diff --git a/apps.nix b/apps.nix
new file mode 100644
index 0000000..750e82c
--- /dev/null
+++ b/apps.nix
@@ -0,0 +1,37 @@
+{ pkgs, ... }:
+{
+  nixos-switch = {
+    type = "app";
+    program = toString (pkgs.writeScript "deploy" ''
+      #!${pkgs.runtimeShell}
+      flake=$(nix flake metadata --json ${./.} | jq -r .url)
+      nixos-rebuild switch --flake ".#$1" --use-remote-sudo
+    '');
+  };
+  apps.deploy = {
+    type = "app";
+    program = toString (pkgs.writeScript "deploy" ''
+      #!${pkgs.runtimeShell}
+      domain='dadada.li'
+      flake=$(nix flake metadata --json ${./.} | jq -r .url)
+      nixos-rebuild switch --upgrade --flake "''${flake}#$1" --target-host "''${1}.$domain" --build-host localhost --use-remote-sudo
+    '');
+  };
+  hm-switch = {
+    type = "app";
+    program = toString (pkgs.writeScript "hm-switch" ''
+      #!${pkgs.runtimeShell}
+      set -eu -o pipefail -x
+      tmpdir=$(mktemp -d)
+      export PATH=${pkgs.lib.makeBinPath [pkgs.coreutils pkgs.nixFlakes pkgs.jq]}
+      trap "rm -rf $tmpdir" EXIT
+      declare -A profiles=(["gorgon"]="home")
+      profile=''${profiles[$HOSTNAME]:-common}
+      flake=$(nix flake metadata --json ${./.} | jq -r .url)
+      nix build --out-link "$tmpdir/result" "$flake#hmConfigurations.''${profile}.activationPackage" "$@"
+      link=$(realpath $tmpdir/result)
+      $link/activate
+    '');
+  };
+}
+
diff --git a/checks.nix b/checks.nix
new file mode 100644
index 0000000..2c5b12a
--- /dev/null
+++ b/checks.nix
@@ -0,0 +1,9 @@
+{ pkgs, formatter }:
+{
+  format = pkgs.runCommand
+    "check-format"
+    {
+      buildInputs = [ formatter ];
+    }
+    "${formatter}/bin/nixpkgs-fmt --check ${./.} && touch $out";
+}
diff --git a/dev-shell.nix b/dev-shell.nix
new file mode 100644
index 0000000..4be50f0
--- /dev/null
+++ b/dev-shell.nix
@@ -0,0 +1,6 @@
+{ pkgs, agenix-bin, ... }:
+pkgs.mkShell {
+  buildInputs = [
+    agenix-bin
+  ];
+}
diff --git a/home/configurations.nix b/home/configurations.nix
index 60588da..d532d92 100644
--- a/home/configurations.nix
+++ b/home/configurations.nix
@@ -1,7 +1,7 @@
 { self
 , nixpkgs
 , home-manager
-,
+, ...
 } @ inputs:
 let
   hmConfiguration =
diff --git a/hydra-jobs.nix b/hydra-jobs.nix
new file mode 100644
index 0000000..6925a86
--- /dev/null
+++ b/hydra-jobs.nix
@@ -0,0 +1,10 @@
+{ self, nixpkgs, flake-utils, ... }:
+(nixpkgs.lib.mapAttrs'
+  (name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel)
+  self.nixosConfigurations
+) //
+(nixpkgs.lib.mapAttrs'
+  (name: config: nixpkgs.lib.nameValuePair name config.activation-script)
+  self.hmConfigurations
+) //
+(let tests = import ./tests; in flake-utils.lib.eachDefaultSystem tests)
diff --git a/nixos/configurations.nix b/nixos/configurations.nix
index d155ab0..6b9d3fb 100644
--- a/nixos/configurations.nix
+++ b/nixos/configurations.nix
@@ -1,9 +1,8 @@
 # TODO refactor adapterModule and redundant module config
 { self
 , admins
-, agenixModule
+, agenix
 , nixpkgs
-, nixosSystem
 , home-manager
 , homePage
 , nixos-hardware
@@ -11,9 +10,11 @@
 , scripts
 , recipemd
 , secretsPath
-,
+, ...
