diff --git a/modules/universal/home-manager/default.nix b/modules/universal/home-manager/default.nix
index 48ac9d51..3f7fed3c 100644
--- a/modules/universal/home-manager/default.nix
+++ b/modules/universal/home-manager/default.nix
@@ -26,6 +26,7 @@ in
     ./mpv.nix
     ./nb.nix
     ./neovim.nix
+    ./ssh.nix
     ./sublime-music.nix
     ./vlc.nix
     ./zsh.nix
@@ -103,14 +104,6 @@ in
           (private-list cfg.extraPackages)
         );
       in {
-        # ssh key is stored in private storage
-        ".ssh/id_ed25519".source = config.lib.file.mkOutOfStoreSymlink "/home/colin/private/.ssh/id_ed25519";
-        ".ssh/id_ed25519.pub".text = (import ../pubkeys.nix).users."${sysconfig.networking.hostName}";
-        # alternatively: use `programs.ssh.userKnownHostsFile`
-        ".ssh/known_hosts".text = builtins.concatStringsSep
-          "\n"
-          (builtins.attrValues (import ../pubkeys.nix).hosts);
-
         # convenience
         "knowledge".source = config.lib.file.mkOutOfStoreSymlink "/home/colin/dev/knowledge";
         "nixos".source = config.lib.file.mkOutOfStoreSymlink "/home/colin/dev/nixos";
diff --git a/modules/universal/home-manager/ssh.nix b/modules/universal/home-manager/ssh.nix
new file mode 100644
index 00000000..7b1af812
--- /dev/null
+++ b/modules/universal/home-manager/ssh.nix
@@ -0,0 +1,14 @@
+{ config, ... }:
+{
+  home-manager.users.colin = let
+    host = config.networking.hostName;
+  in { config, ...}: {
+    # ssh key is stored in private storage
+    home.file.".ssh/id_ed25519".source = config.lib.file.mkOutOfStoreSymlink "/home/colin/private/.ssh/id_ed25519";
+    home.file.".ssh/id_ed25519.pub".text = (import ../pubkeys.nix).users."${host}";
+    # alternatively: use `programs.ssh.userKnownHostsFile`
+    home.file.".ssh/known_hosts".text = builtins.concatStringsSep
+      "\n"
+      (builtins.attrValues (import ../pubkeys.nix).hosts);
+  };
+}