diff --git a/hosts/inspiron/secrets.yaml b/hosts/inspiron/secrets.yaml
index e309621..38b81ac 100644
--- a/hosts/inspiron/secrets.yaml
+++ b/hosts/inspiron/secrets.yaml
@@ -1,9 +1,11 @@
 seb-password: ENC[AES256_GCM,data:LlW1njlY0tVfYne/NFM2KJbAPb4eAQgy0mPMIZAIPH5mdr7cSCaPYhc+WF5ZlrlL//mh8WHhsHbEBuA6P7oabSeP6ZczCmTV6w==,iv:oWQj47oxjxR3DBHhFwUD/Emj5ziZHwcbXzD69ChRmHU=,tag:cuTloyd4HW6behF8fmWdxw==,type:str]
 tailscale-auth-key: ENC[AES256_GCM,data:P63hQK6x6OjKQFZmoDXK2+ffUNd6wCzxot+d9GOsplbLMI1Dlvknt+Qq1GHaaziFgvGoQbLLha6RmORD1w==,iv:L9tKkJHuGuN6hzBcPum4giYInpn6+DuAq1zthTRSB/U=,tag:FDCnHCYY/vBYgf1xNiYyMg==,type:str]
-geoclue-location-service: ENC[AES256_GCM,data:eNtzXHhgdhYbGkcIoPk8gkoj2puxebdWC7QData8Ze1/M9+HITDVEDWcxUjXj2oUuXvfJT3dHjEky4b0vAib8odDBBl/+2o4rqjrflGpCUyPU2Qjb8c72w9eYPlekuqeZ7RhOrc2J3LPsQI=,iv:AapFoiKZ/NGBheBhqp5Ei3zzg9yT3rtZVObB5fbIulU=,tag:+k67dDHjQMLsk9KWwboUaA==,type:str]
-iwd:
-    WLAN-233151: ENC[AES256_GCM,data:qnP47hqkVVAWycWaradtJQ/AUu6Jqhh281az4lHp9Vo6bmRLWNga2vG0Sg==,iv:+pC6EVtgzxR//bMJCDyzmsBrT25pcGZ5sAEkUkohU5Y=,tag:tAokgFEzr2S5B4UreB5lPA==,type:str]
-    Fairphone4: ENC[AES256_GCM,data:BUSZHUxLNPCVc+h8VvcGo11ZHt04s7HVDOh0oaSOl/oB4dQ=,iv:YGbX6sF2FtjPwuGQGcQutWz7TD4Lg8DG0zi7ddXCkas=,tag:cNKu8xvrLOGy4Vq7WIBFTg==,type:str]
+geolocation-api-key: ENC[AES256_GCM,data:LQgB/VEVlKhvaGowNjdmlLq14+VTTE6tZJVrUoYuy6fFUX0jykoj,iv:40TPjSxkycF9K7eC+eJaXf+wN7DjUJJ5L7ES93o7Oyk=,tag:C9D3/fj0vBLnMFz0rsHLqw==,type:str]
+wlan:
+    WLAN-233151:
+        key: ENC[AES256_GCM,data:/DAuYEU6tUisLxz/9TkdB4Yk/vQ=,iv:Ubj28yyfOqcXQyUs9e0iPq0BscHjfB2vRQd14x8L4Cg=,tag:vf9FITNJZxEzLo5+ZInD5Q==,type:str]
+    Fairphone4:
+        key: ENC[AES256_GCM,data:tfiTA4P9H3X2OgLW,iv:9wVmeeiKmQ7nFLbvXdVCeJU7/e9SHAzlCOJA31uWZOY=,tag:u3CboobFFAwxL1c5emCz9Q==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -28,8 +30,8 @@ sops:
             WlU1TjFDSHFzVU9TVWlNZVBJNkZabTQKkkgMlCEN84e1Syf9wB06CwToxZoE3CZi
             h369oefzYx06hEde06tU9UP7FtXRP0ktgZps4d+Fx4IkNJxoP6Ucuw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-06-25T17:41:16Z"
-    mac: ENC[AES256_GCM,data:aPpJ8bvF0Xr0MCKgTpQ6IDZ3LEWCnQPBZl/qSWmZ4lG9YTCZwW/0mFgnYPdYGDsGMYswPPJemphj7Krggi4BvdhfmsA9HEp4oDx4OtKbCgU66VraZ5HDHYh8BTJABAmR0vtEYeo9BhddBBEreSlA6Wul9tsFTlpUXbe03ZNWY6M=,iv:38dMQH7jKT9JnMbnOJagGgXTiqknFTWQVtWuGVH7HBQ=,tag:hd6Z7oX8EmXwOiGSB1GB2A==,type:str]
+    lastmodified: "2024-06-26T15:14:33Z"
