diff --git a/.gitmodules b/.gitmodules
index c7b7142..d75d6f5 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1,3 @@
-[submodule ".secrets"]
-	path = .secrets
+[submodule "nixosModules/bonfire/secrets"]
+	path = nixosModules/bonfire/secrets
 	url = git@vcs.elnafo.ru:L-Nafaryus/bonfire-secrets.git
diff --git a/.secrets b/.secrets
deleted file mode 160000
index d4c4f1f..0000000
--- a/.secrets
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit d4c4f1fcd08c45e9056968b346184f5f80282fa2
diff --git a/flake.nix b/flake.nix
index 1c17351..d9546e5 100644
--- a/flake.nix
+++ b/flake.nix
@@ -44,7 +44,7 @@
                 modules = [
                     home-manager.nixosModules.home-manager
                     ./nixosConfigurations/astora
-                    ./nixosModules/bonfire.nix
+                    self.nixosModules.bonfire
                     self.nixosModules.spoofdpi
                 ];
                 specialArgs = { inherit self; };
@@ -57,7 +57,7 @@
                     sops-nix.nixosModules.sops
                     oscuro.nixosModules.oscuro
                     ./nixosConfigurations/catarina
-                    ./nixosModules/bonfire.nix
+                    self.nixosModules.bonfire
                     self.nixosModules.spoofdpi
                     self.nixosModules.papermc
                     self.nixosModules.qbittorrent-nox
@@ -67,7 +67,7 @@
         };
 
         nixosModules = {
-            bonfire = import ./nixosModules/bonfire.nix;
+            bonfire = import ./nixosModules/bonfire { inherit self; };
 
             spoofdpi = import ./nixosModules/spoofdpi { inherit self; };
 
diff --git a/nixosConfigurations/astora/users.nix b/nixosConfigurations/astora/users.nix
index 04b3f10..59e05ed 100644
--- a/nixosConfigurations/astora/users.nix
+++ b/nixosConfigurations/astora/users.nix
@@ -14,8 +14,6 @@
     home-manager.useGlobalPkgs = true;
     home-manager.useUserPackages = true;
 
-    bonfire.enable = true;
-
     home-manager.users.l-nafaryus = { pkgs, ... }: {
         home.stateVersion = "23.11";
         home.username = "l-nafaryus";
diff --git a/nixosConfigurations/catarina/default.nix b/nixosConfigurations/catarina/default.nix
index c7648df..1a7e101 100644
--- a/nixosConfigurations/catarina/default.nix
+++ b/nixosConfigurations/catarina/default.nix
@@ -73,11 +73,8 @@ in {
         };
     };
 
-    sops = {
-        defaultSopsFile = ../../.secrets/secrets.yaml;
-        age.keyFile = "/var/lib/secrets/sops-nix/catarina.txt";
-        secrets = import ../../.secrets/sops-secrets.nix;
-    };
+    bonfire.withSecrets = true;
+    sops = config.bonfire.secrets.catarina.sops;
 
     security.acme = {
         acceptTerms = true;
@@ -138,7 +135,7 @@ in {
         openFirewall = true;
         localDnsResolver = true;
         
-        loginAccounts = import ../../.secrets/mail-recipients.nix { inherit config; };
+        loginAccounts = config.bonfire.secrets.catarina.mailAccounts;
     };
 
     services.jellyfin = {
diff --git a/nixosModules/bonfire.nix b/nixosModules/bonfire.nix
deleted file mode 100644
index 85fc129..0000000
--- a/nixosModules/bonfire.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ config, lib, ... }:
-with lib; 
-let cfg = config.bonfire;
-in {
-    options= {
-        bonfire = {
-            enable = mkEnableOption "Enables the Bonfire module";
-
-            home = mkOption { 
-                type = types.path; 
-                default = ../.;
-                description = "Bonfire root flake directory";
-            };
-            
-            configDir = mkOption { 
-                type = types.path; 
-                default = "${config.bonfire.home}/config"; 
-                description = "Path to directory with static configuration files";
-            };
-        };
-    };
-
-    config = mkIf cfg.enable {
-        environment.sessionVariables = {
-            BONFIRE_HOME = cfg.home;
-        };
-    };
-}
diff --git a/nixosModules/bonfire/default.nix b/nixosModules/bonfire/default.nix
new file mode 100644
index 0000000..fb32cae
--- /dev/null
+++ b/nixosModules/bonfire/default.nix
@@ -0,0 +1,45 @@
+{ self, ... }:
+{ config, lib, ... }:
+with lib; 
+let cfg = config.bonfire;
+in {
+    options= {
+        bonfire = {
+            home = mkOption { 
+                type = types.path; 
+                default = ../../.;
+                description = "Bonfire root directory";
+            };
+            
+            configDir = mkOption { 
+                type = types.path; 
+                default = "${cfg.home}/config"; 
+                description = "Path to Bonfire static configuration files";
+            };
+
+            withSecrets = mkOption {
+                type = types.bool;
+                default = false;
+                description = "Enables the Bonfire secrets";
+            };
+
+            secrets = mkOption {
+                type = types.attrs;
+                default = {};
+            };
+        };
+    };
+
+    config = {
+        assertions = mkIf cfg.withSecrets [{ 
+            assertion = (builtins.pathExists ./secrets/default.nix);
+            message = "Missed git submodule 'bonfire-secrets'";
+        }];
+
+        environment.sessionVariables = {
+            BONFIRE_HOME = cfg.home;
+        };
+
+        bonfire.secrets = mkIf cfg.withSecrets (import ./secrets { inherit config; });
+    };
+}
diff --git a/nixosModules/bonfire/secrets b/nixosModules/bonfire/secrets
new file mode 160000
index 0000000..31c9b19
--- /dev/null
+++ b/nixosModules/bonfire/secrets
@@ -0,0 +1 @@
+Subproject commit 31c9b19efdaa613e965eae25bbd2abd344a1bccf