diff --git a/.sops.yaml b/.sops.yaml
index 94951c0..775afce 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -32,7 +32,7 @@ creation_rules:
     - age:
       - *dominik
       - *home-assistant-server
-  - path_regex: hosts/ldap.cloonar.com/[^/]+\.yaml$
+  - path_regex: hosts/mail.cloonar.com/[^/]+\.yaml$
     key_groups:
     - age:
       - *dominik
@@ -69,7 +69,7 @@ creation_rules:
     - age:
       - *dominik
       - *web-01-server
-  - path_regex: utils/modules/openldap/[^/]+\.yaml$
+  - path_regex: hosts/mail.cloonar.com/modules/openldap/[^/]+\.yaml$
     key_groups:
     - age:
       - *dominik
diff --git a/hosts/mail.cloonar.com/configuration.nix b/hosts/mail.cloonar.com/configuration.nix
index ea59315..9704802 100644
--- a/hosts/mail.cloonar.com/configuration.nix
+++ b/hosts/mail.cloonar.com/configuration.nix
@@ -2,18 +2,20 @@
 { 
   imports = [
     ./utils/bento.nix
-
     ./utils/modules/sops.nix
     ./utils/modules/lego/lego.nix
+
     # ./modules/self-service-password.nix
-    ./utils/modules/rspamd.nix
-    ./utils/modules/openldap/default.nix
-    ./utils/modules/dovecot.nix
-    ./utils/modules/postfix.nix
+    ./modules/rspamd.nix
+    ./modules/openldap.nix
+    ./modules/dovecot.nix
+    ./modules/postfix.nix
+
     ./utils/modules/borgbackup.nix
     ./utils/modules/promtail
     ./utils/modules/victoriametrics
     ./utils/modules/netdata.nix
+
     ./hardware-configuration.nix
   ];
 
diff --git a/utils/modules/dovecot.nix b/hosts/mail.cloonar.com/modules/dovecot.nix
similarity index 100%
rename from utils/modules/dovecot.nix
rename to hosts/mail.cloonar.com/modules/dovecot.nix
diff --git a/utils/modules/openldap/default.nix b/hosts/mail.cloonar.com/modules/openldap.nix
similarity index 99%
rename from utils/modules/openldap/default.nix
rename to hosts/mail.cloonar.com/modules/openldap.nix
index afa4bd8..6ef6f0c 100644
--- a/utils/modules/openldap/default.nix
+++ b/hosts/mail.cloonar.com/modules/openldap.nix
@@ -471,10 +471,7 @@ in {
     postRun = "systemctl restart openldap.service";
   };
 
-  sops.secrets.openldap-rootpw = {
