diff --git a/flake.nix b/flake.nix
index b05c87a..318adbb 100644
--- a/flake.nix
+++ b/flake.nix
@@ -42,6 +42,11 @@
               modules = [ ./hosts/vm/apprentix ] ++ baseModules;
             };
 
+            cephiroth = nixosSystem {
+              specialArgs = inputs;
+              modules = [ ./hosts/physiques/cephiroth ] ++ baseModules;
+            };
+
             jitsi = nixosSystem {
               specialArgs = inputs;
               modules = [ ./hosts/vm/jitsi ] ++ baseModules;
diff --git a/hosts/physiques/cephiroth/default.nix b/hosts/physiques/cephiroth/default.nix
new file mode 100644
index 0000000..0dd572d
--- /dev/null
+++ b/hosts/physiques/cephiroth/default.nix
@@ -0,0 +1,26 @@
+{ pkgs, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./networking.nix
+
+    ../../../modules
+  ];
+
+  networking.hostId = "bbdd1133";
+  networking.hostName = "cephiroth";
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.efiSupport = true;
+  boot.loader.grub.device = "nodev";
+
+  boot.loader.grub.mirroredBoots = [
+    {
+      devices = [ "nodev" ];
+      path = "/boot-fallback";
+    }
+  ];
+
+  system.stateVersion = "24.05";
+}
diff --git a/hosts/physiques/cephiroth/hardware-configuration.nix b/hosts/physiques/cephiroth/hardware-configuration.nix
new file mode 100644
index 0000000..84c49b8
--- /dev/null
+++ b/hosts/physiques/cephiroth/hardware-configuration.nix
@@ -0,0 +1,57 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "uhci_hcd" "hpsa" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "head/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/C900-92D1";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  fileSystems."/boot-fallback" =
+    { device = "/dev/disk/by-uuid/C931-84A4";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.bond0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.bond0.10.useDHCP = lib.mkDefault true;
+  # networking.interfaces.bond0.3.useDHCP = lib.mkDefault true;
+  # networking.interfaces.bonding_masters.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno2.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno3.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno4.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno49.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno50.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno51.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno52.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp11s0f0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp11s0f1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/hosts/physiques/cephiroth/networking.nix b/hosts/physiques/cephiroth/networking.nix
new file mode 100644
index 0000000..834b249
--- /dev/null
+++ b/hosts/physiques/cephiroth/networking.nix
@@ -0,0 +1,49 @@
+{ ... }:
+
+{
+  networking = {
+
+    dhcpcd.enable = false;
+
+    vlans = {
+      vlan3 = {
+        id = 3;
+        interface = "bond0";
+      };
+      vlan10 = {
+        id = 10;
+        interface = "bond0";
+      };
+    };
+
+    bonds.bond0 = {
+      interfaces = [ "enp11s0f0" "enp11s0f1" ];
+      mode = "802.3ad";
+    };
+
+    interfaces = {
+      vlan3 = {
+        ipv4 = {
+          addresses = [
+            {
+              address = "172.16.3.3";
+              prefixLength = 24;
+            }
+          ];
+        };
+      };
+      vlan10 = {
+        ipv4 = {
+          addresses = [
+            {
+              address = "172.16.10.3";
+              prefixLength = 24;
