diff --git a/.sops.yaml b/.sops.yaml
index f20c33f..2ef9e08 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -10,6 +10,7 @@ keys:
   - &host_ildkule age1x28hmzvuv6f2n66c0jtqcca3h9rput8d7j5uek6jcpx8n9egd52sqpejq0
   - &host_bekkalokk age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd
   - &host_bicep age1sl43gc9cw939z5tgha2lpwf0xxxgcnlw7w4xem4sqgmt2pt264vq0dmwx2
+  - &host_buskerud age1tmn5qahlyf0e579e4camckdyxrexjzffv54hdzdnrw7lzqs7kyqq0f2fr3
 
 creation_rules:
   # Global secrets
@@ -60,3 +61,10 @@ creation_rules:
       - *user_felixalb
       pgp:
       - *user_oysteikt
+
+  - path_regex: secrets/buskerud/[^/]+\.yaml$
+    key_groups:
+    - age:
+      - *host_buskerud
+      - *user_danio
+      - *user_eirikwit
diff --git a/hosts/buskerud/configuration.nix b/hosts/buskerud/configuration.nix
index 14eec65..153add1 100644
--- a/hosts/buskerud/configuration.nix
+++ b/hosts/buskerud/configuration.nix
@@ -6,6 +6,12 @@
     ../../misc/metrics-exporters.nix
   ];
 
+  sops.defaultSopsFile = ../../secrets/buskerud/buskerud.yaml;
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
+  sops.age.generateKey = true;
+
+
   # buskerud does not support efi?
   # boot.loader.systemd-boot.enable = true;
   # boot.loader.efi.canTouchEfiVariables = true;
diff --git a/hosts/buskerud/services/bluemap.nix b/hosts/buskerud/services/bluemap.nix
new file mode 100644
index 0000000..5a30529
--- /dev/null
+++ b/hosts/buskerud/services/bluemap.nix
@@ -0,0 +1,21 @@
+{config, ...}:
+{
+
+  sops.secrets."bluemap_ssh_key" = {
+    owner = "root";
+    mode = "0400";
+  };
+
+  services.bluemap = {
+    enable = true;
+    eula = true;
+    defaultWorld = "/var/lib/bluemap/vanilla";
+    host = "minecraft.pvv.ntnu.no";
+  };
+
+  systemd.services."render-bluemap-maps".preStart = ''
+    rsync -e 'ssh -i ${config.sops.secrets."bluemap_ssh_key".path} -o "StrictHostKeyChecking accept-new"' \
+      root@innovation.pvv.ntnu.no:/var/backups/minecraft/current/ \
+      /var/lib/bluemap/vanilla"
+    '';
+}
diff --git a/secrets/buskerud/buskerud.yaml b/secrets/buskerud/buskerud.yaml
new file mode 100644
index 0000000..779a215
--- /dev/null
+++ b/secrets/buskerud/buskerud.yaml
@@ -0,0 +1,39 @@
+bluemap_ssh_key: ENC[AES256_GCM,data:2kv/cDEEQMHJdwTmmTxtyxOZz8duggaT61U69IuiOJ2yuwqkujOHZ2gkCtGa1VyFPn6wg4OTiSA/Loz+QmTSKz+8HqvY/Lybks+offDZ1mukL5NiWLUVmNZdfdHaMeEyiZsxiMoWEgFtMiKvgmdMMPa/BCHZCMCxMWFAcuiZgbhGyGukdo0wQd5RcEDaY4JZ7q95ndAn4K7gi9q1K7MLOvI5t2hGibj8DrqriXqg9mahsiFZdKWxjf3tBX0MzS85wAtleQWXmH5FRvECmdOj3OSp92JMqU/WDlQih3xjnw1Ci3L/hdwgGLHZTf/RzuPpGh2OD26A7gUjOFh+M5z2dVVtZ40F8tQFxpQxkkJBsqTNbDKuw7/KPpZUJkn4UYBkhzraG/62md/9sS9+GjTHBhfYQYHbDU8ZbPO5ZSoZfshRDUuP0qYXiQw7cxA5BQIhwYdn26uy2ghiHsP713Tz91ESVjlCZLLduGySWEQNAxSdzFu9yEyp4xdl8l9udlnxVV2/5Xm5kQEdiUMwiBpUhrghdEl6lOzome5h,iv:uiYaQgOnhFvWze/oHGSpAu8+m89l4tGCgRauDzU3ZqE=,tag:eCYgCH+e8hNYpBIFWFOTbA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1tmn5qahlyf0e579e4camckdyxrexjzffv54hdzdnrw7lzqs7kyqq0f2fr3
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvL2dqdHFwWURFSWJEUkVl
+            eXR2cTQyTXpzUEFra0drdUgzRUNmSXA4eGc0CmRoWnp5UUUyQy9kK0dHVjF3WkFp
+            M0loS1RXeWxHSGNTQUljS05jaDBxMDQKLS0tIDhyUGdvcE1iMWxJeWhYb3JFTi9q
+            Y0RrVHNhcVU3WFd2NitlQ3l4Ry9JTkEKALBawjOt7hChok/cHRa38HkB0KVEKvik
+            r2jO26j9AUU5mqjR/dIko3jvfcXoNUNRYrMwaBfRa6AFnNBoN3g0ng==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzV1R0cWxoTXNKNnpsUjE5
+            c01Oc3J5M2F2cDVKOTNma0J3eFVwa0pXQmpjCkdxRjJZTlFWSlh2UFR2emx4OVVY
+            T3gzSWdXNTlyS0VJSXRnTXZweER6V00KLS0tIGdFU3oxZ3lzQTBjU0hyYjV5M2cr
+            VnUvcGZDbEZuZitQS1g1NmRtb3JnNDAKV6otQlYUSF5ScyYL6LlstPU1pkLMY8r0
+            /NEuN9A7l2m9Wy8iItx+ZhwGp9pEPsgdsQLJQtJFfaA6lNuFhbgqfg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1ju7rd26llahz3g8tz7cy5ld52swj8gsmg0flrmrxngc0nj0avq3ssh0sn5
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNbmpMaWhpQTQzR05Cd0cw
+            b3dJRXVoUmFzZGxMeC9tVk9acndMemlrTHhzCkVtMHJ1bE94T25wRmpTZnpHbUdq
+            NzQ4T0pLZW56TEV2emQ5RHVXTDAvdmsKLS0tIFJ0OWxNYkIxOVBVV1hmZDdoeEhm
+            blB3M2JIMmk3Tmh6WjIzQjlHSW9GNDAKB3gdJL9AlF4fsCMujd/6HnieDwhCZnex
+            QDU87yTePHAppnqLp+ZuVdSbqcsnQclmbm92M3S6LuKpoDhGxeHrEw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-06-08T23:34:34Z"
+    mac: ENC[AES256_GCM,data:CLsz6UgS1LO/5SArmT7utald3TzQUWwEiSRw3dF1RaCwyb0Fc16/5DxJSk0KGLiJRlDXses/ynSjoyaBdTagijJPKQZCpx3fHZFqEJk6Wne4zQ4EoFbY1SpPrkhGVGMYaUg/H/NapoAEiq619YudR9W6GqF8ZkauXE76wls63FM=,iv:I09LFoSkeMAWHmvXtIF4+FURZ4tOQGCXQqbNrKz5t7s=,tag:xauT9sah+26A9pRrwXlsiQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1