 }:
 let
+  nixosSystem = nixpkgs.lib.nixosSystem;
+  agenixModule = agenix.nixosModule;
   adapterModule = system: {
     nixpkgs.config.allowUnfreePredicate = pkg: true;
     nixpkgs.overlays =
diff --git a/outputs.nix b/outputs.nix
index 028195d..9c2ad7e 100644
--- a/outputs.nix
+++ b/outputs.nix
@@ -12,89 +12,36 @@
 , agenix
 , ...
 } @ inputs:
-let
-  secretsPath = ./secrets;
-in
 (flake-utils.lib.eachDefaultSystem (system:
   let
     pkgs = nixpkgs.legacyPackages.${system};
     selfPkgs = self.packages.${system};
     formatter = self.formatter.${system};
-    agenix-bin = agenix.packages."${system}".agenix;
+    agenix-bin = agenix.defaultPackage."${system}";
   in
   {
-    apps.nixos-switch = {
-      type = "app";
-      program = toString (pkgs.writeScript "deploy" ''
-        #!${pkgs.runtimeShell}
-        flake=$(nix flake metadata --json ${./.} | jq -r .url)
-        nixos-rebuild switch --flake ".#$1" --use-remote-sudo
-      '');
-    };
-    apps.deploy = {
-      type = "app";
-      program = toString (pkgs.writeScript "deploy" ''
-        #!${pkgs.runtimeShell}
-        domain='dadada.li'
-        flake=$(nix flake metadata --json ${./.} | jq -r .url)
-        nixos-rebuild switch --upgrade --flake "''${flake}#$1" --target-host "''${1}.$domain" --build-host localhost --use-remote-sudo
-      '');
-    };
-    apps.hm-switch = {
-      type = "app";
-      program = toString (pkgs.writeScript "hm-switch" ''
-        #!${pkgs.runtimeShell}
-        set -eu -o pipefail -x
-        tmpdir=$(mktemp -d)
-        export PATH=${pkgs.lib.makeBinPath [pkgs.coreutils pkgs.nixFlakes pkgs.jq]}
-        trap "rm -rf $tmpdir" EXIT
-        declare -A profiles=(["gorgon"]="home")
-        profile=''${profiles[$HOSTNAME]:-common}
-        flake=$(nix flake metadata --json ${./.} | jq -r .url)
-        nix build --out-link "$tmpdir/result" "$flake#hmConfigurations.''${profile}.activationPackage" "$@"
-        link=$(realpath $tmpdir/result)
-        $link/activate
-      '');
-    };
+    apps = import ./apps.nix { inherit pkgs; };
 
-    devShell = pkgs.callPackage
-      ({}:
-        pkgs.mkShell {
-          buildInputs = [
-            agenix-bin
-          ];
-        }
-      )
-      { };
+    devShells.default = pkgs.callPackage ./dev-shell.nix { inherit pkgs agenix-bin; };
 
     formatter = nixpkgs.legacyPackages."${system}".nixpkgs-fmt;
-    checks = {
-      format = pkgs.runCommand "check-format" { buildInputs = [ formatter ]; } "${formatter}/bin/nixpkgs-fmt --check ${./.} && touch $out";
-    };
+
+    checks = import ./checks.nix { inherit formatter pkgs; };
   }))
   // {
-  hmConfigurations = import ./home/configurations.nix {
-    inherit self nixpkgs home-manager;
-  };
+
+  hmConfigurations = import ./home/configurations.nix inputs;
+
   hmModules = import ./home/modules inputs;
-  nixosConfigurations = import ./nixos/configurations.nix {
-    agenixModule = agenix.nixosModule;
-    nixosSystem = nixpkgs.lib.nixosSystem;
+
+  nixosConfigurations = import ./nixos/configurations.nix (inputs // {
     admins = import ./admins.nix;
-    inherit self secretsPath nixpkgs home-manager nixos-hardware nvd scripts homePage recipemd;
-  };
+    secretsPath = ./secrets;
+  });
+
   nixosModules = import ./nixos/modules inputs;
+
   overlays = import ./overlays;
-  hydraJobs =
-    (
-      nixpkgs.lib.mapAttrs'
-        (name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel)
-        self.nixosConfigurations
-    )
-    // (
-      nixpkgs.lib.mapAttrs'
-        (name: config: nixpkgs.lib.nameValuePair name config.activation-script)
-        self.hmConfigurations
-    )
-    // (let tests = import ./tests; in flake-utils.lib.eachDefaultSystem tests);
+
+  hydraJobs = import ./hydra-jobs.nix inputs;
 }