-    owner = "openldap";
-    sopsFile = ./secrets.yaml;
-  };
+  sops.secrets.openldap-rootpw.owner = "openldap";
 
   networking.firewall.allowedTCPPorts = [ 389 636 ];
 }
diff --git a/utils/modules/postfix.nix b/hosts/mail.cloonar.com/modules/postfix.nix
similarity index 100%
rename from utils/modules/postfix.nix
rename to hosts/mail.cloonar.com/modules/postfix.nix
diff --git a/utils/modules/rspamd.nix b/hosts/mail.cloonar.com/modules/rspamd.nix
similarity index 100%
rename from utils/modules/rspamd.nix
rename to hosts/mail.cloonar.com/modules/rspamd.nix
diff --git a/hosts/mail.cloonar.com/secrets.yaml b/hosts/mail.cloonar.com/secrets.yaml
index 5d6b0d5..5f91df8 100644
--- a/hosts/mail.cloonar.com/secrets.yaml
+++ b/hosts/mail.cloonar.com/secrets.yaml
@@ -1,5 +1,7 @@
 borg-passphrase: ENC[AES256_GCM,data:D6+ZedxUQ7m/m0YkM5m/B4kFsNySJjFyh8Gmhn3Mpe+mqEzzMRjAbwmGzx9i9Lnr1dTjRElUOgevnnvW5J2KRA==,iv:cG4w1KsEm1SOTni9bsbSW1+ypzjjs2Q42I+4xvcCAu0=,tag:WkkNVa27Uy5nFpmXaIH6ww==,type:str]
 borg-ssh-key: ENC[AES256_GCM,data:T/EPWSuY9Ocj6D8nL2pfPg7r/lN4TyS7SiAqhQhkr10Y3R2mzfgMrOZTg/MrYv3/uNCt5h9TBDxwmiAwSmBzBSms0T5qD8aSxLgbmc6MAG7FSm7cGFf6x/7fMgVn7DAlwMz+4t/PkVk1iCRG4IwzimXwBvq73yIZuAiIARq0Azin7YAoSKjxnZ8ACkyRVCecf45pk7ModRmPLSDK8MZcT7bcHpZt6gQKx72OXSCJTD5FRUX180miUaywf7SxF1goEGRSmwtFDhyVs8iThiqyz0IsElB/dPGR+vYQwlFNWOFUshfAifz5tHXkvaKt08EJKyVV2TUqEsUETfFEqQW+8YNym3wBvrlnXm05DrHnfjz9GOEeUr35d9ESNgS+J5SzWVDitK29ca7QiaQ+YfaDn4/4mOGKSbPUnqOgRBoqXhJMV4ddV0lTKgBrg9isBVPgaye2prcHGjtUkVw2Kyh1omT3RKv6y7X+jfOpeOWOiByN73PCsZF7g+FFlP0K5jcfm4y4yaD8y6NlEaozrabuCIpY2ZUdZ/aH11vzLAk+LB8XE6lJ5MKMNPjNRftErJ9iE3OaOyan1ovTzaGqzaEwGtx/MZpk5hWNUwcSrJvZDqDuKO4+OhwMedvCCRKtNFIbEZ49EJrtp326Y1EelhfWgls5nJFPXukHo/C17ybsP4uFySFz/M13RVTIRntn7WKoh0bH7na2XgVGtXmI2plqVA5zppCbVTzr9+pAAD9RvXTX7t12gA1iNmdxM8alOeoZ41JXHd6BDF4bvDLVMhFhlslDLZ3wNV/QPWcSczinpJlvEQ13/WFN/NTO25Y16p+oxY9g8QD3pNEkAVLOMYjnEUlV6+DQcZbxzU8RCfpEzfVsOqbztTihDgHD5ldWt/VpN4ncm/WCVCWBlT33iiTxufC8htY3SjXt8JULEt0049HNIbNwj1awZwqTgT4z06okf7sz0m8Y/U8D5MCu8uNpt7QJBftVHxCKSUmQ4NJRicMDhlrpEJklQYlRtsvKlL/ntnyf5ZoUnkX03AoG0zh4Dh0LydGKC9RsKfwJeU+684d3opBI9eIYL6Rp/XB60LKcUA6Q+m7BgB7Tjck2YbG8nFPLaV3PdmIejlE0agICJ8Hef8rnqdU/r6X92gCEBvGXNbuqsKJvDTYPafQP8U6rXc7Tq+g68zfCOijIuHyKjkzdtIom8KMi5MUdFBSXK22xB1q4ye+QaCaAdN/1Xe6KDxWiafPG+BkpExh7hXbqZU1MyiTYMExpilY30e+CmPXMdxAWmygOxwUk+mPbuWrF0oh16DYN0dS38gUbo2Z4fjRvYIoZea1pu8niQRfhTVgLZVpEN07pYPu2farsPCPIXPalXVcijVO/yi2Dg4uhTsjzW/aRZ6XDIoXRd59v5hG+L27l7gTIXfTx1+htwClRJjYxFy6hTL+ZjcKdNrz/jezXPrR7kRHNEEfJM/ysv8d/7Ghpt+wITgc22bdnxKJv9rWnoKDEQ/FRGm6Y/eMisOttUFFlznQi2lqShOxPXnnuOnpndklcxPM8FowlL4FMDN7QUW3kdXJ2j0GgN4o34oKhqvXjtjf9Dk5r5KB+GTeOhf3SJXgeR4llaSAQXjzGdZqk0g34YTa3qb8rVxDSBKEHOnKs+Cr/4H09k62S/3SzZfrBIaaZ6Ey1b+bFfnbJJlD/Y/1Hwd5IhNbMHj7bfOKC8VabieeHwMbWfkGdnnmdY5LLJqXAwANrCIYZrEpm38pYJiKes5GrAz8caK2rPIhAPShURwkjCsvowmadTvnEbO/KoaUIcqk40wYdM6NAlVme6dLXxeVN7Y3K6UAWFIIZtYarAog0Axncs30shIoy1CGd6dN87tuK+/twO/jr458fJInumXSMRy2X2K0MKPLONF9FcP/EWENa+H43Zcfo1y42HkoYxI70R2YqOlpbtJUk8/8PqVSlJBrbgpBZNzAMCbsIjhrBevISerf8Sa8X6WC/KjwswjfGJ7h+FEnrPutKJg/ajDywAI+RZ3H+5zWm/CZxBYT6k4w6gAWZva0Nlx6jWQExONGQfUBkrRrRfIHhWl3c+k5VrhyzwW9fmAB9XmT1iYbk9T+ZNU/O8HY1bAZWufS4G7GaHchbPIvz3edMvP+zrGBZXPPJE3abls9oUcVZ223NFU1RPMZwG7LqL0fzfHXl4zx82TEXn14dAIBBVr67RAejz5xOGf8I2MpYQ6RAxvfhc7bjWY9/FU1RU09ob7usJCZphm51oa4TR7kz0AH1HxSOGfCJKLdYjBxbylR1GxY1bUTokLVWEYHalCr6d4lyEmUHM3+1vBUQQ6aq81njW33yGvwclUvhWj4sB51WPaREcYQsPkYnftN/dRSKVQoEZckgmIvML3lUwiVMLGlXlcUViyQpktnWAWxXgw5GH6KXMqoI43jRmxTeR3KrVyZRJBlDj/AnGWOD37fndGuMdpmAIGX/1fZnUUCxNhhuou20LvOr8BnjcHP9pBjtRPxu4o9fFmnzNCt43SC2ivMDOLxL/Uq6batacYrRnLtK4XnNqzfpCqe1bkfBsmTbRGnwPIJrA7TThfHH322DLy/GueYiddIa5spqdIH2jI8nfjKq4SxLtwsNZ4GUG/z83YQEg0Z8I/CQhYh3Y8Gcjb4ZUrOg9n84iLADDOn2j9CI1QfsyJAt+qLEDPRJ9yMRefmq7BAxvGbNq+4YUbj4Fo6K2FwaO2quUVl7RpfVgT/WvXTJS4pAndPJt4PrG03X56ra3yOTtlZqPvGR+XGjp56hG5I5AtQ27JmB6S30EncH9sDLDPucNtEzn57cY90kAZSdDYjBkJ5/lC3xJOB4UiAs582UgyIiVlL/mvjXd1kajAcchfUYnjEUkgFuOoRysWDO/rq8aDFYg/jokUNOn4ent7xXzlfEXkpMZ00coZ7gi+CjKOf29+/ZE1wCfbRhBds/mCmAerWJo24vb632lTCWKImbHo36WuBAvKqofFNpVyMRQ+OKm9Bzr2jQD7W4+1CUk/ZatGVWJHCPsEGWt/L0Fj8K3NzF135c9d8aZ9HqC9XNqOKTZpNe9QSMc5S+tD1ZUxHVrDHny0fOKaWGVHtgyNkcyte0l16wet1z+xZcPCKr8ieMSqh+HgfT2/kWjpb1hlmyEDFmPnnbmhCDD2QWstX8vCa9JTdd