+            }
+          ];
+        };
+      };
+    };
+    defaultGateway = "172.16.3.99";
+    nameservers = [ "172.16.10.128" ];
+  };
+}
diff --git a/secrets/common/root.age b/secrets/common/root.age
index b518bc7..73adccd 100644
--- a/secrets/common/root.age
+++ b/secrets/common/root.age
@@ -1,4 +1,5 @@
 age-encryption.org/v1
+<<<<<<< HEAD
 -> ssh-ed25519 2k5NOg 4z9gZoi1nI43RZpsVo7kSb60CU66nu4Oo7s56cJ2Ixw
 2q2Mrknk2dV08G1otHSuw1urEGMN1M1hYcyNiG3QnK0
 -> ssh-ed25519 iTd7eA 0P+Sf77RiouUH+iNfs5pF5sZfv70ftHEG/4yte37XDU
@@ -24,4 +25,30 @@ McTWwmOr0JvZ241sW2dkTiLNJLqDnghdarxxA6Bi2i0
 -> ssh-ed25519 eXMAtA X33iEIce1PKaJyhCmezY6QvUfVHCcy6cNCJ9MoRkRzs
 afNufk0j4RD6qzhXAE+QypiTKjon/+SwetBKJDpBGFM
 --- YH0BJ2SPwVZOJOiAWayJzajKmIRcGHH3DGK9Bdegrzs
-�p8 P�v���eBK\|�*�D�P��iyt���j�����9�T�>�I�R��L��+"!Y�3"(/w
\ No newline at end of file
+�p8 P�v���eBK\|�*�D�P��iyt���j�����9�T�>�I�R��L��+"!Y�3"(/w
+=======
+-> ssh-ed25519 2k5NOg Svrem6CDZP6xX1GDOmloRIAPeyDQV75/b0MwDT+972E
+nXCeatzbtsFsxEJsbAfnRbsqDoLblxUVDC99N2a0QZE
+-> ssh-ed25519 iTd7eA sSbUU5u+vL/RYOvhmKBew0H11IOAKekdFjvWA/b6Axk
+04fyYuDjVdpON+RyBOFNj4GLPEPxbmDBRPdvL0HP/Mw
+-> ssh-ed25519 h5sWQA OyyUENRFhpdO6vN7tXv3R6lFuyJFO2chOs5Ujj+H5xM
+BSJNOsPzP6O91t+yF2Fc7F7lQ4uoZ0XA08/k0sQBSxw
+-> ssh-ed25519 /Gpyew ycR52ChF0PXVIASNa21GW5rZhNkUdm4L+qpMGkU+mS0
+0K9QfbqO+piWxG3cNbRqCAg5OahWeNp1CjCr9Xf7qBo
+-> ssh-ed25519 LAIH1A 6R+UrpvT+m/4b5rYxOqdMtY7lWuiQVNA74JUmIZYnFc
+SyVckkzLYiA3+MO+rmymj3FoRZO+88d44QRSGAxjZCQ
+-> ssh-ed25519 qeMkwQ uSBSu3+hBJyBFccE9LVafx/4nnNRfdbrhoYNk7h+RAA
+tHEhdso/7ZZMauUbNcW1I8UURiKuBhFpjaXmG/tzQSs
+-> piv-p256 ewCc3w A6Zt+RzeoJOjb1St4hIUz9uOz677sIm6//6MBge1wpUB
+wj0tcKjV1K/zJ9TyuoIFe5BPrTDLa1zgS9iU+9hz8jg
+-> piv-p256 6CL/Pw AtMvYrgewAmNNtmKzunuWiL/fKOJLWNyqjsMMHdRQ9qU
+HMM4WATy3ptCTDVRMiCLPEa+HQV1qD6E7gra3vR+WeQ
+-> ssh-ed25519 I2EdxQ YIfL8RsQuBpou9bEzPLgnGKEu3LU1umm2Gsg4sHLz3c
+1cwiqzYl2OZP14l/yOeCWd34wPky1BlXrvio12BX3Xg
+-> ssh-ed25519 GNhSGw AC/rhkYLYCcpHmpew92iA+ggDKPHK/Peq4MQ1Sse1HU
+fwBrDclET5QEZ1adT8abjH6Mc6MIqHKIqytafcRPkK8
+-> ssh-ed25519 eXMAtA iaFiw3ToxQ25wJxcX43SKX3ZXp2nbCxFiQ7zxqzneC8
+Yc1k3XCGDchmCmvgquwsogwqjb+qEq3InhYrZrMaZ0Y
+--- a/rpCM6S3vOYHV0mtBy454Csl4loPw1M7ddKOXclnNI
+��
W�R��%����wZ-��Wv$JJg�"�U�ߦ&�N�1[�b�h�N�#�Y����<�dl
+>>>>>>> 19622ff (Chiffrement cephiroth)
diff --git a/secrets/restic/cephiroth/base-password.age b/secrets/restic/cephiroth/base-password.age
new file mode 100644
index 0000000..2283b88
--- /dev/null
+++ b/secrets/restic/cephiroth/base-password.age
@@ -0,0 +1,17 @@
+age-encryption.org/v1
+-> ssh-ed25519 2k5NOg 3bx98CtSuo2bBcMNDERXBAd/V5QHDwS9QxiUeOIYfA0
+WNXRmrsvAYzf+hPKTD1cDe8AxsLE2XXOR3/9ntok4kI
+-> piv-p256 ewCc3w A9SuxTuiv6fR4x/L2T35+P1BQhXdNpJqYY6JAx14JNDV
+te3znop5erWyoQD5ummj0jzymLowOTQp8VHRcHZIEhI
+-> piv-p256 6CL/Pw Ax+D6ty1y6EvXW0PMmyCdBHlsDFhRTAjU0fdEsKQaWxm
+eo1/cUsSW0fxSjenYSZZrwnIw6dNiiFRsmgDBZculLM
+-> ssh-ed25519 I2EdxQ 615M9ya/ucv/fGBQ+WTje+xkHbQTWb3o3sL3uHsnfEw
+2bg0Lizi0xuBTZEImpU94E6NDpWybCbNsIQpXM8EdNE
+-> ssh-ed25519 GNhSGw ge2dVtIyfvdDCXqFA0lUQL+pWm/vSzYniGlW4QhVpx8
+MnL0sBA4EjsrK0fG5KY7Ohu/QoynehvkPaD4k7uXGIE
+-> ssh-ed25519 eXMAtA vllKN8ZW9wI2+jU37/T+M90d+JdHqdu6pA1ahQA6Um4
+RYXFH+Ww4FRLY2BC4erw5f6xiPqzF4zH9jXGztD5atU
+--- s3uczVE3E+Gm/7UvDCEe5lPibnmOZjFwv+yvVUvC68s
+N�����`~"�=��U���֋\%�thҰQ���Q�5H�ޕ�n=����w��dV�`�aWw�=�d���TC	cT�����u�Ú�S��\1ԛN�]�hfJZ��ӫ��n^Q���Ԇ���k�Vת���t���ȣȕ�G,i��v�V?��Xf�
+�Jً�f_VxU���M��z�!�G
+-��k��:ơxh����KC1y1�*��7��4c'��ؒ+9�5	����P�w���Y��З^2�,�eUnŷ�;�i��?
