diff --git a/modules/secrets/acme/dns-key.age b/hosts/nixos/porthos/secrets/acme/dns-key.age
similarity index 100%
rename from modules/secrets/acme/dns-key.age
rename to hosts/nixos/porthos/secrets/acme/dns-key.age
diff --git a/modules/secrets/backup/credentials.age b/hosts/nixos/porthos/secrets/backup/credentials.age
similarity index 100%
rename from modules/secrets/backup/credentials.age
rename to hosts/nixos/porthos/secrets/backup/credentials.age
diff --git a/modules/secrets/backup/password.age b/hosts/nixos/porthos/secrets/backup/password.age
similarity index 100%
rename from modules/secrets/backup/password.age
rename to hosts/nixos/porthos/secrets/backup/password.age
diff --git a/modules/secrets/drone/gitea.age b/hosts/nixos/porthos/secrets/drone/gitea.age
similarity index 100%
rename from modules/secrets/drone/gitea.age
rename to hosts/nixos/porthos/secrets/drone/gitea.age
diff --git a/modules/secrets/drone/secret.age b/hosts/nixos/porthos/secrets/drone/secret.age
similarity index 100%
rename from modules/secrets/drone/secret.age
rename to hosts/nixos/porthos/secrets/drone/secret.age
diff --git a/modules/secrets/drone/ssh/private-key.age b/hosts/nixos/porthos/secrets/drone/ssh/private-key.age
similarity index 100%
rename from modules/secrets/drone/ssh/private-key.age
rename to hosts/nixos/porthos/secrets/drone/ssh/private-key.age
diff --git a/modules/secrets/gitea/mail-password.age b/hosts/nixos/porthos/secrets/gitea/mail-password.age
similarity index 100%
rename from modules/secrets/gitea/mail-password.age
rename to hosts/nixos/porthos/secrets/gitea/mail-password.age
diff --git a/modules/secrets/lohr/secret.age b/hosts/nixos/porthos/secrets/lohr/secret.age
similarity index 100%
rename from modules/secrets/lohr/secret.age
rename to hosts/nixos/porthos/secrets/lohr/secret.age
diff --git a/modules/secrets/lohr/ssh-key.age b/hosts/nixos/porthos/secrets/lohr/ssh-key.age
similarity index 100%
rename from modules/secrets/lohr/ssh-key.age
rename to hosts/nixos/porthos/secrets/lohr/ssh-key.age
diff --git a/modules/secrets/matrix/mail.age b/hosts/nixos/porthos/secrets/matrix/mail.age
similarity index 100%
rename from modules/secrets/matrix/mail.age
rename to hosts/nixos/porthos/secrets/matrix/mail.age
diff --git a/modules/secrets/matrix/secret.age b/hosts/nixos/porthos/secrets/matrix/secret.age
similarity index 100%
rename from modules/secrets/matrix/secret.age
rename to hosts/nixos/porthos/secrets/matrix/secret.age
diff --git a/modules/secrets/miniflux/credentials.age b/hosts/nixos/porthos/secrets/miniflux/credentials.age
similarity index 100%
rename from modules/secrets/miniflux/credentials.age
rename to hosts/nixos/porthos/secrets/miniflux/credentials.age
diff --git a/modules/secrets/monitoring/password.age b/hosts/nixos/porthos/secrets/monitoring/password.age
similarity index 100%
rename from modules/secrets/monitoring/password.age
rename to hosts/nixos/porthos/secrets/monitoring/password.age
diff --git a/modules/secrets/nextcloud/password.age b/hosts/nixos/porthos/secrets/nextcloud/password.age
similarity index 100%
rename from modules/secrets/nextcloud/password.age
rename to hosts/nixos/porthos/secrets/nextcloud/password.age
diff --git a/modules/secrets/paperless/password.age b/hosts/nixos/porthos/secrets/paperless/password.age
similarity index 100%
rename from modules/secrets/paperless/password.age
rename to hosts/nixos/porthos/secrets/paperless/password.age
diff --git a/modules/secrets/paperless/secret-key.age b/hosts/nixos/porthos/secrets/paperless/secret-key.age
similarity index 100%
rename from modules/secrets/paperless/secret-key.age
rename to hosts/nixos/porthos/secrets/paperless/secret-key.age
diff --git a/modules/secrets/podgrab/password.age b/hosts/nixos/porthos/secrets/podgrab/password.age
similarity index 100%
rename from modules/secrets/podgrab/password.age
rename to hosts/nixos/porthos/secrets/podgrab/password.age
diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix
index 31af365..6b77dc6 100644
--- a/hosts/nixos/porthos/secrets/secrets.nix
+++ b/hosts/nixos/porthos/secrets/secrets.nix
@@ -10,5 +10,56 @@ let
   ];
 in
 {
-  # Add secrets here
+  "acme/dns-key.age".publicKeys = all;
+
+  "backup/password.age".publicKeys = all;
+  "backup/credentials.age".publicKeys = all;
+
+  "drone/gitea.age".publicKeys = all;
+  "drone/secret.age".publicKeys = all;
+  "drone/ssh/private-key.age".publicKeys = all;
+
+  "gitea/mail-password.age" = {
+    owner = "git";
+    publicKeys = all;
+  };
+
+  "lohr/secret.age".publicKeys = all;
+  "lohr/ssh-key.age".publicKeys = all;
+
+  "matrix/mail.age" = {
+    owner = "matrix-synapse";
+    publicKeys = all;
+  };
