diff --git a/flake.lock b/flake.lock
index a68d14b..1aba727 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1003,11 +1003,11 @@
     "mysecrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1742907009,
-        "narHash": "sha256-BP5CUVdaXcBdeiPeeF4lQWd/FweyaNTv9Td6doem/O0=",
+        "lastModified": 1743273192,
+        "narHash": "sha256-G9VhIc+Fc+w4LDR81xmkj3xxbrvYJUOTM9sM4191ucY=",
         "ref": "refs/heads/main",
-        "rev": "ef50249e9e26737dde7d9095ce528c2c47097494",
-        "revCount": 12,
+        "rev": "e8f749354223905785f4510fde10b528bf1b2ba2",
+        "revCount": 13,
         "type": "git",
         "url": "ssh://gitea@gitea.linerds.us/unexplrd/nix-secrets"
       },
diff --git a/hosts/dunamis/sops.nix b/hosts/dunamis/sops.nix
index 2a79ab4..ace120f 100644
--- a/hosts/dunamis/sops.nix
+++ b/hosts/dunamis/sops.nix
@@ -1,4 +1,12 @@
-{inputs, ...}: {
+{
+  config,
+  inputs,
+  ...
+}: let
+  s = inputs.mysecrets;
+  hostname = config.networking.hostName;
+  sopsFile = "${s}/hosts/${hostname}.yaml";
+in {
   imports = with inputs; [
     sops-nix.nixosModules.sops
   ];
@@ -9,7 +17,7 @@
       keyFile = "/var/lib/sops-nix/key.txt";
       generateKey = true;
     };
-    defaultSopsFile = "${toString inputs.mysecrets}/secrets.yaml";
+    defaultSopsFile = "${s}/common.yaml";
     secrets = {
       "user-password-hashed".neededForUsers = true;
       "ssh-config" = {
@@ -17,12 +25,14 @@
         mode = "0400";
         owner = "user";
       };
-      "ssh-dunamis-user" = {
+      "ssh-${hostname}-user" = {
+        inherit sopsFile;
         path = "/home/user/.ssh/id_ed25519";
         mode = "0400";
         owner = "user";
       };
-      "ssh-dunamis-user.pub" = {
+      "ssh-${hostname}-user.pub" = {
+        inherit sopsFile;
         path = "/home/user/.ssh/id_ed25519.pub";
         mode = "0400";
         owner = "user";