�����MGQen��]l
\ No newline at end of file
diff --git a/secrets/restic/cephiroth/base-repo.age b/secrets/restic/cephiroth/base-repo.age
new file mode 100644
index 0000000..282b20f
Binary files /dev/null and b/secrets/restic/cephiroth/base-repo.age differ
diff --git a/secrets/restic/jitsi/base-password.age b/secrets/restic/jitsi/base-password.age
index ae8ba8a..c451529 100644
--- a/secrets/restic/jitsi/base-password.age
+++ b/secrets/restic/jitsi/base-password.age
@@ -1,4 +1,5 @@
 age-encryption.org/v1
+<<<<<<< HEAD
 -> ssh-ed25519 iTd7eA Cn4X/15nIr4aBckcscrpeISR0BVQvpZUQv5vhoLUwRg
 ZTv/zkv5A90FiBlxO7N/NSwHo+7Br5D5ksV5TYECfsE
 -> piv-p256 ewCc3w Ajkq5jXzH2m9GGryEPPzYEFsZHpAdV9PpSFU+gTqkhLK
@@ -15,4 +16,20 @@ I3/3Uk1vKPYr1XNjoFIMISzfLYqFFrOEaA8bLGX8G9k
 9hIa8dC+z+awUC9cPEa1/eiETrDzjVsdwetJR8LJleE
 --- EDDzNZbfu1k62QxWpeNvMzWm5PjgxCUiTypr+BMsamU
 2p�l	H��@�i��?�<=���!Z�_b��¾��|5�J��m]I��H�����$^E>����ʕ��;7����Mj�}����q_?Ye��Z9`�[��T�����m'T�?P\'�R�+�?x��b���n�G�|��6��h��x��ՠ��`�:O���H40_LLn)����Ʊ�����kҹ�`�_wgF`�36\��T4�� �O��AZ�wH�I7�O~������g��NMEk�W���vQ���V55��g�3
�7�t�	�<�v
-,
\ No newline at end of file
+,
+=======
+-> ssh-ed25519 iTd7eA s0+l/6oShBz9ikixHzOH1ZeqqBfYiFUiMmupY7dD7F8
+qG6JGeQ4VZZhcSP0DIna5T4ApNTEYvr6T0b65GqYbXM
+-> piv-p256 ewCc3w AzTQZk8h5T8HNbCZ25UhIOLBqqBJjMtQuTYCbZkkQg0f
+5ggJezfGbEL4H6o1u9vyOfMgSaWU8dWt4s63k4W+7aE
+-> piv-p256 6CL/Pw A9Pc6W8yfckf8NPKfI3ijBwp5X2Es7N6/gLJQK8DUGHY
+LMTVYyiMQY/+p86jUV9f1R9WqaPf5MkmIBSQVjstNCQ
+-> ssh-ed25519 I2EdxQ i0Bc88DJeeFhJEhka46NoNBj92psTDYJCa+gTFerLEU
+5WyerYIqt7ZV+A+oEAEifRcR1QhON2cnllv+0vumjaM
+-> ssh-ed25519 GNhSGw gsyZh0ND3POSHbNFXPSw/GaBP6oTSBC2amQ8c/lniVk
+RGkkMAOce2KT7lQfHcMPFHThnPjVSXy0HvzTdoY4/ig
+-> ssh-ed25519 eXMAtA 00JsnPLMk1GD2hJC1TXWmSuGLLoZCuRQr+igOy+uXmE
+esvRhZmWjG10GIZ1UQpZb/QfgmZHt9Nda5Q4HriczFE
+--- QyrvM667EoVMiAsNKcZlVvX3uaM3D22mMXLBC1gweUE
