diff --git a/hosts/mauville/default.nix b/hosts/mauville/default.nix
index d738146b..f73fff85 100644
--- a/hosts/mauville/default.nix
+++ b/hosts/mauville/default.nix
@@ -19,7 +19,10 @@ in {
     ./home.nix
   ];
 
-  age.secrets.cloudflare.file = ../../secrets/cloudflare.age;
+  age.secrets = {
+    cloudflare.file = ../../secrets/cloudflare.age;
+    nixCache.file = ../../secrets/nixCache/privKey.age;
+  };
 
   boot.loader = {
     efi.canTouchEfiVariables = true;
@@ -164,7 +167,7 @@ in {
 
     nix-serve = {
       enable = true;
-      secretKeyFile = "/var/cache-priv-key.pem";
+      secretKeyFile = config.age.secrets.nixCache.path;
     };
 
     ollama = {
diff --git a/secrets/nixCache/privKey.age b/secrets/nixCache/privKey.age
new file mode 100644
index 00000000..453ffbf7
Binary files /dev/null and b/secrets/nixCache/privKey.age differ
diff --git a/secrets/nixCache/pubKey b/secrets/nixCache/pubKey
new file mode 100644
index 00000000..0a826f43
--- /dev/null
+++ b/secrets/nixCache/pubKey
@@ -0,0 +1 @@
+nixcache.raffauflabs.com:yFIuJde/izA4aUDI3MZmBLzynEsqVCT1OfCUghOLlt8=
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 13b8153e..7bfad90c 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -22,6 +22,7 @@ in {
   "lastFM/secret.age".publicKeys = keys;
   "mail/achacega_gmail.age".publicKeys = keys;
   "mail/alyraffauf_fastmail.age".publicKeys = keys;
+  "nixCache/privKey.age".publicKeys = keys;
   "spotify/clientId.age".publicKeys = keys;
   "spotify/clientSecret.age".publicKeys = keys;
   "syncthing/fallarbor/cert.age".publicKeys = keys;