diff --git a/.sops.yaml b/.sops.yaml
index 9ee981d..a601aeb 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -2,11 +2,7 @@ keys:
   - &motiejus 5F6B7A8A92A260A437049BEB6F133A0C1C2848D7
   - &server_hel1a age1wxwfy32jwskgzudzc8kvvx4uya5kr6lc5vp03y07ly0wpe3jk9gqqree6q
 creation_rules:
-  - path_regex: secrets/[^/]+\.yaml$
-    key_groups:
-    - pgp:
-      - *motiejus
-  - path_regex: secrets/hel1-a/[^/]+\.yaml$
+  - path_regex: hosts/hel1-a/secrets.yaml$
     key_groups:
     - pgp:
       - *motiejus
diff --git a/configuration.nix b/configuration.nix
index fc58dad..18bf21f 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -72,6 +72,10 @@ in {
     sops-nix.nixosModules.sops
   ];
 
+  sops.defaultSopsFile = ./hosts/hel1-a/secrets.yaml;
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  sops.secrets.borgbackup-password = {};
+
   nixpkgs.overlays = [
     (self: super: {
       systemd = super.systemd.overrideAttrs (old: {
@@ -254,8 +258,8 @@ in {
             repo = "zh2769@zh2769.rsync.net:hel1-a.servers.jakst";
             encryption = {
               mode = "repokey-blake2";
-              #passCommand = "cat ${config.age.secrets.borgbackup-password.path}";
-              passCommand = "cat /var/src/secrets/borgbackup/password";
+              passCommand = "cat ${config.sops.secrets.borgbackup-password.path}";
+              #passCommand = "cat /var/src/secrets/borgbackup/password";
             };
             paths = value.paths;
             extraArgs = "--remote-path=borg1";
diff --git a/secrets/hel1-a/borgbackup.yaml b/hosts/hel1-a/secrets.yaml
similarity index 79%
rename from secrets/hel1-a/borgbackup.yaml
rename to hosts/hel1-a/secrets.yaml
index 0846ed9..ff69622 100644
--- a/secrets/hel1-a/borgbackup.yaml
+++ b/hosts/hel1-a/secrets.yaml
@@ -1,4 +1,4 @@
-password: ENC[AES256_GCM,data:IVoMD1bSp15bPfPPws6k6u7SXioMPibxqg==,iv:U0zLdK4XEvty8eS/G80NcGlQrEn9M2fDH2oWv5cXIvI=,tag:IU3P9SjexZGGiOOxseUnLg==,type:str]
+borgbackup-password: ENC[AES256_GCM,data:igLuxWZujydxdJO8Qt7sIOhIT9SqOkCvjw==,iv:pHk2V/VBb/HzHGieHyL4KY1RpmN6bqjjSDuTTnsH4bM=,tag:36aSlD6zY3AXE5X9ejs6CA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -14,8 +14,8 @@ sops:
             YmdScHFndG1leTl0VFo0dzh2SjhZTU0Kp3aiUTvTWMzw6y+D0ELT9BE4enrJAVDD
             1c0TvbFwDAJI3KB8T/Mz23qerExtZZQeCnm9zQKd+NsSKZCf52JEkg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-04-05T19:33:58Z"
-    mac: ENC[AES256_GCM,data:hqQoErSGafMyD43nQBInX1+wrCGlln1KvH6w1NLMw6GQwZ6EzdTBJKH05S67KjA1UtxLGi8MquBnjymHSctsuWtBiM0T+7dSQlF+FEvkGcRVf1aGbCWtZgNWS07iROAhCNxHpHaPMPUHj5Y0ih3zBh6q9OuDkXG/up1zvN4YRwM=,iv:qGgT5qj7dX82NWOb/s3Pj1n13nFn73p3fOiVJrbpav0=,tag:VjPMmLUmasq54xNqMeAvlQ==,type:str]
+    lastmodified: "2023-04-06T20:01:44Z"
+    mac: ENC[AES256_GCM,data:PRjs8bZ/DGGlfDjRexvImDdAuE/W74HPa+KdQtE1Qktu6nz1cqlFy8a+CiA/mw+Y3P4NntzXHxU30sONrZWXA+n5RXAn8kMgpOYzRWqZWn0zzIyfhZ9+jPmP7uLpJWGZIEayw8NRfHGthDb7SLTnM9OpbkIP9dl4NgMSvn0A2MA=,iv:ma2ekXqtJGlTE2lAIw9YapvtXns/P1BwSgj+Ly4W+gE=,tag:z/ypCNkpdi2B1BFoZx5Jyw==,type:str]
     pgp:
         - created_at: "2023-04-05T19:33:35Z"
           enc: |