diff --git a/info.nix b/info.nix
index 9a04f06..ca739e8 100644
--- a/info.nix
+++ b/info.nix
@@ -2,7 +2,10 @@
   hostname = "nixos";
   username = "biscuit";
   timezone = "America/Chicago";
+
   vpnEnable = true;
+  vpnSecretFile = "/home/biscuit/Wireguard/secret";
+
   allowUnfree = true;
 
   shellAliases = {
diff --git a/system/vpn.nix b/system/vpn.nix
index 3af2bda..b7de2f0 100644
--- a/system/vpn.nix
+++ b/system/vpn.nix
@@ -1,10 +1,10 @@
-{...}: {
+{vpnSecretFile, ...}: {
   networking.wg-quick.interfaces = {
     biscuit-default = {
       address = ["10.2.0.2/32"];
       # listenPort = 51820;
       # FIXME change privateKey to variable and add env (make sure it is inaccessible!)
-      privateKeyFile = "/home/biscuit/Wireguard/secret";
+      privateKeyFile = vpnSecretFile;
       dns = ["10.2.0.1"];
       peers = [
         {