diff --git a/hosts/bekkalokk/services/gitea/default.nix b/hosts/bekkalokk/services/gitea/default.nix
index fe51e65..a33d957 100644
--- a/hosts/bekkalokk/services/gitea/default.nix
+++ b/hosts/bekkalokk/services/gitea/default.nix
@@ -6,6 +6,7 @@ let
 in {
   imports = [
     ./ci.nix
+    ./import-users.nix
   ];
 
   sops.secrets = {
@@ -13,9 +14,6 @@ in {
       owner = "gitea";
       group = "gitea";
     };
-    "gitea/passwd-ssh-key" = { };
-    "gitea/ssh-known-hosts" = { };
-    "gitea/import-user-env" = { };
   };
 
   services.gitea = {
@@ -70,32 +68,6 @@ in {
 
   networking.firewall.allowedTCPPorts = [ sshPort ];
 
-  # Automatically import users
-  systemd.services.gitea-import-users = {
-    enable = true;
-    preStart=''${pkgs.rsync}/bin/rsync -e "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=$CREDENTIALS_DIRECTORY/ssh-known-hosts -i $CREDENTIALS_DIRECTORY/sshkey" -a pvv@smtp.pvv.ntnu.no:/etc/passwd /tmp/passwd-import'';
-    serviceConfig = {
-      ExecStart = pkgs.writers.writePython3 "gitea-import-users" { libraries = [ pkgs.python3Packages.requests ]; } (builtins.readFile ./gitea-import-users.py);
-      LoadCredential=[
-        "sshkey:${config.sops.secrets."gitea/passwd-ssh-key".path}"
-        "ssh-known-hosts:${config.sops.secrets."gitea/ssh-known-hosts".path}"
-      ];
-      DynamicUser="yes";
-      EnvironmentFile=config.sops.secrets."gitea/import-user-env".path;
-    };
-  };
-
-  systemd.timers.gitea-import-users = {
-    requires = [ "gitea.service" ];
-    after = [ "gitea.service" ];
-    wantedBy = [ "timers.target" ];
-    timerConfig = {
-      OnCalendar = "*-*-* 02:00:00";
-      Persistent = true;
-      Unit = "gitea-import-users.service";
-    };
-  };
-
   system.activationScripts.linkGiteaLogo.text = let
     logo-svg = ../../../../assets/logo_blue_regular.svg;
     logo-png = ../../../../assets/logo_blue_regular.png;
diff --git a/hosts/bekkalokk/services/gitea/import-users.nix b/hosts/bekkalokk/services/gitea/import-users.nix
new file mode 100644
index 0000000..cae6283
--- /dev/null
+++ b/hosts/bekkalokk/services/gitea/import-users.nix
@@ -0,0 +1,38 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.services.gitea;
+in
+{
+  sops.secrets = {
+    "gitea/passwd-ssh-key" = { };
+    "gitea/ssh-known-hosts" = { };
+    "gitea/import-user-env" = { };
+  };
+
+  systemd.services.gitea-import-users = lib.mkIf cfg.enable {
+    enable = true;
+    preStart=''${pkgs.rsync}/bin/rsync -e "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=$CREDENTIALS_DIRECTORY/ssh-known-hosts -i $CREDENTIALS_DIRECTORY/sshkey" -a pvv@smtp.pvv.ntnu.no:/etc/passwd /tmp/passwd-import'';
+    serviceConfig = {
+      ExecStart = pkgs.writers.writePython3 "gitea-import-users" {
+        libraries = with pkgs.python3Packages; [ requests ];
+      } (builtins.readFile ./gitea-import-users.py);
+      LoadCredential=[
+        "sshkey:${config.sops.secrets."gitea/passwd-ssh-key".path}"
+        "ssh-known-hosts:${config.sops.secrets."gitea/ssh-known-hosts".path}"
+      ];
+      DynamicUser="yes";
+      EnvironmentFile=config.sops.secrets."gitea/import-user-env".path;
+    };
+  };
+
+  systemd.timers.gitea-import-users = lib.mkIf cfg.enable {
+    requires = [ "gitea.service" ];
+    after = [ "gitea.service" ];
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnCalendar = "*-*-* 02:00:00";
+      Persistent = true;
+      Unit = "gitea-import-users.service";
+    };
+  };
+}