diff --git a/config/nixos-desktop.nix b/config/nixos-desktop.nix
new file mode 100644
index 0000000..3e3c699
--- /dev/null
+++ b/config/nixos-desktop.nix
@@ -0,0 +1,17 @@
+{ config, lib, pkgs, ... }:
+
+{
+  modules = {
+    gaming = true;
+
+    editors = {
+      idea = true;
+      code = true;
+    };
+
+    desktop.apps.email = {
+      enable = true;
+      passwordFile = ../secrets/email-desktop.age;
+    };
+  };
+}
diff --git a/config/nixos-laptop.nix b/config/nixos-laptop.nix
new file mode 100644
index 0000000..777349e
--- /dev/null
+++ b/config/nixos-laptop.nix
@@ -0,0 +1,8 @@
+{ config, lib, pkgs, ... }:
+
+{
+  modules.desktop.apps.email = {
+    enable = true;
+    passwordFile = ../secrets/email-desktop.age;
+  };
+}
diff --git a/modules/desktop/apps/email.nix b/modules/desktop/apps/email.nix
index 3a807c8..c8a83d6 100644
--- a/modules/desktop/apps/email.nix
+++ b/modules/desktop/apps/email.nix
@@ -1,77 +1,98 @@
 { config, lib, pkgs, ... }:
+
+with lib;
 let
+  cfg = config.modules.desktop.apps.email;
   name = "Moritz Böhme";
   email = "mail@moritzboeh.me";
   mailDirectory = "/home/moritz/.mail";
 in {
-  environment.systemPackages = with pkgs; [ protonmail-bridge ];
-  systemd.user.services.protonmail-bridge = {
-    description = "Protonmail Bridge";
-    enable = true;
-    script =
-      "${pkgs.protonmail-bridge}/bin/protonmail-bridge --log-level debug";
-    path = [
-      pkgs.gnome3.gnome-keyring
-    ]; # HACK: https://github.com/ProtonMail/proton-bridge/issues/176
-    wantedBy = [ "graphical-session.target" ];
-    partOf = [ "graphical-session.target" ];
+  options.modules.desktop.apps.email = {
+    enable = mkEnableOption "email module";
+    passwordFile = mkOption {
+      default = null;
+      type = types.path;
+      description = "File containing the email password.";
+    };
   };
-  home-manager.users.moritz = {
-    home = { packages = with pkgs; [ thunderbird ]; };
-    programs = {
-      msmtp.enable = true;
-      mbsync.enable = true;
+
+  config = mkIf cfg.enable {
+    # Protonbridge Setup
+    environment.systemPackages = with pkgs; [ protonmail-bridge ];
+    systemd.user.services.protonmail-bridge = {
+      description = "Protonmail Bridge";
+      enable = true;
+      script =
+        "${pkgs.protonmail-bridge}/bin/protonmail-bridge --log-level debug";
+      path = [
+        pkgs.gnome3.gnome-keyring
+      ]; # HACK: https://github.com/ProtonMail/proton-bridge/issues/176
+      wantedBy = [ "graphical-session.target" ];
+      partOf = [ "graphical-session.target" ];
+    };
+    age.secrets.email = {
+      file = cfg.passwordFile;
+      owner = "1000";
     };
 
-    services = {
-      mbsync = {
-        enable = true;
-        frequency = "*:0/15";
-        preExec = "${pkgs.isync}/bin/mbsync -Ha";
-        postExec = "${pkgs.mu}/bin/mu index -m ${mailDirectory}";
+    # Email Applications
+    home-manager.users.moritz = {
+      home = { packages = with pkgs; [ thunderbird ]; };
+      programs = {
+        msmtp.enable = true;
+        mbsync.enable = true;
       };
-    };
 
-    accounts.email = {
-      maildirBasePath = mailDirectory;
-      accounts = {
-        default = {
-          address = email;
-          userName = email;
-          flavor = "plain";
-          primary = true;
-          passwordCommand = "${pkgs.coreutils}/bin/cat /run/agenix/email";
-          mbsync = {
-            enable = true;
-            create = "both";
-            expunge = "both";
-            patterns = [ "*" ];
-          };
-          realName = name;
-          msmtp.enable = true;
-          imap = {
-            host = "127.0.0.1";
-            port = 1143;
-            tls = {
+      services = {
+        mbsync = {
+          enable = true;
+          frequency = "*:0/15";
+          preExec = "${pkgs.isync}/bin/mbsync -Ha";
+          postExec = "${pkgs.mu}/bin/mu index -m ${mailDirectory}";
+        };
+      };
+
+      accounts.email = {
+        maildirBasePath = mailDirectory;
+        accounts = {
+          default = {
+            address = email;
+            userName = email;
+            flavor = "plain";
+            primary = true;
+            passwordCommand = "${pkgs.coreutils}/bin/cat /run/agenix/email";
+            mbsync = {
               enable = true;
-              useStartTls = true;
-              certificatesFile =
-                "/home/moritz/.config/protonmail/bridge/cert.pem";
+              create = "both";
+              expunge = "both";
+              patterns = [ "*" ];
             };
-          };
-          smtp = {
-            host = "127.0.0.1";
-            port = 1025;
-            tls = {
-              enable = true;
-              useStartTls = true;
-              certificatesFile =
-                "/home/moritz/.config/protonmail/bridge/cert.pem";
+            realName = name;
+            msmtp.enable = true;
+            imap = {
+              host = "127.0.0.1";
+              port = 1143;
+              tls = {
+                enable = true;
+                useStartTls = true;
+                certificatesFile =
+                  "/home/moritz/.config/protonmail/bridge/cert.pem";
+              };
+            };
+            smtp = {
+              host = "127.0.0.1";
+              port = 1025;
+              tls = {
+                enable = true;
+                useStartTls = true;
+                certificatesFile =
+                  "/home/moritz/.config/protonmail/bridge/cert.pem";
+              };
             };
           };
         };
       };
     };
+    networking.firewall.allowedTCPPorts = [ 33728 1025 1143 ];
   };
-  networking.firewall.allowedTCPPorts = [ 33728 1025 1143 ];
 }