diff --git a/hosts/eldrid/sops.nix b/hosts/eldrid/sops.nix
index d48524a..ace120f 100644
--- a/hosts/eldrid/sops.nix
+++ b/hosts/eldrid/sops.nix
@@ -1,5 +1,11 @@
-{inputs, ...}: let
-  secretsPath = builtins.toString inputs.mysecrets;
+{
+  config,
+  inputs,
+  ...
+}: let
+  s = inputs.mysecrets;
+  hostname = config.networking.hostName;
+  sopsFile = "${s}/hosts/${hostname}.yaml";
 in {
   imports = with inputs; [
     sops-nix.nixosModules.sops
@@ -11,7 +17,7 @@ in {
       keyFile = "/var/lib/sops-nix/key.txt";
       generateKey = true;
     };
-    defaultSopsFile = "${secretsPath}/secrets.yaml";
+    defaultSopsFile = "${s}/common.yaml";
     secrets = {
       "user-password-hashed".neededForUsers = true;
       "ssh-config" = {
@@ -19,12 +25,14 @@ in {
         mode = "0400";
         owner = "user";
       };
-      "ssh-eldrid-user" = {
+      "ssh-${hostname}-user" = {
+        inherit sopsFile;
         path = "/home/user/.ssh/id_ed25519";
         mode = "0400";
         owner = "user";
       };
-      "ssh-eldrid-user.pub" = {
+      "ssh-${hostname}-user.pub" = {
+        inherit sopsFile;
         path = "/home/user/.ssh/id_ed25519.pub";
         mode = "0400";
         owner = "user";
diff --git a/hosts/sarien/sops.nix b/hosts/sarien/sops.nix
index 3e236a3..c9e2288 100644
--- a/hosts/sarien/sops.nix
+++ b/hosts/sarien/sops.nix
@@ -1,8 +1,15 @@
-{inputs, ...}: let
-  secretsPath = builtins.toString inputs.mysecrets;
+{
+  config,
+  inputs,
+  ...
+}: let
+  s = inputs.mysecrets;
+  # TODO: stop relying on networking.hostName
+  hostname = "sarien";
+  sopsFile = "${s}/hosts/${hostname}.yaml";
 in {
-  imports = [
-    inputs.sops-nix.nixosModules.sops
+  imports = with inputs; [
+    sops-nix.nixosModules.sops
   ];
 
   sops = {
@@ -11,7 +18,7 @@ in {
       keyFile = "/var/lib/sops-nix/key.txt";
       generateKey = true;
     };
-    defaultSopsFile = "${secretsPath}/secrets.yaml";
+    defaultSopsFile = "${s}/common.yaml";
     secrets = {
       "user-password-hashed".neededForUsers = true;
       "ssh-config" = {
@@ -19,12 +26,14 @@ in {
         mode = "0400";
         owner = "user";
       };
-      "ssh-sarien-user" = {
+      "ssh-${hostname}-user" = {
+        inherit sopsFile;
         path = "/home/user/.ssh/id_ed25519";
         mode = "0400";
         owner = "user";
       };
-      "ssh-sarien-user.pub" = {
+      "ssh-${hostname}-user.pub" = {
+        inherit sopsFile;
         path = "/home/user/.ssh/id_ed25519.pub";
         mode = "0400";
         owner = "user";