diff --git a/hosts/ni/default.nix b/hosts/ni/default.nix
index 3e291b4e..c601a934 100644
--- a/hosts/ni/default.nix
+++ b/hosts/ni/default.nix
@@ -23,10 +23,27 @@
   ];
 
   services.openssh.hostKeys = [{
-    path = config.sops.secrets.ssh-key.path;
+    path = config.sops.secrets."ni/ssh-key".path;
     type = "ed25519";
   }];
-  sops.secrets.ssh-key.sopsFile = ./secrets/secrets.yaml;
+
+  sops.secrets = let
+    getKey = key: {
+      inherit key;
+      sopsFile = ./secrets/secrets.yaml;
+    };
+    getSecrets = secrets:
+      lib.mapAttrs'
+        (secret: config:
+          lib.nameValuePair
+            "ni/${secret}"
+            ((getKey secret) // config))
+        secrets;
+  in
+    getSecrets {
+      ssh-key = { };
+    };
+
   sops.age.keyFile = "/var/lib/sops-nix/key.txt";
 
   boot.binfmt.emulatedSystems = [
diff --git a/hosts/ni/secrets/secrets.yaml b/hosts/ni/secrets/secrets.yaml
index e3e30c54..cc27dd27 100644
--- a/hosts/ni/secrets/secrets.yaml
+++ b/hosts/ni/secrets/secrets.yaml
@@ -1,4 +1,6 @@
 ssh-key: ENC[AES256_GCM,data:QKlQJCr4saNFHFBmbZBYnb0trwDaD+P925PRv0StcHjjT/eQVQijxGJRn4R73F0rChpB0YcnLsqn/mcgZzitzw0Q8MTREBNWYHITKl/VzTiOVhPdfD3hhlLMOVXRjtFwIk69iwheQeh9aGtRmin8MmbjZJHv7bczDuLeD5GtdL7G5Y8KPTF4BFOHFwLuUgL1vOG3wc+vWynFJ6W0t7umnBmcSHaIf2o8ZY2arGruHXsCJHVCtj9G5PS8SMBb1pGstiAXAdhd9rOhbHSYF0rqL841CkGnLL1hUrgNYTXNlEuss06exuYNEQq24GXRYdnMNizhNiWJxGiVC53masTWynryGdj0qRUvjqzzttLLer3w6wS4rA743vPvmlNnVrWauyoUtE9Z/EBLfh2gv2m+I6A8e7aAUyAqsI0e/zMbv0Mvm+Gv2veGHp1sX+PLF6MbQMDxMuax0ZNBgdidGqWAqBtKZ7buLQ5ckU43Js9/CaRB+qQ7VzTJ+amhtQPrlgILY+yQKheLribkSKRuw99p,iv:UaWomy2e/WE0jYAkblGoZDOEEPtQpaIiGawMh8q4Emk=,tag:kS1rafdiqkyMEbdPj+TdqA==,type:str]
+ldap:
+    password: ENC[AES256_GCM,data:ukPDXnF21z4SKZSEtIlHbup9EPoU,iv:yAz5nlBnM9taU3JC+yCF+7ymIys/YvBVbgeXx7UvVAw=,tag:6yz0548WSaBoD9cwOxfQAw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -14,8 +16,8 @@ sops:
             eEV0YWkyWHlIRmxhZjNYU3kzNlN3alkKDbMlrB1MkJ8145OcXyOhQLjLkKhrI/Vm
             ba7etZO7hqWwajWgEhFGNexI6QuQwgUU3zIOc//zPp8P7nNySfWOww==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-07-18T13:08:34Z"
-    mac: ENC[AES256_GCM,data:Q3vlqrnYzjhdrqy6zWBTAU6IHM4rCmS+qdUrlyYezy5j3Sdw+y0EX9w4KCEiJ7c86QrxB+gfxgxYvyLBuXPEEoRqvf7xKIiwGXEs/vxif1W9nri3n14PAP/PdgjQqNCI1BVHAX276Mbkec8ipaFEClboV6d9904/18t9tqlFkx0=,iv:NlLzwp/pJ7X80A+EupaxNwrEP7iO4oFtOlhTQLjAies=,tag:Z3bgc2DhunF7iKF0GOoq2g==,type:str]
+    lastmodified: "2022-12-29T06:47:49Z"
+    mac: ENC[AES256_GCM,data:lo0nbFQNYeq3pq7RoVl3Qz33ZgAMsDjLvpMpGALIhdP40sVHhwAcTJNAKN/uqQHi3fhEQ5YG5+4IOuE7OToKmxI2sK4ffWiTils89nSH2CeQxYibHfKUYraCLEZhVH26Bgt0uaggG9BHjpGdA9Ua4jwFQReWPq9cpMF2oKkYSak=,iv:zZNt5CZQfwN2CdYiGNi0q+/QeGyTTo1Vd70CUwb3OTM=,tag:aSFcF1BPA7P0+W9Dce/NAg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3