0OLb3rTgPMlbxPPIiWQGSBc6tig7X3mZbebweRz5ktqrdMvK3ter9bVC9T2TF6EiCktxw+IdS9MONajvoGAaR2k1nGbfKDSVIKk1ialfv1FGJu1gUA8J0pvXqbrTJfSPOH4iuJrWJut0UpJeHrUuh0ODguNriBivobZeaRamUA/PPNvM5KCSUQUtefDnVINsJSoT4yXn55fkRwvb2957AfHI8yMRg9KtNIYj8i5KsEsw4gE53Lr+NU7Wq2O08+v2mUSNjP0REWgu0Dw0M4/Q9eykLV/ZRnhRcbUZyA==,iv:yA1CkRMapP1S3zMwu6Tj0/0/HHpwD1yRAm/qrZx/kPs=,tag:SYg2IoXeD9fMYb35J/AJ1Q==,type:str]
+openldap-rootpw: ENC[AES256_GCM,data:W0em1Dffg+IUoynwwPD4NjFksR38ZO4mhWFI83ALvYcwYIplxw/gDRLGCqbSt6TR5C65CKr1sOUiU+4Xq3UWmw==,iv:BHQhISTIYuwSM3KiSb0mEEo3BMNo6FXEDXoIvI3SZrU=,tag:tX8gfnk1JYnaNionk/jrLg==,type:str]
+dovecot-ldap-password: ENC[AES256_GCM,data:JYAt8/WggwclNEPO9CaWfQsvQBA8DDJCU2km93HpowoVwIdvQ/0lQHeXndPYe1EmJGJ3vLErie+Zn2kDINIMqQ==,iv:HR0QJ0GgQks3NzhfXwjHupCKcPOekkiTcp5Jxbz7CxI=,tag:19m7F6TjGUPOuHQJuUq2pw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -33,8 +35,8 @@ sops:
             NzRjSG1DTmtnSlJRWmRRMmR0QkxLM3MKm90Znwn1bH37KrC1mG1d5Bv+25HVGzRs
             XjNHZzQQ/OqkpEIfElJCfxKBDMILhrmxJc3UkP+Mhh2SEurmM0BZ3A==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-01-23T22:06:56Z"
-    mac: ENC[AES256_GCM,data:a2g/JBpmByogfqcHMMsX5iMzxT1WHRO7M8bb88z2aQWtSGGUGe1BPJRBNKfyH0qH/vbgdSRmRY8iiDn9Kwd2RTDrZGBlG/xcC5+XWFnzFi36uOMumoK//AOGAWQkkFd/YEUdlv5rTbYEVLK1qwe/kAdcaX7ht11jfWTm8GlxiKg=,iv:4WYY/84CJ96n+9rgFEH7+hyjBtJoivTqXBreCkzESJQ=,tag:wQrIEADzxzyTg2Yu1yCkEA==,type:str]
+    lastmodified: "2023-08-19T12:50:38Z"
+    mac: ENC[AES256_GCM,data:4GtrWeB4m2fO+eQFt/bSoCN0MRR9XdayWLuJVdg8rBZ6iDx3Kf4qSMPsFyaTCRhNC72dCz4k9v011Yco4W6Jkd/iBm4tPHxLeldSRAtgt1X7U03ye6ZqAKZA/F5OjZMGPYsE2gypXAOkLbpQ5qeYuInWc64Ox0RTULhwzsXKxLA=,iv:SmqJUiHh0GJjegFTCXLPH3RKabvsJZ1y+EnbMnbGlOE=,tag:M+v+3GxNqiV/fnpVKn2I+g==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3
diff --git a/utils/modules/openldap/secrets.yaml b/utils/modules/openldap/secrets.yaml
deleted file mode 100644
index cb93cf3..0000000
--- a/utils/modules/openldap/secrets.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-openldap-rootpw: ENC[AES256_GCM,data:cwxXkLd5jyrGI4IoewQL4HBH/Xi6SfVkizitKa0Qyr30SeH02VDLyGXzbpuRfZuPRePbLFEOMKUcCwkZV/2RTA==,iv:SqxCK5rnsgU6i68ZoBZtbRxLgUe59wMg7EYO5jlAwFw=,tag:SbORanDDqLPF+dNleqzYNg==,type:str]
