diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index b9696db..4d53ec0 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -7,15 +7,17 @@ let
     node = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETLBnc8kJokmFiA28BaSYpeE7flY1W0SM5C1pWv/tOv";
     pi4 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9fnNXzEmDdmtR+KWj/M9vQioFR0s/4jMnIkUFcj8As";
     proxy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAf6Z7SZEOH3H51T/GPIc/B0OpbaydM5l2PP3nMnwpFl";
+    git = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN8JLy/ipBfOet3/KT7rXOXHDjjmt+VqqQb3V+ILIuDN";
   };
 in {
   "cf_dns_kilonull.age".publicKeys = [users.me machines.node machines.gospel machines.pi4 machines.proxy];
-  "nextcloud_admin.age".publicKeys = [users.me machines.node machines.gospel];
-  "theengs_ble_mqtt.age".publicKeys = [users.me machines.pi4 machines.gospel];
-  "hass_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel];
-  "teslamate_db.age".publicKeys = [users.me machines.node machines.gospel];
-  "teslamate_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel];
-  "teslamate_encryption.age".publicKeys = [users.me machines.node machines.gospel];
-  "hydra-aws-creds.age".publicKeys = [users.me machines.gospel];
   "gitea-runner-gospel.age".publicKeys = [users.me machines.gospel];
+  "hass_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel];
+  "hydra-aws-creds.age".publicKeys = [users.me machines.gospel];
+  "nextcloud_admin.age".publicKeys = [users.me machines.node machines.gospel];
+  "tailscale_git_server.age".publicKeys = [users.me machines.git]; # This key expires, might have to update
+  "teslamate_db.age".publicKeys = [users.me machines.node machines.gospel];
+  "teslamate_encryption.age".publicKeys = [users.me machines.node machines.gospel];
+  "teslamate_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel];
+  "theengs_ble_mqtt.age".publicKeys = [users.me machines.pi4 machines.gospel];
 }
diff --git a/secrets/tailscale_git_server.age b/secrets/tailscale_git_server.age
new file mode 100644
index 0000000..1b73a72
Binary files /dev/null and b/secrets/tailscale_git_server.age differ
diff --git a/systems/x86_64-linux/git/default.nix b/systems/x86_64-linux/git/default.nix
index 291d4c7..eea3bd9 100644
--- a/systems/x86_64-linux/git/default.nix
+++ b/systems/x86_64-linux/git/default.nix
@@ -4,9 +4,12 @@
   ...
 }: let
   domain = "git.alejandr0angul0.dev";
+  secrets = config.age.secrets;
 in {
   imports = ["${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-config.nix"];
 
+  age.secrets.authKeyFile.file = ../../../secrets/tailscale_git_server.age;
+
   aa = {
     nix.enable = true;
 
@@ -17,6 +20,10 @@ in {
 
     services = {
       openssh.enable = true;
+      tailscale = {
+        enable = true;
+        configureClientRouting = true;
+      };
     };
   };
 
@@ -25,6 +32,11 @@ in {
     enableACME = true;
   };
 
+  services.tailscale = {
+    authKeyFile = secrets.authKeyFile.path;
+    extraUpFlags = ["--ssh"];
+  };
+
   security.acme = {
     acceptTerms = true;
     defaults = {