diff --git a/modules/linux/nixos/default.nix b/modules/linux/nixos/default.nix
index 08665cf..74e3e31 100644
--- a/modules/linux/nixos/default.nix
+++ b/modules/linux/nixos/default.nix
@@ -49,4 +49,5 @@
   crony.sunshine.enable = lib.mkDefault false;
   crony.nh.enable = lib.mkDefault true;
   crony.ollama.enable = lib.mkDefault false;
+  crony.secrets.enable = lib.mkDefault false;
 }
diff --git a/modules/linux/nixos/secrets.nix b/modules/linux/nixos/secrets.nix
index f02bd78..d30616f 100644
--- a/modules/linux/nixos/secrets.nix
+++ b/modules/linux/nixos/secrets.nix
@@ -1,16 +1,25 @@
 {
-  age = {
-    secrets = {
-      wg-desktop = {
-        file = ../../../secrets/wg-desktop.age;
-      };
-      crony-passwd = {
-        file = ../../../secrets/crony-passwd-desktop.age;
-      };
-      root-passwd = {
-        file = ../../../secrets/root-passwd.age;
+  config,
+  lib,
+  ...
+}: {
+  options = {
+    crony.secrets.enable = lib.mkEnableOption "Enable desktop secrets.";
+  };
+  config = lib.mkIf config.crony.secrets.enable {
+    age = {
+      secrets = {
+        wg-desktop = {
+          file = ../../../secrets/wg-desktop.age;
+        };
+        crony-passwd = {
+          file = ../../../secrets/crony-passwd-desktop.age;
+        };
+        root-passwd = {
+          file = ../../../secrets/root-passwd.age;
+        };
       };
+      identityPaths = ["/home/crony/.ssh/main"];
     };
-    identityPaths = ["/home/crony/.ssh/main"];
   };
 }