diff --git a/secrets/.gitignore b/.gitignore
similarity index 100%
rename from secrets/.gitignore
rename to .gitignore
diff --git a/README.md b/README.md
index 4b7a003..76e7bb6 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,14 @@
 Nix definitions to configure our physical servers.
 Currently, only one physical server (named jefke) is implemented.
 
-To deploy:
-```
-nixos-rebuild switch -j auto --target-host root@jefke.hyp --flake ".#jefke"
-```
+## Deployment
+
+### Prerequisites
+
+Before a NixOS definition can be deployed, some prerequite preparational steps must be performed.
+
+1. Manually install NixOS on the physical machine. This could potentially be automated in the future with [nixos-anywhere](https://github.com/nix-community/nixos-anywhere), but for now this is a manual process.
+2. Enable SSH and install authorized keys.
+3. Ensure Python3 is installed for Ansible.
+4. Run Ansible playbook which deploys secrets `ansible-playbook deploy_secrets.yml`.
+5. Deploy the NixOS definition: `nixos-rebuild switch -j auto --target-host root@jefke.hyp --flake ".#jefke"`.
diff --git a/secrets/.envrc b/ansible/.envrc
similarity index 100%
rename from secrets/.envrc
rename to ansible/.envrc
diff --git a/secrets/ansible.cfg b/ansible/ansible.cfg
similarity index 100%
rename from secrets/ansible.cfg
rename to ansible/ansible.cfg
diff --git a/secrets/deploy.yml b/ansible/deploy_secrets.yml
similarity index 100%
rename from secrets/deploy.yml
rename to ansible/deploy_secrets.yml
diff --git a/secrets/files/jefke_host_ed25519 b/ansible/files/jefke_host_ed25519
similarity index 100%
rename from secrets/files/jefke_host_ed25519
rename to ansible/files/jefke_host_ed25519
diff --git a/secrets/files/jefke_host_ed25519.crt b/ansible/files/jefke_host_ed25519.crt
similarity index 100%
rename from secrets/files/jefke_host_ed25519.crt
rename to ansible/files/jefke_host_ed25519.crt
diff --git a/secrets/files/jefke_host_ed25519.pub b/ansible/files/jefke_host_ed25519.pub
similarity index 100%
rename from secrets/files/jefke_host_ed25519.pub
rename to ansible/files/jefke_host_ed25519.pub
diff --git a/secrets/files/jefke_user_ed25519 b/ansible/files/jefke_user_ed25519
similarity index 100%
rename from secrets/files/jefke_user_ed25519
rename to ansible/files/jefke_user_ed25519
diff --git a/secrets/files/jefke_user_ed25519.crt b/ansible/files/jefke_user_ed25519.crt
similarity index 100%
rename from secrets/files/jefke_user_ed25519.crt
rename to ansible/files/jefke_user_ed25519.crt
diff --git a/secrets/files/jefke_user_ed25519.pub b/ansible/files/jefke_user_ed25519.pub
similarity index 100%
rename from secrets/files/jefke_user_ed25519.pub
rename to ansible/files/jefke_user_ed25519.pub
diff --git a/secrets/flake.lock b/ansible/flake.lock
similarity index 100%
rename from secrets/flake.lock
rename to ansible/flake.lock
diff --git a/secrets/flake.nix b/ansible/flake.nix
similarity index 100%
rename from secrets/flake.nix
rename to ansible/flake.nix
diff --git a/secrets/inventory/hosts.yml b/ansible/inventory/hosts.yml
similarity index 100%
rename from secrets/inventory/hosts.yml
rename to ansible/inventory/hosts.yml
diff --git a/secrets/README.md b/secrets/README.md
deleted file mode 100644
index f51972c..0000000
--- a/secrets/README.md
+++ /dev/null
@@ -1,7 +0,0 @@
-We can for now keep using Ansible vault to deploy secrets.
-The steps for setting up a hypervisor will thus become:
-1. Manually install NixOS
-2. Configure SSH and install authorized keys
-3. Ensure python3 is present on the system
-4. Run Ansible script to copy secrets
-5. Run Nix to configure everything else