diff --git a/.gitignore b/.gitignore
index bdadadf9..3a644d8e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,4 +10,4 @@ result
 config/neovim/store
 home/modules/ags/config/types
 home/modules/ags/config/tsconfig.json
-home/modules/agenix/secrets.nix
+system/modules/agenix/secrets.nix
diff --git a/home/christoph/default.nix b/home/christoph/default.nix
index 91cba563..968560af 100644
--- a/home/christoph/default.nix
+++ b/home/christoph/default.nix
@@ -300,6 +300,25 @@
     file = lib.mkMerge [
       {
         ".ssh/id_ed25519.pub".text = "${publicKeys.${username}.ssh}";
+
+        # The user will be able to decrypt .age files using agenix.
+        # On each user/machine, this should generate a corresponding secrets.nix
+        "${config.paths.nixflake}/system/modules/agenix/secrets.nix".text = let
+          mkSecret = key: name: "\"${name}.age\".publicKeys = [\"${key}\"];";
+        in ''
+          # NOTE: This file will contain keys depending on the host/by which user it was built on.
+          {
+            ${lib.optionalString
+            # If this user defined any secrets...
+            (builtins.hasAttr "${username}" nixosConfig.modules.agenix.secrets)
+            # ...we will add them to the current secrets.nix,
+            # s.t. agenix can be used to encrypt the secret.
+            (builtins.concatStringsSep "\n"
+              (builtins.map
+                (mkSecret publicKeys.${username}.ssh)
+                nixosConfig.modules.agenix.secrets.${username}))}
+          }
+        '';
       }
       (lib.mkIf nixosConfig.modules.desktopportal.termfilechooser.enable {
         ".config/xdg-desktop-portal-termfilechooser/config".text = ''
diff --git a/home/christoph/nixinator/default.nix b/home/christoph/nixinator/default.nix
index 0da387ec..ce3de020 100644
--- a/home/christoph/nixinator/default.nix
+++ b/home/christoph/nixinator/default.nix
@@ -4,7 +4,6 @@
   nixosConfig,
   config,
   lib,
-  username,
   ...
 }: {
   imports = [
@@ -13,8 +12,6 @@
 
   config = {
     modules = {
-      # agenix.secrets.${username} = [];
-
       hyprland = {
         kb-layout = "us";
         kb-variant = "altgr-intl";
diff --git a/home/christoph/servenix/default.nix b/home/christoph/servenix/default.nix
index da46c0c7..42750a44 100644
--- a/home/christoph/servenix/default.nix
+++ b/home/christoph/servenix/default.nix
@@ -11,15 +11,6 @@
   ];
 
   config = {
-    modules = {
-      agenix.secrets.${username} = [
-        "heidi-discord-token"
-        "kopia-password"
-        "kopia-server-username"
-        "kopia-server-password"
-      ];
-    };
-
     home.packages = with pkgs; [
       docker-compose
     ];
diff --git a/home/modules/default.nix b/home/modules/default.nix
index c2b84350..3e8f0701 100644
--- a/home/modules/default.nix
+++ b/home/modules/default.nix
@@ -3,7 +3,6 @@
     # Obsolete modules are kept in "1_deprecated" for reference.
 
     # My own HM modules
-    ./agenix
     ./beets
     ./chromium
     ./color
diff --git a/home/modules/agenix/default.nix b/system/modules/agenix/default.nix
similarity index 52%
rename from home/modules/agenix/default.nix
rename to system/modules/agenix/default.nix
index d75c2829..091b7162 100644
--- a/home/modules/agenix/default.nix
+++ b/system/modules/agenix/default.nix
@@ -1,6 +1,5 @@
 {
   config,
-  nixosConfig,
   lib,
   mylib,
   pkgs,
@@ -13,25 +12,9 @@ in {
   options.modules.agenix = import ./options.nix {inherit lib mylib;};
 
   config = {
-    # The user will be able to decrypt .age files using agenix.
-    # On each user/machine, this should generate a corresponding secrets.nix
-    home.file."${config.paths.nixflake}/home/modules/agenix/secrets.nix".text = let
-      mkSecret = key: name: "\"${name}.age\".publicKeys = [\"${key}\"];";
-    in ''
-      # NOTE: This file will contain keys depending on the host/by which user it was built on.
-      {
-        ${lib.optionalString
-        # If this user defined any secrets...
-        (builtins.hasAttr "${username}" agenix.secrets)
-        # ...we will add them to the current secrets.nix,
-        # s.t. agenix can be used to encrypt the secret.
-        (builtins.concatStringsSep "\n"
-          (builtins.map
-            (mkSecret publicKeys.${username}.ssh)
-            agenix.secrets.${username}))}
-      }
-    '';
+    # NOTE: See the generated secrets.nix file in home/christoph/default.nix
 
