diff --git a/.gitignore b/.gitignore
index afef27b..0a8c9a0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-secrets.nix
-hardware-configuration.nix
\ No newline at end of file
+var.nix
+hardware-configuration.nix
diff --git a/README.md b/README.md
index d4d8375..6f83ee3 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,6 @@
 # code.dumpstack.io
 
-[Download NixOS installation ISO](https://nixos.org/nixos/download.html)
-
-Notes:
-1. I assume that latest **stable** (e.g. 19.03) ISO will be used for installation.
-2. You need to change hostname in `configuration.nix:9`.
+[NixOS](https://nixos.org)
 
 ## Installation
 
@@ -19,6 +15,10 @@ Notes:
     nix-channel --add https://nixos.org/channels/nixos-unstable nixos
     nix-channel --update
 
+    cd /mnt/etc/nixos
+    cp var.example.nix var.nix
+    vim var.nix
+
     nixos-generate-config --root /mnt
 
     nixos-install
diff --git a/configuration.nix b/configuration.nix
index 45525e9..1d6f1f7 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -3,8 +3,7 @@
 #
 { config, pkgs, lib, ... }:
 let
-  secrets = import ./secrets.nix;
-  hostname = "code.dumpstack.io";
+  var = import ./var.nix;
 in {
   imports = [
     ./hardware-configuration.nix
@@ -19,7 +18,7 @@ in {
     }
   ];
 
-  networking.hostName = builtins.replaceStrings ["."] ["-"] "${hostname}";
+  networking.hostName = builtins.replaceStrings ["."] ["-"] "${var.hostname}";
 
   networking.firewall =  {
     enable = true;
@@ -27,7 +26,7 @@ in {
   };
 
   users.extraUsers.root = {
-    openssh.authorizedKeys.keys = [ secrets.pubkey ];
+    openssh.authorizedKeys.keys = [ var.pubkey ];
   };
 
   services.openssh.enable = true;
@@ -38,12 +37,12 @@ in {
 
   services.gitea = {
     enable = true;
-    appName = "${hostname}";
+    appName = "${var.hostname}";
 
     settings = {
       server = {
-        ROOT_URL = "https://${hostname}";
-        DOMAIN = "${hostname}";
+        ROOT_URL = "https://${var.hostname}";
+        DOMAIN = "${var.hostname}";
       };
       service = {
         DISABLE_REGISTRATION = true;
@@ -60,12 +59,12 @@ in {
     };
   };
 
-  security.acme.defaults.email = "letsencrypt@dumpstack.io";
+  security.acme.defaults.email = var.email;
   security.acme.acceptTerms = true;
 
   services.nginx = {
     enable = true;
-    virtualHosts."${hostname}" = {
+    virtualHosts."${var.hostname}" = {
       enableACME = true;
       forceSSL = true;
 
diff --git a/secrets.nix.example b/secrets.nix.example
deleted file mode 100644
index f85fd4b..0000000
--- a/secrets.nix.example
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-  pubkey = "changeme"; # ssh-add -L
-}
diff --git a/var.example.nix b/var.example.nix
new file mode 100644
index 0000000..9b0e347
--- /dev/null
+++ b/var.example.nix
@@ -0,0 +1,5 @@
+{
+  hostname = "gitea.example.com";
+  email = "for_lets_encrypt@example.com";
+  pubkey = "changeme"; # ssh-add -L
+}