diff --git a/nixos/modules/profiles/cloud.nix b/nixos/modules/profiles/cloud.nix
index 98314c7..86e2c74 100644
--- a/nixos/modules/profiles/cloud.nix
+++ b/nixos/modules/profiles/cloud.nix
@@ -1,7 +1,7 @@
 { config, lib, ... }:
 let
   secretsPath = config.dadada.secrets.path;
-  initrdHostKey = "${config.networking.hostName}-ssh_host_ed25519_key";
+  initrdHostKey = "${config.networking.hostName}-initrd-ssh_host_ed25519_key";
 in
 {
   boot.initrd.availableKernelModules = [ "virtio-pci" ];
@@ -9,7 +9,7 @@ in
     enable = true;
     ssh = {
       enable = true;
-      port = 22;
+      port = 2223;
       hostKeys = [
         config.age.secrets."${initrdHostKey}".path
       ];
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 7da57e3..d1a5265 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -21,6 +21,7 @@ in
   "miniflux-admin-credentials.age".publicKeys = [ systems.surgat dadada ];
   "gorgon-backup-passphrase-gs.age".publicKeys = [ systems.gorgon dadada ];
   "paperless.age".publicKeys = [ systems.gorgon dadada ];
+  "surgat-initrd-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ];
   "surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ];
   "ninurta-initrd-ssh-key.age".publicKeys = [ systems.ninurta dadada ];
   "ddns-credentials.age".publicKeys = [ systems.agares systems.ninurta dadada ];
diff --git a/secrets/surgat-initrd-ssh_host_ed25519_key.age b/secrets/surgat-initrd-ssh_host_ed25519_key.age
new file mode 100644
index 0000000..32dbcbf
Binary files /dev/null and b/secrets/surgat-initrd-ssh_host_ed25519_key.age differ