+    # Register generated secrets to the age system module
     age.secrets = let
       mkSecretIfExists = name:
       # If this user has already encrypted the secret...
diff --git a/home/modules/agenix/heidi-discord-token.age b/system/modules/agenix/heidi-discord-token.age
similarity index 100%
rename from home/modules/agenix/heidi-discord-token.age
rename to system/modules/agenix/heidi-discord-token.age
diff --git a/home/modules/agenix/kopia-password.age b/system/modules/agenix/kopia-password.age
similarity index 100%
rename from home/modules/agenix/kopia-password.age
rename to system/modules/agenix/kopia-password.age
diff --git a/home/modules/agenix/kopia-server-password.age b/system/modules/agenix/kopia-server-password.age
similarity index 100%
rename from home/modules/agenix/kopia-server-password.age
rename to system/modules/agenix/kopia-server-password.age
diff --git a/home/modules/agenix/kopia-server-username.age b/system/modules/agenix/kopia-server-username.age
similarity index 100%
rename from home/modules/agenix/kopia-server-username.age
rename to system/modules/agenix/kopia-server-username.age
diff --git a/home/modules/agenix/options.nix b/system/modules/agenix/options.nix
similarity index 52%
rename from home/modules/agenix/options.nix
rename to system/modules/agenix/options.nix
index 3b580387..e7541cca 100644
--- a/home/modules/agenix/options.nix
+++ b/system/modules/agenix/options.nix
@@ -2,13 +2,7 @@
   lib,
   mylib,
   ...
-}: let
-  mkSecret = file:
-    lib.mkOption {
-      type = lib.types.path;
-      default = file;
-    };
-in {
+}: {
   secrets = lib.mkOption {
     type = lib.types.attrs;
     description = "The secret files managed by agenix (and their associated keys)";
@@ -25,9 +19,4 @@ in {
 
     default = {};
   };
-
-  heidi-discord-token = mkSecret ./heidi-discord-token.age;
-  kopia-user-password = mkSecret ./kopia-user-password.age;
-  kopia-server-user = mkSecret ./kopia-server-user.age;
-  kopia-server-password = mkSecret ./kopia-server-password.age;
 }
diff --git a/home/modules/agenix/void.age b/system/modules/agenix/void.age
similarity index 100%
rename from home/modules/agenix/void.age
rename to system/modules/agenix/void.age
diff --git a/system/modules/default.nix b/system/modules/default.nix
index 45c26ddc..5251282f 100644
--- a/system/modules/default.nix
+++ b/system/modules/default.nix
@@ -1,5 +1,6 @@
 {...}: {
   imports = [
+    ./agenix
     ./bootloader
     ./desktopportal
     ./docker
diff --git a/system/nixinator/default.nix b/system/nixinator/default.nix
index d067d946..b1d7f5a9 100644
--- a/system/nixinator/default.nix
+++ b/system/nixinator/default.nix
@@ -1,6 +1,7 @@
 {
   mylib,
   pkgs,
+  username,
   ...
 }: {
   imports = [
@@ -11,6 +12,8 @@
   ];
 
   modules = {
+    # agenix.secrets.${username} = [];
+
     network = {
       useNetworkManager = true;
 
diff --git a/system/servenix/default.nix b/system/servenix/default.nix
index 8314eb43..092e95e0 100644
--- a/system/servenix/default.nix
+++ b/system/servenix/default.nix
@@ -36,6 +36,13 @@
   ];
 
   modules = {
+    agenix.secrets.${username} = [
+      "heidi-discord-token"
+      "kopia-password"
+      "kopia-server-username"
+      "kopia-server-password"
+    ];
+
     network = {
       useNetworkManager = false;