diff --git a/keys/ssh_user_ca.pub b/modules/hosts/janus/ssh_user_ca.pub
similarity index 100%
rename from keys/ssh_user_ca.pub
rename to modules/hosts/janus/ssh_user_ca.pub
diff --git a/modules/services/ssh.nix b/modules/services/ssh.nix
index b58cf55..0653589 100644
--- a/modules/services/ssh.nix
+++ b/modules/services/ssh.nix
@@ -1,35 +1,32 @@
-{inputs, ... }:
+{ inputs, ... }:
 let
   userName = "john";
   sshHostCAPubKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNug18oLH0vZxnibXJzMJvTWFPZTnSlhCDDVi+rHhgnIum6ZXQ4SF+VHOOAM5BbzZmMKitNJ5lcrGP15Eur7DzQ=";
 in
 {
-  flake.modules.nixos.ssh = { pkgs, config, lib, ... }:
+  flake.modules.nixos.ssh = { config, pkgs, lib, ... }:
   let
     cfg = config.ssh;
-    userCAPath = "ssh/ssh_user_ca.pub";
+    configDir = "/etc/ssh";
   in
   {
     options.ssh = {
-      configDir = lib.mkOption {
-        description = "String path to the host SSH config directory";
-        type = lib.types.str;
-        default = "/etc/ssh";
-      };
       hostKey = lib.mkOption {
         description = "String path to the host private key file";
         type = lib.types.str;
-        default = "${cfg.configDir}/ssh_host_ed25519_key";
+        default = "ssh_host_ed25519_key";
       };
       certificates = {
         enable = lib.mkEnableOption "Enable SSH host certificates";
         userCA = lib.mkOption {
+          description = "Content for the SSH user CA file (public key)";
           type = lib.types.path;
-          default = ../../keys/ssh_user_ca.pub;
+          default = ../hosts/janus/ssh_user_ca.pub;
         };
-        userCAPath = lib.mkOption {
+        userCAFile = lib.mkOption {
+          description = "String path to the SSh user CA";
           type = lib.types.str;
-          default = "${cfg.configDir}/ssh_user_ca.pub";
+          default = "ssh_user_ca.pub";
         };
       };
     };
@@ -42,16 +39,16 @@ in
           {
             PasswordAuthentication = false;
             KbdInteractiveAuthentication = false;
-            HostKey = cfg.hostKey;
+            HostKey = "${configDir}/${cfg.hostKey}";
           }
           (lib.mkIf cfg.certificates.enable {
-            TrustedUserCAKeys = cfg.certificates.userCAPath;
-            HostCertificate = "${cfg.hostKey}-cert.pub";
+            TrustedUserCAKeys = "${configDir}/${cfg.certificates.userCAFile}";
+            HostCertificate = "${configDir}/${cfg.hostKey}-cert.pub";
           })
         ];
       };
 
-      environment.etc."${userCAPath}" = lib.mkIf cfg.certificates.enable {
+      environment.etc."ssh/${cfg.certificates.userCAFile}" = lib.mkIf cfg.certificates.enable {
         source = cfg.certificates.userCA;
       };