diff --git a/utils/default.nix b/utils/default.nix
index 9209d915..202d80be 100644
--- a/utils/default.nix
+++ b/utils/default.nix
@@ -1,41 +1,12 @@
 { lib }:
 
+let
+  hosts = import ./hosts.nix;
+  secrets = import ./secrets.nix { inherit lib; };
+in
 {
   dirNames =
     path: builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir path));
-
-  hostMeta =
-    hostDir:
-    if builtins.pathExists (hostDir + "/meta.nix") then
-      import (hostDir + "/meta.nix")
-    else
-      throw "meta.nix required in ${hostDir}";
-
-  mkSopsSecrets =
-    sopsDir: group: names: extraOpts:
-    let
-      file = "${group}.yaml";
-    in
-    lib.foldl' lib.mergeAttrs { } (
-      map (name: {
-        "${group}/${name}" = {
-          sopsFile = "${sopsDir}/${file}";
-          key = name;
-        }
-        // extraOpts;
-      }) names
-    );
-
-  sopsAvailability =
-    config: osConfig:
-    let
-      osSopsAvailable = osConfig != null && osConfig ? sops && osConfig.sops ? secrets;
-      hmSopsAvailable = config ? sops && config.sops ? secrets;
-      preferOs = osSopsAvailable;
-    in
-    {
-      available = osSopsAvailable || hmSopsAvailable;
-      secrets = if preferOs then osConfig.sops.secrets else config.sops.secrets;
-      templates = if preferOs then osConfig.sops.templates else config.sops.templates;
-    };
 }
+// hosts
+// secrets
diff --git a/utils/hosts.nix b/utils/hosts.nix
new file mode 100644
index 00000000..19c1de50
--- /dev/null
+++ b/utils/hosts.nix
@@ -0,0 +1,8 @@
+{
+  hostMeta =
+    hostDir:
+    if builtins.pathExists (hostDir + "/meta.nix") then
+      import (hostDir + "/meta.nix")
+    else
+      throw "meta.nix required in ${hostDir}";
+}
diff --git a/utils/secrets.nix b/utils/secrets.nix
new file mode 100644
index 00000000..c6dcca4c
--- /dev/null
+++ b/utils/secrets.nix
@@ -0,0 +1,31 @@
+{ lib }:
+
+{
+  mkSopsSecrets =
+    sopsDir: group: names: extraOpts:
+    let
+      file = "${group}.yaml";
+    in
+    lib.foldl' lib.mergeAttrs { } (
+      map (name: {
+        "${group}/${name}" = {
+          sopsFile = "${sopsDir}/${file}";
+          key = name;
+        }
+        // extraOpts;
+      }) names
+    );
+
+  sopsAvailability =
+    config: osConfig:
+    let
+      osSopsAvailable = osConfig != null && osConfig ? sops && osConfig.sops ? secrets;
+      hmSopsAvailable = config ? sops && config.sops ? secrets;
+      preferOs = osSopsAvailable;
+    in
+    {
+      available = osSopsAvailable || hmSopsAvailable;
+      secrets = if preferOs then osConfig.sops.secrets else config.sops.secrets;
+      templates = if preferOs then osConfig.sops.templates else config.sops.templates;
+    };
+}