diff --git a/configs/update.nix b/configs/update.nix
index 46a2db2..df1a9b5 100644
--- a/configs/update.nix
+++ b/configs/update.nix
@@ -12,6 +12,14 @@ with lib; {
         type = lib.types.bool;
       };
     };
+    needsDeploy = {
+      enable = mkOption {
+        description = "Host needs deploy key to receive encrypted secrets";
+        default = true;
+        example = true;
+        type = lib.types.bool;
+      };
+    };
   };
 
   config = mkMerge [
@@ -24,15 +32,17 @@ with lib; {
         dates = "*-*-* *:05:00";
       };
     })
-    {
-      # Always add our host alias or we run into a bootstrap issue
-      programs.ssh.extraConfig = ''
-        Host xin-secrets-ro
-          IdentityFile ${config.sops.secrets.xin_secrets_deploy_key.path}
-          User gitea
-          Port 2222
-          Hostname git.tapenet.org
-      '';
-    }
+
+    # Always add our host alias or we run into a bootstrap issue
+    (mkIf config.needsDeploy.enable {
+      programs.ssh.extraConfig =
+        ''
+          Host xin-secrets-ro
+            IdentityFile ${config.sops.secrets.xin_secrets_deploy_key.path}
+            User gitea
+            Port 2222
+            Hostname git.tapenet.org
+        '';
+    })
   ];
 }
diff --git a/hosts/tv/default.nix b/hosts/tv/default.nix
index a353b14..c6889cb 100644
--- a/hosts/tv/default.nix
+++ b/hosts/tv/default.nix
@@ -22,6 +22,8 @@ in
     ./hardware-configuration.nix
   ];
 
+  needsDeploy.enable = false;
+
   boot = {
     loader = {
       systemd-boot.enable = true;