diff --git a/hosts/forgenite/default.nix b/hosts/forgenite/default.nix
index f5adaf7..68090b3 100644
--- a/hosts/forgenite/default.nix
+++ b/hosts/forgenite/default.nix
@@ -7,7 +7,7 @@
       ./../../meta/profiles/base.nix
       ./../../meta/profiles/vm.nix
     ];
-  sops.secrets.forgenite.sopsFile = ./../../secrets/hosts/forgenite.yaml
+  sops.secrets."hosts/forgenite/db_password" = {};
   # Use UEFI
   boot.loader.systemd-boot.enable = true;
 
diff --git a/meta/modules/sops/default.nix b/meta/modules/sops/default.nix
new file mode 100644
index 0000000..49b8cb7
--- /dev/null
+++ b/meta/modules/sops/default.nix
@@ -0,0 +1,23 @@
+{ pkgs, lib, config, ... }:
+let
+  cfg = config.lyn.sops;
+in
+{
+  options.lyn.sops = with lib; {
+    secrets = mkOption {
+      type = types.attrs;
+      default = { };
+    };
+  };
+  config = {
+    sops.secrets = lib.mapAttrs
+      (name: value:
+        let
+          name_split = lib.splitString "/" name;
+        in
+        {
+          sopsFile = ../../../secrets/${builtins.elemAt name_split 0}/${builtins.elemAt name_split 1}.yaml;
+        } // value)
+      cfg.secrets;
+  };
+}
diff --git a/secrets/hosts/forgenite.yaml b/secrets/hosts/forgenite.yaml
index 39435ed..31c4db4 100644
--- a/secrets/hosts/forgenite.yaml
+++ b/secrets/hosts/forgenite.yaml
@@ -1,5 +1,6 @@
-forgejo:
-    db_password: ENC[AES256_GCM,data:Gkk441Tlty2ENGqBSDL/xSS75FOunM/Bfa0TBVV9KjW1DnD/Bx7lSw==,iv:V6g/vuPIhEE6OBaHDPdWIDdv7YAgy0crpmUMpMceJnk=,tag:LH8+qRtrCaHJLKzRB5Nnvw==,type:str]
+hosts:
+    forgenite:
+        forgejo_db_password: ENC[AES256_GCM,data:1Qp6kLbt4tO+9/i5JN2rRjZJW0gJDKEQV9XmDEEts4bVvOsBCu6wYg==,iv:FZCthW7Yo9z0KqJvjhnQaNX1rqdUeINyfdM3xdLcOrk=,tag:32peH4VsZ3hLeC7XAqINAg==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -24,8 +25,8 @@ sops:
             YnpWY3ZsZWdQcEc2YTJJeldTaTdCVkkKA8cfHrWV7COWKYf19IP/dt/mPM6PDWvm
             DiTB8JBSKTlsBsvA26qkPHcKyXCBjLDaSi1hmGI6PhI7nIDTQ15t6w==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-05T21:45:11Z"
-    mac: ENC[AES256_GCM,data:201CRHfhVUf5v1X1LfMH1p59eiLd+ZYEU937iZqCo5+rZ05hSpfXF6XVUdqMI6qgtl1jHY7hWQC4frnprM1BRh0ai/9aV4MKZn4oUCGq6x/avEf442eDL/RPV5pLlvVw1w/SA7lDqOqjaCuF9nDjr03uO7IhqsCLDaUv4JOI/Fg=,iv:W5ulyrMD6XeQ5j3TGhMfC8bh76C+jgXXSn9Em1+XbQo=,tag:sJne9+WMTh1HWTbqzHAiHQ==,type:str]
+    lastmodified: "2024-09-06T00:00:08Z"
+    mac: ENC[AES256_GCM,data:LC/WIffWQMHRk0ty3bnSGNyUySjYIA84euR5dgb95+uegLzAaMtBehnE5GB36eMzciMSP95jP2KOHfDimwU7eugeauEgJLrtv8Sp5r29LnU+MLDpAVwqw/HDZq8J7LIoYspqMr19ZxwcG1K4kfNlB7JYSuP7V7DhXo+I5/Qjv8A=,iv:CHf0KGCpbFIEMjgkxxS8RvSfOrGRYdGd/rdVJ/XPkoI=,tag:ZghIOEu9NLchxz7j4Er6QQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.0
diff --git a/services/forgejo.nix b/services/forgejo.nix
index 8f85864..e2e9e31 100644
--- a/services/forgejo.nix
+++ b/services/forgejo.nix
@@ -26,7 +26,7 @@ with lib; with builtins; {
     };
     database = {
       user = "forgejo";
-      passwordFile = config.sops.secrets."forgejo/db_password".path;
+      passwordFile = config.sops.secrets."hosts/forgenite/forgejo_db_password".path;
       name = "forgejodb";
       type = "mysql";
     };