diff --git a/modules/core/default.nix b/modules/core/default.nix
index 5b5144f..15387fb 100644
--- a/modules/core/default.nix
+++ b/modules/core/default.nix
@@ -5,6 +5,7 @@
   imports = [
     ./grub.nix
     ./packages.nix
+    ./sops.nix
     ./ssh.nix
     ./system.nix
     ./tty.nix
diff --git a/modules/core/sops.nix b/modules/core/sops.nix
new file mode 100644
index 0000000..594408f
--- /dev/null
+++ b/modules/core/sops.nix
@@ -0,0 +1,19 @@
+{
+  inputs,
+  ...
+}:
+let
+  secretsPath = builtins.toString inputs.mysecrets;
+in
+{
+  sops = {
+    defaultSopsFile = "${secretsPath}/secrets.yaml";
+    age = {
+      sshKeyPaths = [
+        "/etc/ssh/ssh_host_ed25519_key"
+      ];
+      keyFile = "/var/lib/sops-nix/key.txt";
+      generateKey = true;
+    };
+  };
+}
diff --git a/modules/core/users.nix b/modules/core/users.nix
index 4a6ea3c..4f2be41 100644
--- a/modules/core/users.nix
+++ b/modules/core/users.nix
@@ -5,6 +5,11 @@
   ...
 }:
 {
+  sops.secrets = {
+    "users_password/beastie" = {
+      neededForUsers = true;
+    };
+  };
   users = {
     users = {
       ${username} = {
@@ -18,7 +23,7 @@
           "video"
         ];
         openssh.authorizedKeys.keys = [
-          config.sops.secrets."ssh_keys/beastie_priv".path
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAKMJ3TkEmRQcX7RQijNa2km6a2xXJk6M6FERh7C9nTJ"
         ];
         shell = pkgs.zsh;
       };
diff --git a/modules/optionnals/sops-desktop.nix b/modules/optionnals/sops-desktop.nix
index d08a718..1aa8ce5 100644
--- a/modules/optionnals/sops-desktop.nix
+++ b/modules/optionnals/sops-desktop.nix
@@ -1,76 +1,61 @@
 {
-  inputs,
   username,
   ...
 }:
-let
-  secretsPath = builtins.toString inputs.mysecrets;
-in
 {
-  sops = {
-    defaultSopsFile = "${secretsPath}/secrets.yaml";
-    age = {
-      sshKeyPaths = [
-        "/etc/ssh/ssh_host_ed25519_key"
-      ];
-      keyFile = "/var/lib/sops-nix/key.txt";
-      generateKey = true;
+  sops.secrets = {
+    "users_password/beastie" = {
+      neededForUsers = true;
     };
-
-    secrets = {
-      "users_password/beastie" = {
-        neededForUsers = true;
-      };
-      "ssh_keys/default_pub" = {
-        owner = "${username}";
-        mode = "0644";
-        path = "/home/${username}/.ssh/id_ed25519.pub";
-      };
-      "ssh_keys/default_priv" = {
-        owner = "${username}";
-        mode = "0600";
-        path = "/home/${username}/.ssh/id_ed25519";
-      };
-      "ssh_keys/ansible_pub" = {
-        owner = "${username}";
-        mode = "0644";
-        path = "/home/${username}/.ssh/id_ed25519_ansible.pub";
-      };
-      "ssh_keys/ansible_priv" = {
-        owner = "${username}";
-        mode = "0600";
-        path = "/home/${username}/.ssh/id_ed25519_ansible";
-      };
-      "ssh_keys/beastie_pub" = {
-        owner = "${username}";
-        mode = "0644";
-        path = "/home/${username}/.ssh/id_ed25519_beastie.pub";
-      };
-      "ssh_keys/beastie_priv" = {
-        owner = "${username}";
-        mode = "0600";
-        path = "/home/${username}/.ssh/id_ed25519_beastie";
-      };
-      "ssh_keys/gitea_semaphore_pub" = {
-        owner = "${username}";
-        mode = "0644";
-        path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore.pub";
-      };
-      "ssh_keys/gitea_semaphore_priv" = {
-        owner = "${username}";
-        mode = "0600";
-        path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore";
-      };
-      "ssh_keys/wol_pub" = {
-        owner = "${username}";
-        mode = "0644";
-        path = "/home/${username}/.ssh/id_ed25519_wol";
-      };
-      "ssh_keys/wol_priv" = {
-        owner = "${username}";
-        mode = "0600";
-        path = "/home/${username}/.ssh/id_ed25519_wol.priv";
-      };
+    "ssh_keys/default_pub" = {
+      owner = "${username}";
+      mode = "0644";
+      path = "/home/${username}/.ssh/id_ed25519.pub";
+    };
+    "ssh_keys/default_priv" = {
+      owner = "${username}";
+      mode = "0600";
+      path = "/home/${username}/.ssh/id_ed25519";
+    };
+    "ssh_keys/ansible_pub" = {
+      owner = "${username}";
+      mode = "0644";
+      path = "/home/${username}/.ssh/id_ed25519_ansible.pub";
+    };
+    "ssh_keys/ansible_priv" = {
+      owner = "${username}";
+      mode = "0600";
+      path = "/home/${username}/.ssh/id_ed25519_ansible";
+    };
+    "ssh_keys/beastie_pub" = {
+      owner = "${username}";
+      mode = "0644";
+      path = "/home/${username}/.ssh/id_ed25519_beastie.pub";
+    };
+    "ssh_keys/beastie_priv" = {
+      owner = "${username}";
+      mode = "0600";
+      path = "/home/${username}/.ssh/id_ed25519_beastie";
+    };
+    "ssh_keys/gitea_semaphore_pub" = {
+      owner = "${username}";
+      mode = "0644";
+      path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore.pub";
+    };
+    "ssh_keys/gitea_semaphore_priv" = {
+      owner = "${username}";
+      mode = "0600";
+      path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore";
+    };
+    "ssh_keys/wol_pub" = {
+      owner = "${username}";
+      mode = "0644";
+      path = "/home/${username}/.ssh/id_ed25519_wol";
+    };
+    "ssh_keys/wol_priv" = {
+      owner = "${username}";
+      mode = "0600";
+      path = "/home/${username}/.ssh/id_ed25519_wol.priv";
     };
   };
 }