diff --git a/.gitattributes b/.gitattributes
deleted file mode 100644
index 6cbe6fb..0000000
--- a/.gitattributes
+++ /dev/null
@@ -1 +0,0 @@
-*.secrets.yaml diff=sopsdiffer
diff --git a/README.md b/README.md
index 62bf3fa..a756522 100644
--- a/README.md
+++ b/README.md
@@ -233,8 +233,6 @@ If the accessing process is not root it must be member of the group `config.user
 for systemd services this can be archived by setting `serviceConfig.SupplementaryGroups = [ config.users.groups.keys.name ];`
 it the service configuration.
 
-For cleartext diffs configure your local clone with `git config diff.sopsdiffer.textconv "sops decrypt"` (see [Github](https://github.com/getsops/sops?tab=readme-ov-file#showing-diffs-in-cleartext-in-git)).
-
 ## impermanence
 
 These machines are setup with `"/"` as a tmpfs. This is there to keep the machines clean. So no clutter in home
diff --git a/nixos/roles/admins.nix b/nixos/roles/admins.nix
index 1539d75..56a653c 100644
--- a/nixos/roles/admins.nix
+++ b/nixos/roles/admins.nix
@@ -38,6 +38,15 @@ with lib; let
         "ocean.mathebau.de-1:G3Jz3mErIy8Mq8Ih+A5pbwDrx7vREcOpKgY8JCQ9dAk="
       ];
     };
+    magnus = {
+      hashedPassword = "$6$54ip1KDxZCj6hWqm$.jIHeZ4iaoOkFZbx1z5Abb1YPW2vJ.R7mLqqYJgWCNRO26Xgkq4lilo/cWkRo7hRmiKamieEoQERbr0c6tAUH1";
+      sshKeys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILM7LCeZl1T2dd/+lnUlINhgCO6s4nJsrIs9pRs7gRpH mangus@pop-os"
+      ];
+      nixKeys = [
+        "magnus:SNrfMnghIqVVD4QHiOiJEA1WtQ8Z15cyLTdPQeXZtR8="
+      ];
+    };
   };
 
   mkAdmin = name: {