diff --git a/bundles/mirror/metadata.py b/bundles/mirror/metadata.py
new file mode 100644
index 0000000..8f444ca
--- /dev/null
+++ b/bundles/mirror/metadata.py
@@ -0,0 +1,17 @@
+defaults = {
+    'mirror': {},
+}
+
+
+@metadata_reactor.provides(
+    'systemd-timers',
+)
+def timers(metadata):
+    return {
+        'systemd-timers': {
+            f'mirror-{name}': {
+                'command': f"/usr/bin/scp -r -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null '{config['from']}' '{config['to']}'",
+                'when': 'hourly',
+            } for name, config in metadata.get('mirror').items()
+        }
+    }
diff --git a/bundles/users/items.py b/bundles/users/items.py
index 41fdb22..2e69108 100644
--- a/bundles/users/items.py
+++ b/bundles/users/items.py
@@ -24,5 +24,5 @@ for name, config in node.metadata.get('users').items():
     }
 
     users[name] = config
-    for option in ['authorized_keys', 'privkey', 'pubkey', 'keytype']:
+    for option in ['authorized_keys', 'authorized_users', 'privkey', 'pubkey', 'keytype']:
         users[name].pop(option, None)
diff --git a/bundles/users/metadata.py b/bundles/users/metadata.py
index 6eb5df7..85e4d84 100644
--- a/bundles/users/metadata.py
+++ b/bundles/users/metadata.py
@@ -9,6 +9,29 @@ defaults = {
 }
 
 
+@metadata_reactor.provides(
+    'users',
+)
+def authorized_usersuser(metadata):
+    users = {}
+
+    for name, config in metadata.get('users').items():
+        for authorized_user in config.get('authorized_users', []):
+            authorized_user_name, authorized_user_node = authorized_user.split('@')
+            users\
+                .setdefault(name, {})\
+                .setdefault('authorized_keys', [])\
+                .append(
+                    repo\
+                        .get_node(authorized_user_node)\
+                        .metadata\
+                        .get(f'users/{authorized_user_name}/pubkey')
+                )
+    return {
+        'users': users,
+    }
+
+
 @metadata_reactor.provides(
     'users',
 )
diff --git a/nodes/home.server.py b/nodes/home.server.py
index 560f24f..6dac01b 100644
--- a/nodes/home.server.py
+++ b/nodes/home.server.py
@@ -11,6 +11,7 @@
         'gitea',
         'grafana',
         'influxdb2',
+        'mirror',
         'postgresql',
         'redis',
         'wireguard',
@@ -18,6 +19,12 @@
     ],
     'metadata': {
         'id': 'af96709e-b13f-4965-a588-ef2cd476437a',
+        'mirror': {
+            'certs': {
+                'from': '10.0.10.2:/var/lib/dehydrated/certs',
+                'to': '/var/lib/dehydrated/certs',
+            },
+        },
         'network': {
             'internal': {
                 'interface': 'enp1s0f0',
diff --git a/nodes/htz.mails.py b/nodes/htz.mails.py
index c1eb523..19ece27 100644
--- a/nodes/htz.mails.py
+++ b/nodes/htz.mails.py
@@ -102,6 +102,13 @@
             'version': '1.4.11',
             'installer': True,
         },
+        'users': {
+            'root': {
+                'authorized_users': [
+                    'root@home.server',
+                ],
+            },
+        },
         'vm': {
             'cores': 2,
             'ram': 8096,