diff --git a/.gitea/workflows/checks.yaml b/.gitea/workflows/checks.yaml
index 8d77bee6..823cf3a7 100644
--- a/.gitea/workflows/checks.yaml
+++ b/.gitea/workflows/checks.yaml
@@ -10,3 +10,10 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - run: nix run .#impure-checks
+  deploy-docs:
+    runs-on: nix
+    steps:
+      - uses: actions/checkout@v3
+      - run: nix run .#deploy-docs
+    env:
+      SSH_HOMEPAGE_KEY: ${{ secrets.SSH_HOMEPAGE_KEY }}
\ No newline at end of file
diff --git a/checks/secrets/default.nix b/checks/secrets/default.nix
index 97b9a7e4..f4bbbfac 100644
--- a/checks/secrets/default.nix
+++ b/checks/secrets/default.nix
@@ -4,10 +4,11 @@
   nodes.machine =
     { self, config, ... }:
     {
+      environment.etc."privkey.age".source = ./key.age;
       imports = [ (self.nixosModules.clanCore) ];
       environment.etc."secret".source = config.sops.secrets.secret.path;
       environment.etc."group-secret".source = config.sops.secrets.group-secret.path;
-      sops.age.keyFile = ./key.age;
+      sops.age.keyFile = "/etc/privkey.age";
 
       clanCore.clanDir = "${./.}";
       clanCore.machineName = "machine";
diff --git a/docs/nix/deploy-docs.nix b/docs/nix/deploy-docs.nix
index e0cf6878..d02a30e7 100644
--- a/docs/nix/deploy-docs.nix
+++ b/docs/nix/deploy-docs.nix
@@ -8,7 +8,7 @@
 }:
 
 writeShellScriptBin "deploy-docs" ''
-  set -eux -o pipefail
+  set -eu -o pipefail
   export PATH="${
     lib.makeBinPath [
       coreutils
@@ -17,6 +17,12 @@ writeShellScriptBin "deploy-docs" ''
     ]
   }"
 
+  #########################################
+  #                                       #
+  # DO NOT PRINT THE SSH KEY TO THE LOGS  #
+  #                                       #
+  #########################################
+  set +x
   if [ -n "''${SSH_HOMEPAGE_KEY:-}" ]; then
     echo "$SSH_HOMEPAGE_KEY" > ./ssh_key
     chmod 600 ./ssh_key
@@ -24,6 +30,13 @@ writeShellScriptBin "deploy-docs" ''
   else
     sshExtraArgs=
   fi
+  set -x
+  ###########################
+  #                         #
+  #    END OF DANGER ZONE   #
+  #                         #
+  ###########################
+
 
   rsync \
     -e "ssh -o StrictHostKeyChecking=no $sshExtraArgs" \
diff --git a/pkgs/moonlight-sunshine-accept/moonlight_sunshine_accept/sunshine/api.py b/pkgs/moonlight-sunshine-accept/moonlight_sunshine_accept/sunshine/api.py
index 7969802b..a44109ed 100644
--- a/pkgs/moonlight-sunshine-accept/moonlight_sunshine_accept/sunshine/api.py
+++ b/pkgs/moonlight-sunshine-accept/moonlight_sunshine_accept/sunshine/api.py
@@ -22,7 +22,7 @@ def pair(pin: str) -> str:
     user_and_pass = base64.b64encode(b"sunshine:sunshine").decode("ascii")
     headers = {
         "Content-Type": "application/json",
-        "Authorization": "Basic %s" % user_and_pass,
+        "Authorization": f"Basic {user_and_pass}",
     }
 
     # Define the parameters
@@ -47,7 +47,7 @@ def restart() -> None:
     user_and_pass = base64.b64encode(b"sunshine:sunshine").decode("ascii")
     headers = {
         "Content-Type": "application/json",
-        "Authorization": "Basic %s" % user_and_pass,
+        "Authorization": f"Basic {user_and_pass}",
     }
 
     # Define the parameters