+  "matrix/secret.age" = {
+    owner = "matrix-synapse";
+    publicKeys = all;
+  };
+
+  "miniflux/credentials.age".publicKeys = all;
+
+  "monitoring/password.age" = {
+    owner = "grafana";
+    publicKeys = all;
+  };
+
+  "nextcloud/password.age" = {
+    owner = "nextcloud";
+    publicKeys = all;
+  };
+
+  "paperless/password.age".publicKeys = all;
+  "paperless/secret-key.age".publicKeys = all;
+
+  "podgrab/password.age".publicKeys = all;
+
+  "sso/auth-key.age".publicKeys = all;
+  "sso/ambroisie/password-hash.age".publicKeys = all;
+  "sso/ambroisie/totp-secret.age".publicKeys = all;
+
+  "transmission/credentials.age".publicKeys = all;
+
+  "woodpecker/gitea.age".publicKeys = all;
+  "woodpecker/secret.age".publicKeys = all;
+  "woodpecker/ssh/private-key.age".publicKeys = all;
 }
diff --git a/modules/secrets/sso/ambroisie/password-hash.age b/hosts/nixos/porthos/secrets/sso/ambroisie/password-hash.age
similarity index 100%
rename from modules/secrets/sso/ambroisie/password-hash.age
rename to hosts/nixos/porthos/secrets/sso/ambroisie/password-hash.age
diff --git a/modules/secrets/sso/ambroisie/totp-secret.age b/hosts/nixos/porthos/secrets/sso/ambroisie/totp-secret.age
similarity index 100%
rename from modules/secrets/sso/ambroisie/totp-secret.age
rename to hosts/nixos/porthos/secrets/sso/ambroisie/totp-secret.age
diff --git a/modules/secrets/sso/auth-key.age b/hosts/nixos/porthos/secrets/sso/auth-key.age
similarity index 100%
rename from modules/secrets/sso/auth-key.age
rename to hosts/nixos/porthos/secrets/sso/auth-key.age
diff --git a/modules/secrets/sso/default.nix b/hosts/nixos/porthos/secrets/sso/default.nix
similarity index 100%
rename from modules/secrets/sso/default.nix
rename to hosts/nixos/porthos/secrets/sso/default.nix
diff --git a/modules/secrets/transmission/credentials.age b/hosts/nixos/porthos/secrets/transmission/credentials.age
similarity index 100%
rename from modules/secrets/transmission/credentials.age
rename to hosts/nixos/porthos/secrets/transmission/credentials.age
diff --git a/modules/secrets/woodpecker/gitea.age b/hosts/nixos/porthos/secrets/woodpecker/gitea.age
similarity index 100%
rename from modules/secrets/woodpecker/gitea.age
rename to hosts/nixos/porthos/secrets/woodpecker/gitea.age
diff --git a/modules/secrets/woodpecker/secret.age b/hosts/nixos/porthos/secrets/woodpecker/secret.age
similarity index 100%
rename from modules/secrets/woodpecker/secret.age
rename to hosts/nixos/porthos/secrets/woodpecker/secret.age
diff --git a/modules/secrets/woodpecker/ssh/private-key.age b/hosts/nixos/porthos/secrets/woodpecker/ssh/private-key.age
similarity index 100%
rename from modules/secrets/woodpecker/ssh/private-key.age
rename to hosts/nixos/porthos/secrets/woodpecker/ssh/private-key.age
diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix
index cd1210b..221d1e1 100644
--- a/modules/secrets/secrets.nix
+++ b/modules/secrets/secrets.nix
@@ -5,56 +5,6 @@ let
   inherit (keys) all;
 in
 {
-  "acme/dns-key.age".publicKeys = all;
-
-  "backup/password.age".publicKeys = all;
-  "backup/credentials.age".publicKeys = all;
-
-  "drone/gitea.age".publicKeys = all;
-  "drone/secret.age".publicKeys = all;
-  "drone/ssh/private-key.age".publicKeys = all;
-
-  "gitea/mail-password.age" = {
-    owner = "git";
-    publicKeys = all;
-  };
-
-  "lohr/secret.age".publicKeys = all;
-  "lohr/ssh-key.age".publicKeys = all;
-
-  "matrix/mail.age" = {
-    owner = "matrix-synapse";
-    publicKeys = all;
-  };
-  "matrix/secret.age" = {
-    owner = "matrix-synapse";
-    publicKeys = all;
-  };
-
-  "miniflux/credentials.age".publicKeys = all;
-
-  "monitoring/password.age" = {
-    owner = "grafana";
-    publicKeys = all;
-  };
-
-  "nextcloud/password.age" = {
-    # Must be readable by the service
-    owner = "nextcloud";
-    publicKeys = all;
-  };
-
-  "paperless/password.age".publicKeys = all;
-  "paperless/secret-key.age".publicKeys = all;
-
-  "podgrab/password.age".publicKeys = all;
-
-  "sso/auth-key.age".publicKeys = all;
-  "sso/ambroisie/password-hash.age".publicKeys = all;
-  "sso/ambroisie/totp-secret.age".publicKeys = all;
-
-  "transmission/credentials.age".publicKeys = all;
-
   "users/ambroisie/hashed-password.age".publicKeys = all;
   "users/root/hashed-password.age".publicKeys = all;
 
@@ -62,8 +12,4 @@ in
   "wireguard/milady/private-key.age".publicKeys = all;
   "wireguard/porthos/private-key.age".publicKeys = all;
   "wireguard/richelieu/private-key.age".publicKeys = all;
-
-  "woodpecker/gitea.age".publicKeys = all;
-  "woodpecker/secret.age".publicKeys = all;
-  "woodpecker/ssh/private-key.age".publicKeys = all;
 }