-dovecot-ldap-password: ENC[AES256_GCM,data:czkIYqmWXs0U6LFbetJg47VQHw+E5kcHpdwRGmZAKi6Q3hP/IOW8N1dhIkrQRLzKih9vWXKhyo6BDA2e6w6pHQ==,iv:Ka18K0/pGJubfiQ1GKq3uxwZ/CgujO1DulwBomXBbco=,tag:QACpoLJ+QIMM3mCI/vTjtA==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpVTJycytvY2tkKytBaHgw
-            TXp2bzFqcFM0UXhzRXJjQyt4aml5RnlZdzBZCm1tU29VMlBrUEdYZ2g1ay85NWJp
-            dkVMbVYxcXlDd0hjNGZ0Uk4xY254SW8KLS0tIDM4Vzd2VkF5dmc3ZFZwT3pLMTVj
-            YmtnR2p3NXFwR0J1S09jY01HZnF6N1kKEpkBQeQ9ksOa4XBo17MS1/EOcW8svd1r
-            Uhx0/SItWM2IR2BLAra4g+2YZ222xX/Gqi9m10ZNS7lO6pPhB3EVSA==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1jyeppc8yl2twnv8fwcewutd5gjewnxl59lmhev6ygds9qel8zf8syt7zz4
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNVmhqT016WFBlZDltNmJx
-            ckZOR25MSWZkQmlMMGpxc3c5YWdJWTExdlUwCkowVG1xeXNiQmRoeTdudm03NXlw
-            bTQrVHBzZ2JxSWFpQ29TZTFzSWZwelkKLS0tIFV4d20wT2dKRjhLYy81YlBMSWgy
-            RnRYTnpIeFRXQ0ZVUkRhVTZmc2VQUVUKbphgbiHXjV/t80UWIOOK+aDP2cM3i5al
-            oqyDwh9bhhUIJ/aZsv/ICwcWCun56eQ4zPNp9P+toqAbf9n8FJoylw==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1azmxsw5llmp2nnsv3yc2l8paelmq9rfepxd8jvmswgsmax0qyyxqdnsc7t
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2UWJZVmFEckJ6RHZXRnBU
-            N3lvZDBUaHN4VTVsK0kvZ2tKdHRsVndXVW44CnVUM3Blc05EVE0wSWQwU0luUEtG
-            a2k3OG8zR0dTQmVpYVk1a3l5cXB1YXMKLS0tIDJDYzhRY3R2RWpSZHBTMzgwSVZN
-            OTZ6ZnRDSG5JcXc5dWVwOGlqWlV6VnMKlzFF4MYIki9p9h1Um55ugMwsFJIleQ7w
-            hXohGDgWuDKA6CtR6lEUQ8y0AjPcWIp3VW0H2tCSpBSTEKaQK/FzhQ==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-01-22T20:44:32Z"
-    mac: ENC[AES256_GCM,data:nKR47o4Evt4TPyndEwZlnP/ctGaaz6wwn0k+JnDCL3FW1TO64spNL7xDcoxWwPuRLrgjgtazsm4Tevplzc3J/N4dhnPAdiPtZOQd3tKibIJKDkxG+6upGvzMMrXXInzoGVqwFMrZmdIqlpLAgqX/1VwY4Tnrf0IfiwJ8wWmSZe8=,iv:FUL/gcDZBZrclYupzstSFG86NOnEOvvgr8ou7wVQ3AY=,tag:KPXm0HHwc8v64dnqGqlFUQ==,type:str]
-    pgp: []
-    unencrypted_suffix: _unencrypted
-    version: 3.7.3