+    mac: ENC[AES256_GCM,data:qkKMK00irokIrnA7xgg1lAD/0iutNO+Aiw+WNczgHZtnCdOaZ0A69xQz4mVCrKuV3ZLKCpL/gCkZivxPS9dQC1wX+OFFgsRl97uURAuUqEpfsWr6eDaYJCWoKi+04Ku8/gjFO0Oj8Dz/HOyYIO1zXFwjOkOetWvaYQVSmf6Oob8=,iv:1bGiGRBjWv4bvsC6Vinj4gp7k2fR40ueAhdO5zSHdLM=,tag:hJpgtn6+r7WaNPhaax+dFg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1
diff --git a/hosts/north/secrets.yaml b/hosts/north/secrets.yaml
index e790ad5..61ea7df 100644
--- a/hosts/north/secrets.yaml
+++ b/hosts/north/secrets.yaml
@@ -1,6 +1,6 @@
 seb-password: ENC[AES256_GCM,data:vZml/awD9ieBCQQwYs9zZveqjDDzMxFH1PFKQ8qLlaiUgaWL2BmKf4RbuS/pkjNLHr/UkPM3d3rlW6WAlNvhZiMRE+naGwD1Mw==,iv:vORmRgBgZvdafRa8vFF4LL3fw44yZV3yNq3L8eOcQRI=,tag:B7jX2LV/vKpzFlvG0bnCVA==,type:str]
 tailscale-auth-key: ENC[AES256_GCM,data:fFiUzrcS6KWhu+BjFgOfW9YmC/T7V4cebJT209lxScV6UKsUD6Pih5Kq7wOoajSH6fR+JorZwSowi6nXBg==,iv:0PEC9oOWrlZoALGu/KVD1dV1X3YVe9cIkiXWqoynxX8=,tag:ISyeO06FdgqoqNpi5jlg5w==,type:str]
-geoclue-location-service: ENC[AES256_GCM,data:3/PmcfCtqLB1tIHnY8bcISoFKckc1zeSK1+g4oavMMsW0OF4Bh9HlSz3KEiu0F3QdQQeT5vlWwAXHwwmSiVKiU+T+JiDYLbJphFErLzDy8G0z9LknoALFyFv/aCUgZ4QfnCztbBv/erG6Og=,iv:pevsZNa+1F2Kf345yJYsW1SUy/5q/63mKbhu/qF+lZ8=,tag:LDBzC/ZK6UVT5RvjYtQi/g==,type:str]
+geolocation-api-key: ENC[AES256_GCM,data:sq2W2xdyHkSk465fK7sWHcewCdh03K3z01WM/U4OwcjISr59gkR8,iv:sdGZRGL+DIzax22EyPgTi+Zrqac8hmLK6isqdsW6E/g=,tag:oeBHPgfdcdgAANfjTtDCLw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -25,8 +25,8 @@ sops:
             S04zMkpXT21GYTBSRFI2c1gyalZCK1UKtD6FA5BLLqnMAtVqYIujkM5qqMD524ck
             GipN/XwBhXSL98xrgaNmnN+Q46SNX0s41maGO624xvZMKZhObjxHIw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-06-25T15:59:15Z"
-    mac: ENC[AES256_GCM,data:WmMkOUz6fC20y+bxjGcP1SJXMpIuE8h21SNYybKuZLl9azAClvqvD0xPaHTLfZI9mvJhHInTA616dDV0W9EAjgHjmna+jj2/6xZ9WY/skjNbXe4SSYJW7xxWvwsft92KKvNobqC25qm1BPvCWyDYcVS3h3Uh5BSf4UnYCOnM72A=,iv:FejTJW6AY4hx5SGSMKlzWoeNvZonOM5ESHzH7eLp1U4=,tag:yAiyRErSKJQYW4y+XsQUaA==,type:str]
+    lastmodified: "2024-06-26T15:20:06Z"
+    mac: ENC[AES256_GCM,data:ugcd4SWU3JJpvoO4PFbTncKrNOZbNAhDohQMQcZcP0ffofnTEHrVxKVsS829pQ1dENMzS7iI0Ui1J+r3V5Poa8WzuTPcbNefYHWihILYPuA1d+436XcTOxtg0kuz7tjrmCQAicJHOVk5v/olsGkFSA862uV5XNWxRU/QdkSWUxU=,iv:1OVAa0yoNpu2SguZQKSNP1BOuHudYLmn4oHVJt4qMBY=,tag:noatWgTBgTGXXcJFPpFG0g==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1
diff --git a/modules/system/geoclue.nix b/modules/system/geoclue.nix
index 250ff69..285d125 100644
--- a/modules/system/geoclue.nix
+++ b/modules/system/geoclue.nix
@@ -3,9 +3,17 @@
   options.myConfig.geoclue.enable = lib.mkEnableOption "";
 
