diff --git a/morph/grid/local/grid.nix b/morph/grid/local/grid.nix
index 51f41832ded8fe18290c47b5b3ad85fb58c2a511..a17f4546eb1a19232f7f7f822862bfdd57440c9c 100644
--- a/morph/grid/local/grid.nix
+++ b/morph/grid/local/grid.nix
@@ -12,8 +12,9 @@ let
     privateKeyPath = toString ./. + "/${rawConfig.privateKeyPath}";
   };
 
-  # Configure deployment management authorization for all systems in the grid.
-  deployment = {
+  # Module with per-grid configuration
+  grid-module = {
+    # Configure deployment management authorization for all systems in the grid.
     services.private-storage.deployment = {
       authorizedKey = builtins.readFile "${config.publicKeyPath}/deploy_key.pub";
       gridName = "local";
@@ -27,7 +28,7 @@ let
       (gridlib.customize-issuer (config // {
           monitoringvpnIPv4 = "172.23.23.11";
       }))
-      deployment
+      grid-module
     ];
   };
 
@@ -39,7 +40,7 @@ let
         monitoringvpnIPv4 = "172.23.23.12";
         stateVersion = "19.09";
       }))
-      deployment
+      grid-module
     ];
   };
 
@@ -51,7 +52,7 @@ let
         monitoringvpnIPv4 = "172.23.23.13";
         stateVersion = "19.09";
       }))
-      deployment
+      grid-module
     ];
   };
 
@@ -66,7 +67,7 @@ let
         monitoringvpnIPv4 = "172.23.23.1";
         stateVersion = "19.09";
       })
-      deployment
+      grid-module
     ];
   };
 
diff --git a/morph/grid/production/grid.nix b/morph/grid/production/grid.nix
index 06eefdd28da57ad65ea99543ba8421bc934ef752..fac74ccf2f028c270a773788dde71451f6025d4f 100644
--- a/morph/grid/production/grid.nix
+++ b/morph/grid/production/grid.nix
@@ -13,8 +13,9 @@ let
     privateKeyPath = toString ./. + "/${rawConfig.privateKeyPath}";
   };
 
-  # Configure deployment management authorization for all systems in the grid.
-  deployment = {
+  # Module with per-grid configuration
+  grid-module = {
+    # Configure deployment management authorization for all systems in the grid.
     services.private-storage.deployment = {
       authorizedKey = builtins.readFile "${config.publicKeyPath}/deploy_key.pub";
       gridName = "production";
@@ -28,7 +29,7 @@ let
       (gridlib.customize-issuer (config // {
         monitoringvpnIPv4 = "172.23.23.11";
       }))
-      deployment
+      grid-module
     ];
   };
 
@@ -43,7 +44,7 @@ let
         monitoringvpnIPv4 = "172.23.23.1";
         stateVersion = "19.09";
       })
-      deployment
+      grid-module
     ];
   };
 
@@ -71,7 +72,7 @@ let
       }))
 
       # Also configure deployment management authorization
-      deployment
+      grid-module
     ];
 
     # And supply configuration for those hardware / network / bootloader
diff --git a/morph/grid/testing/grid.nix b/morph/grid/testing/grid.nix
index 7b06c99e1f7a1b65b535f924a0a24aebe6753586..9e03a500c3c22fc90c16b65460324a9ed2adec78 100644
--- a/morph/grid/testing/grid.nix
+++ b/morph/grid/testing/grid.nix
@@ -13,8 +13,9 @@ let
     privateKeyPath = toString ./. + "/${rawConfig.privateKeyPath}";
   };
 
-  # Configure deployment management authorization for all systems in the grid.
-  deployment = {
+  # Module with per-grid configuration
+  grid-module = {
+    # Configure deployment management authorization for all systems in the grid.
     services.private-storage.deployment = {
       authorizedKey = builtins.readFile "${config.publicKeyPath}/deploy_key.pub";
       gridName = "testing";
@@ -28,7 +29,7 @@ let
       (gridlib.customize-issuer (config // {
         monitoringvpnIPv4 = "172.23.23.11";
       }))
-      deployment
+      grid-module
     ];
   };
 
@@ -41,7 +42,7 @@ let
         monitoringvpnIPv4 = "172.23.23.12";
         stateVersion = "19.03";
       }))
-      deployment
+      grid-module
     ];
   };
 
@@ -56,7 +57,7 @@ let
         monitoringvpnIPv4 = "172.23.23.1";
         stateVersion = "19.09";
       })
-      deployment
+      grid-module
     ];
   };