diff --git a/hosts/sakotop/configuration.nix b/hosts/sakotop/configuration.nix
index e1c91fa0..34d51b56 100644
--- a/hosts/sakotop/configuration.nix
+++ b/hosts/sakotop/configuration.nix
@@ -110,6 +110,7 @@
     security = {
       age.enable = true;
       sops.enable = true;
+      certs.enable = true;
     };
   };
 
@@ -124,8 +125,6 @@
     age.sshKeyPaths = ["/home/sako/.ssh/id_ed25519"];
   };
 
-  security.pki.certificateFiles = [./trust/homelab.pem];
-
   networking.wireguard.interfaces = {
   };
 
diff --git a/modules/security/certs/default.nix b/modules/security/certs/default.nix
new file mode 100644
index 00000000..1b72a884
--- /dev/null
+++ b/modules/security/certs/default.nix
@@ -0,0 +1,19 @@
+{
+  outputs,
+  options,
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.modules.security.certs;
+in {
+  options.modules.security.certs = {
+    enable = mkEnableOption false;
+  };
+
+  config = mkIf cfg.enable {
+    security.pki.certificateFiles = [./trust/homelab.pem];
+  };
+}
diff --git a/modules/security/certs/default.nix~ b/modules/security/certs/default.nix~
new file mode 100644
index 00000000..e69de29b
diff --git a/modules/security/certs/trust/homelab.pem b/modules/security/certs/trust/homelab.pem
new file mode 100644
index 00000000..cf67031a
--- /dev/null
+++ b/modules/security/certs/trust/homelab.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDjTCCAnUCFHMHoQwSTvnFMmBpncLHmiB5gITGMA0GCSqGSIb3DQEBCwUAMIGC
+MQswCQYDVQQGEwJBRTENMAsGA1UECAwEWm9uZTENMAsGA1UEBwwEaG9tZTERMA8G
+A1UECgwIYmFzZW1lbnQxDTALBgNVBAsMBHRydWUxETAPBgNVBAMMCHNha28uYm94
+MSAwHgYJKoZIhvcNAQkBFhFzYWtvQGlzc29jb29sLmNvbTAeFw0yMzA1MTMxNTIx
+MzdaFw0yODA1MTExNTIxMzdaMIGCMQswCQYDVQQGEwJBRTENMAsGA1UECAwEWm9u
+ZTENMAsGA1UEBwwEaG9tZTERMA8GA1UECgwIYmFzZW1lbnQxDTALBgNVBAsMBHRy
+dWUxETAPBgNVBAMMCHNha28uYm94MSAwHgYJKoZIhvcNAQkBFhFzYWtvQGlzc29j
+b29sLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIfsXZqAG12A
+oQsMP4TU3rTFhwjprHqau7LLg9vGEWaKmmTSnBDB0gTAMahPjdUflRBPi8n/j5kS
+i2MddUbLl3FE6bAqh9GZDgXk/527TBTHkp2/UpruE60yr986rFrVqf1u/gKlZtog
+cPCqgGiT4WZs82ArS8jfLIOf2PeZWAUbeyWS4EWsiAv2RZLV9RRvQdUejAKa6OGT
+0qogzlorpl4PRlmAVN9LSqbA94WJoVZ3XNSoy/Q5IRxzvwlcSAZw6UJbHI+h8fzO
+CyIVC5OXP4QmCqEGxI9F8XTL1ys1NlonlFqKgvwn0C2xqOB/bwlZYxF04ibPlrGO
+y9OGMkhE170CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAezUjdsMRGId1d/Q/uQmV
+1LBdIcfmzac6p9rWR5ky0j7ukJBlOz8p6/YFmzgjCFaz8urBJ1z+H778vYkg7qih
+RRIVOVZtOy7kXS+sJIMlAOSFKUXup/tG373ocVow/TZUIih37Hv9zt67DDVKlESh
+/z3Ffqtnk7rKiHOBnVrczfnahCu6cnnlcszvYR2+UCXubH02cJPZfnv91aM2YQCb
+DNhCMgnOSnPi3DAW/EU833mh6IKk9ZXNHdqVuEuR26qdSYg1KCeBNSvxFAh3J8VC
+ZSnE2k5wzMfkGZrJT7P0q1HdQ7Zv91aqQQcxoV/ezTeXwKDNd/YRcOvWnpBtSdiH
+/g==
+-----END CERTIFICATE-----