diff --git a/magpie/configuration.nix b/magpie/configuration.nix
index 8e279ad..425ff9c 100644
--- a/magpie/configuration.nix
+++ b/magpie/configuration.nix
@@ -300,8 +300,8 @@
     sopsFile = ./secrets/wg_privkey.yaml;
   };
 
-  sops.secrets."wg_preshared" = {
-    sopsFile = ./secrets/wg_preshared.yaml;
+  sops.secrets."wg_preshared/nixy" = {
+    sopsFile = ../common/secrets/wg_preshared.yaml;
   };
 
   sops.secrets."borgbase_enc_key" = {
@@ -346,11 +346,12 @@
       peers = [
         {
           publicKey = builtins.readFile ../nixy/wg_pubkey;
-	  presharedKeyFile = config.sops.secrets."wg_preshared".path;
+          presharedKeyFile = config.sops.secrets."wg_preshared/nixy".path;
           allowedIPs = ["10.100.0.6/32"];
         }
         {
           publicKey = builtins.readFile ../mediabox/wg_pubkey;
+          presharedKeyFile = config.sops.secrets."wg_preshared/mediabox".path;
           allowedIPs = ["10.100.0.5/32"];
         }
       ];
diff --git a/mediabox/configuration.nix b/mediabox/configuration.nix
index 21b9a65..00e8443 100644
--- a/mediabox/configuration.nix
+++ b/mediabox/configuration.nix
@@ -26,6 +26,10 @@
     sopsFile = ./secrets/wg_privkey.yaml;
   };
 
+  sops.secrets."wg_preshared/mediabox" = {
+    sopsFile = ../common/secrets/wg_privkey.yaml;
+  };
+
   nix = {
     optimise.automatic = true;
     gc.automatic = true;
@@ -101,6 +105,7 @@
         peers = [
           {
             publicKey = builtins.readFile ../magpie/wg_pubkey;
+            presharedKeyFile = config.sops.secrets."wg_preshared/mediabox".path;
             allowedIPs = ["10.100.0.0/24"];
             endpoint = "5.75.229.224:51820";
             persistentKeepalive = 25;
diff --git a/nixy/configuration.nix b/nixy/configuration.nix
index 62b4e4b..a4274fd 100644
--- a/nixy/configuration.nix
+++ b/nixy/configuration.nix
@@ -24,8 +24,8 @@
     sopsFile = ./secrets/wg_privkey.yaml;
   };
 
-  sops.secrets."wg_preshared" = {
-    sopsFile = ./secrets/wg_preshared.yaml;
+  sops.secrets."wg_preshared/nixy" = {
+    sopsFile = ../common/secrets/wg_preshared.yaml;
   };
 
   sops.secrets."borgbase_enc_key" = {
@@ -133,7 +133,7 @@
         peers = [
           {
             publicKey = builtins.readFile ../magpie/wg_pubkey;
-            presharedKeyFile = config.sops.secrets."wg_preshared".path;
+            presharedKeyFile = config.sops.secrets."wg_preshared/nixy".path;
             allowedIPs = ["10.100.0.0/24"];
             endpoint = "5.75.229.224:51820";
             persistentKeepalive = 25;