���\�e'�Y���KЯ�ɸ)g ��Sv��7��[��"&�.H��ݷ���8��]�	���x�g_���j�
#BJ��g�+�GCD���.
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 6109110..f059f09 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,14 +1,28 @@
 let
   id-reykjavik = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFwwpKfxNmUyBoPZqz1jYc6arCdHPvJrEsBN49m/P3By";
   id-hvannadal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICy1ocZywBvFHpIj+FvaC7QspRWuLXjy6fwakq9t+0Ev";
+  id-thingvellir = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEIvWEwYayFK8iRb4g2+cnQXlqiMBu3aWxTahXkaCNG7";
+
+  # --- Host lists ---
+  # Since we want to be able to manage/edit all secrets from reykjavik, we create helper lists that
+  # always contain reykjavik
+  reykjavik = [id-reykjavik];
+  thingvellir = [id-reykjavik id-thingvellir];
+
+  samfelag-hosts = [
+    id-reykjavik
+    id-hvannadal
+    id-thingvellir
+  ];
 in
 {
   # -- Consul -------------------------------
-  "consul.d/gossip.json.age".publicKeys = [id-reykjavik];
-  "consul.d/consul-agent-ca.pem.age".publicKeys = [id-reykjavik];
+  "consul.d/gossip.json.age".publicKeys = samfelag-hosts;
+  "consul.d/consul-agent-ca.pem.age".publicKeys = samfelag-hosts;
   # Agent tokens
-  "consul.d/agent-token-reykjavik.json.age".publicKeys = [id-reykjavik];
+  "consul.d/agent-token-reykjavik.json.age".publicKeys = reykjavik;
+  "consul.d/agent-token-thingvellir.json.age".publicKeys = thingvellir;
 
   # -- Nomad -------------------------------
-  "nomad.d/consul-token.json.age".publicKeys = [id-reykjavik];
+  "nomad.d/consul-token.json.age".publicKeys = samfelag-hosts;
 }
diff --git a/secrets/ssh-keys/id_thingvellir.gpg b/secrets/ssh-keys/id_thingvellir.gpg
new file mode 100644
index 0000000..976d257
Binary files /dev/null and b/secrets/ssh-keys/id_thingvellir.gpg differ
diff --git a/secrets/ssh-keys/id_thingvellir.pub b/secrets/ssh-keys/id_thingvellir.pub
new file mode 100644
index 0000000..40928c0
--- /dev/null
+++ b/secrets/ssh-keys/id_thingvellir.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEIvWEwYayFK8iRb4g2+cnQXlqiMBu3aWxTahXkaCNG7 marc@reykjavik