   config = lib.mkIf config.myConfig.geoclue.enable {
-    sops.secrets.geoclue-location-service = {
-      owner = "geoclue";
-      path = "/etc/geoclue/conf.d/location-service.conf";
+    sops = {
+      secrets.geolocation-api-key = { };
+
+      templates."geoclue-location-service.conf" = {
+        owner = "geoclue";
+        path = "/etc/geoclue/conf.d/location-service.conf";
+        content = ''
+          [wifi]
+          url=https://www.googleapis.com/geolocation/v1/geolocate?key=${config.sops.placeholder.geolocation-api-key}
+        '';
+      };
     };
 
     services.geoclue2 = {
diff --git a/modules/system/wlan.nix b/modules/system/wlan.nix
index 65484eb..5635728 100644
--- a/modules/system/wlan.nix
+++ b/modules/system/wlan.nix
@@ -8,9 +8,23 @@
   options.myConfig.wlan.enable = lib.mkEnableOption "";
 
   config = lib.mkIf config.myConfig.wlan.enable {
-    sops.secrets = {
-      "iwd/WLAN-233151" = { };
-      "iwd/Fairphone4" = { };
+    sops = {
+      secrets = {
+        "wlan/WLAN-233151/key" = { };
+        "wlan/Fairphone4/key" = { };
+      };
+
+      templates =
+        let
+          mkPskFile = key: ''
+            [Security]
+            Passphrase=${key}
+          '';
+        in
+        {
+          "iwd/WLAN-233151.psk".content = mkPskFile "${config.sops.placeholder."wlan/WLAN-233151/key"}";
+          "iwd/Fairphone4.psk".content = mkPskFile "${config.sops.placeholder."wlan/Fairphone4/key"}";
+        };
     };
 
     networking.wireless.iwd = {
@@ -24,8 +38,8 @@
     };
 
     systemd.tmpfiles.rules = [
-      "C /var/lib/iwd/WLAN-233151.psk 0600 root root - ${config.sops.secrets."iwd/WLAN-233151".path}"
-      "C /var/lib/iwd/Fairphone4.psk 0600 root root - ${config.sops.secrets."iwd/Fairphone4".path}"
+      "C /var/lib/iwd/WLAN-233151.psk 0600 root root - ${config.sops.templates."iwd/WLAN-233151.psk".path}"
+      "C /var/lib/iwd/Fairphone4.psk 0600 root root - ${config.sops.templates."iwd/Fairphone4.psk".path}"
     ];
 
     environment.systemPackages = [ pkgs.iwgtk ];