diff --git a/hosts/sarien/configuration.nix b/hosts/sarien/configuration.nix
index 82455d5..53fdc6f 100644
--- a/hosts/sarien/configuration.nix
+++ b/hosts/sarien/configuration.nix
@@ -20,7 +20,7 @@
 
   module.stylix = {
     enable = true;
-    theme = "nord";
+    theme = "helios";
   };
 
   opentabletdriver.enable = false;
diff --git a/hosts/sarien/sops.nix b/hosts/sarien/sops.nix
index c9e2288..37d946f 100644
--- a/hosts/sarien/sops.nix
+++ b/hosts/sarien/sops.nix
@@ -3,10 +3,15 @@
   inputs,
   ...
 }: let
-  s = inputs.mysecrets;
+  inherit (inputs) mysecrets;
   # TODO: stop relying on networking.hostName
   hostname = "sarien";
-  sopsFile = "${s}/hosts/${hostname}.yaml";
+  sopsFile = mysecrets + "/hosts/${hostname}.yaml";
+  dotSsh = name: "/home/user/.ssh/" + name;
+  sshKey = {
+    mode = "0400";
+    owner = "user";
+  };
 in {
   imports = with inputs; [
     sops-nix.nixosModules.sops
@@ -18,45 +23,39 @@ in {
       keyFile = "/var/lib/sops-nix/key.txt";
       generateKey = true;
     };
-    defaultSopsFile = "${s}/common.yaml";
+    defaultSopsFile = mysecrets + "/common.yaml";
     secrets = {
       "user-password-hashed".neededForUsers = true;
       "ssh-config" = {
-        path = "/home/user/.ssh/config";
+        path = dotSsh "config";
         mode = "0400";
         owner = "user";
       };
       "ssh-${hostname}-user" = {
         inherit sopsFile;
-        path = "/home/user/.ssh/id_ed25519";
-        mode = "0400";
-        owner = "user";
+        inherit (sshKey) mode owner;
+        path = dotSsh "id_ed25519";
       };
       "ssh-${hostname}-user.pub" = {
         inherit sopsFile;
-        path = "/home/user/.ssh/id_ed25519.pub";
-        mode = "0400";
-        owner = "user";
+        inherit (sshKey) mode owner;
+        path = dotSsh "id_ed25519.pub";
       };
       "ssh-unexplrd" = {
-        path = "/home/user/.ssh/id_unexplrd_ed25519";
-        mode = "0400";
-        owner = "user";
+        inherit (sshKey) mode owner;
+        path = dotSsh "id_unexplrd_ed25519";
       };
       "ssh-unexplrd.pub" = {
-        path = "/home/user/.ssh/id_unexplrd_ed25519.pub";
-        mode = "0400";
-        owner = "user";
+        inherit (sshKey) mode owner;
+        path = dotSsh "id_unexplrd_ed25519.pub";
       };
       "ssh-uni" = {
-        path = "/home/user/.ssh/id_uni_ed25519";
-        mode = "0400";
-        owner = "user";
+        inherit (sshKey) mode owner;
+        path = dotSsh "id_uni_ed25519";
       };
       "ssh-uni.pub" = {
-        path = "/home/user/.ssh/id_uni_ed25519.pub";
-        mode = "0400";
-        owner = "user";
+        inherit (sshKey) mode owner;
+        path = dotSsh "id_uni_ed25519.pub";
       };
     };
   };