diff --git a/modules/hosts/janus/default.nix b/modules/hosts/janus/default.nix
index a89c3ca..9c86f82 100644
--- a/modules/hosts/janus/default.nix
+++ b/modules/hosts/janus/default.nix
@@ -9,25 +9,45 @@ in
   flake.modules.nixos.janus-ca =
     { config, lib, ... }:
     let
+      cfg = config.janus-ca;
       johnHome = lib.attrByPath [ "users" "users" username "home" ] "/home/${username}" config;
       johnGroup = lib.attrByPath [ "users" "users" username "group" ] username config;
+      cfgInEtc = lib.hasPrefix "/etc/" cfg.certDir;
+      certDirEtcPath =
+        if cfgInEtc then
+          lib.removePrefix "/etc/" cfg.certDir
+        else
+          cfg.certDir;
+      certRootEtcPath = "${certDirEtcPath}/root_ca.crt";
       mkStepRules = home: user: group: [
         "d ${home}/.step 0700 ${user} ${group} -"
         "d ${home}/.step/config 0700 ${user} ${group} -"
         "d ${home}/.step/certs 0700 ${user} ${group} -"
-        "L+ ${home}/.step/config/defaults.json - - - - /etc/step/config/defaults.json"
-        "L+ ${home}/.step/certs/root_ca.crt - - - - /etc/step/certs/root_ca.crt"
+        "L+ ${home}/.step/config/defaults.json - - - - /etc/step-ca/defaults.json"
+        "L+ ${home}/.step/certs/root_ca.crt - - - - ${cfg.certDir}/root_ca.crt"
       ];
     in
     {
-      environment.etc."step/config/defaults.json".text = builtins.toJSON {
-        inherit ca-url fingerprint;
-        root = "/etc/step-ca/certs/root_ca.crt";
+      options.janus-ca = {
+        certDir = lib.mkOption {
+          description = "String path to where the mtls certs will be stored.";
+          type = lib.types.str;
+          default = "/etc/step-ca/certs";
+        };
+      };
+
+      config = {
+        environment.etc = lib.mkIf cfgInEtc {
+          "step-ca/defaults.json".text = builtins.toJSON {
+            inherit ca-url fingerprint;
+            root = "/etc/${certRootEtcPath}";
+          };
+          "${certRootEtcPath}".source = ./root_ca.crt;
+        };
+        systemd.tmpfiles.rules =
+          mkStepRules johnHome username johnGroup
+          ++ mkStepRules "/root" "root" "root";
       };
-      environment.etc."step-ca/certs/root_ca.crt".source = ./root_ca.crt;
-      systemd.tmpfiles.rules =
-        mkStepRules johnHome username johnGroup
-        ++ mkStepRules "/root" "root" "root";
     };
 
   flake.modules.homeManager.janus-ca = { config, ... }: {