+�5�ZT�ꛬ�H�.0=V��^vƝ�ڡ��^}!;KϺ��Q��{�����K�c�~�Y�Н�$���!�4=/k^F�K�n�98+��� �����b�#>��@�Y�4�8+*�h4�y���Y��ek���Y�kT��\���u,1Kh�X�>��t��TG��p���L�prS���y�!i�d���o���%�SK��i�'D�7�������`�+�%P�R���m�ڛI�#�$!�j�&H�U���7���5��E�8��1���СdF!�	Sođt�
+>>>>>>> 19622ff (Chiffrement cephiroth)
diff --git a/secrets/restic/jitsi/base-repo.age b/secrets/restic/jitsi/base-repo.age
index b8e765a..1493838 100644
--- a/secrets/restic/jitsi/base-repo.age
+++ b/secrets/restic/jitsi/base-repo.age
@@ -1,4 +1,5 @@
 age-encryption.org/v1
+<<<<<<< HEAD
 -> ssh-ed25519 iTd7eA ktPtHZZ/+e2knf7YT58/ejjo4yqOerXJQ14JfU9ILBQ
 NUJFutka+8RGBXsW/gn+y2zS68D6yHJo8KqjLjwfDq4
 -> piv-p256 ewCc3w A2IoLrli9N3qyiZvxKQLZg/LXIS2OqtoDKyeAbGPb+us
@@ -14,4 +15,20 @@ tsG1aNZdpxdnVhpbV9atHptidXZ8dvLI6ht7SlEWDT4
 -> ssh-ed25519 eXMAtA 2Ebl9bg/Nt+m3M+TyoXIH43tfliZQ7kroGf2QOnyaVE
 Zng4Ci0raemfl2xjK1dPd8uxlvX3Qd/ycI4f1DoJfiE
 --- WNg4DqhbLUxAUSRgmbA2JrOhHKSUk09U7OQFN6g9mPg
-E�s{�fK�d����r@��qX\)���H5e��?LG)5��_�I�n��=I=L�H�I)Y�~�F�P��^�i5ޠ.#O&���#��v)��(�h�A�� �=���_�6'�cG�rX���n��
\ No newline at end of file
+E�s{�fK�d����r@��qX\)���H5e��?LG)5��_�I�n��=I=L�H�I)Y�~�F�P��^�i5ޠ.#O&���#��v)��(�h�A�� �=���_�6'�cG�rX���n��
+=======
+-> ssh-ed25519 iTd7eA Y8wuvsreTRv20q2thRD7J4f61ogTENCAyn9bOJvADgc
+GhyAJSLpz4rO6zl3H6Szm9G5qLwS7BkzgP9s0XU52M8
+-> piv-p256 ewCc3w A591o/p2gMKoL2dFrxq27htq7TFaNHKHr3fDI9JaGzFp
+zIafFSNcP+YGUIxjrm5RrrS/y+AzGilY/aksh51Izy0
+-> piv-p256 6CL/Pw Atu81Usvghvl5fmnYVMxwETultr9LwmGfsDLj9R+LqHN
+KgKZhjQh3ooXF7QSqvYvWQsPeunJOcFkrrgL1g8k1+A
+-> ssh-ed25519 I2EdxQ 8YcX/73oQQRR2C104PFUrEroJB9YW3VCzMmiLFKKQXY
+T40fDigP+DgfhYMy4aHfmZa11PEr2oEC30YmSbAfh9Y
+-> ssh-ed25519 GNhSGw FsyM8yQ3BhgucvVWVL0cm3gItk4fcvRXDuG96MD1bxU
+P6ZC4DLPCuegUYzlOC3CFb/BBtTcH669PoDyJyY85Rs
+-> ssh-ed25519 eXMAtA Peaw1jyUzhIgV3ks8Jqf5MODj1eXdk7DJnC/0LLkcEs
+VeEI3YiVUzahRy96xODiOOs4566o1jDjC8YgWiPOsls
+--- UVx0VuBDrfGbdb3FhSHFO/IvykyJzErR7rFHD5nJ7r4
+K��x͇��z��1#�#f��������0�o�{{�/�X�=��P�):|�nފ�em*�l�,�A&�$?����mW��q�*�0t�X�m{��y�Ļ���ْ6W��#�cGt=EA��zg
X+
*�
+>>>>>>> 19622ff (Chiffrement cephiroth)