diff --git a/hosts/tsuki/services/gitea/default.nix b/hosts/tsuki/services/gitea/default.nix
index 2ead286..f4561e1 100644
--- a/hosts/tsuki/services/gitea/default.nix
+++ b/hosts/tsuki/services/gitea/default.nix
@@ -13,6 +13,12 @@
     packages = with unstable-pkgs; [ gitea ];
   };
 
+  sops.secrets."postgres/gitea" = rec {
+    restartUnits = [ "gitea.service" ];
+    owner = config.services.gitea.user;
+    group = config.users.users.${owner}.group;
+  };
+
   services.gitea = {
     enable = true;
     user = "git";
@@ -32,7 +38,7 @@
     database = {
       type = "postgres";
       user = "gitea";
-      passwordFile = secrets.keys.postgres.gitea;
+      passwordFile = config.sops.secrets."postgres/gitea".path;
       createDatabase = false;
     };
 
diff --git a/secrets/default.yaml b/secrets/default.yaml
index 6f8358b..49922db 100644
--- a/secrets/default.yaml
+++ b/secrets/default.yaml
@@ -7,6 +7,8 @@ cloudflare:
 drives:
     cirno:
         credentials: ENC[AES256_GCM,data:ypMZhs7dQw/IlcLwHwFcIZw0N+kCzvFGLe3gEqZVe1hj0lzK8MCfxAR8GpA=,iv:by5ljMzOuuY4b6BDUQNLhp8/gcXDNe+rHkqhFzjNA6c=,tag:3C5iYsxEWwAKs9Blgr5o6g==,type:str]
+postgres:
+    gitea: ENC[AES256_GCM,data:HyYgEgOzeOnaEvPDEXoL+fRhrnqCeGbb/wOYf2kHulxrU9PKIAcRzmNljsc=,iv:1N/N2RUQ++rAWw4VNQzhee2aV9LzOJym6cyM6CAnZUU=,tag:o7dblJrIAPd4/S8X2LKdcQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -22,8 +24,8 @@ sops:
             UE1YWkplaFBhV01CU0FDYTQ3NlkwVkUKMJyCfyh/vcj/VU7shtFF4YRRVaWdcMNh
             rp9lZmRZpc9mARXYAj9RlkI/uuSzxshtqb5AGXKmSV0hncazxu75kg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-03-08T13:59:50Z"
-    mac: ENC[AES256_GCM,data:NQdwXLJAd7eRGZ7wM/nO7DJWaqf8wJWw2X3fcc2NViZbmKToJjezmizU+23k5wcqp5kdSM/wfiu2SQn9fRiZ7aYMjTxsmXncUy6jmh4xSf7L7pVSEKMuzOCDifrhaok0U7Lc0F+1Q5I1IPrWVtEGKRMWBYo8vLAD6z47BWXiQ10=,iv:MKu+k8wN0ywXwhzrG/WYAk/aQv0C3N/Er7IKvQeKEY4=,tag:l6Jk3HH1K5ZgKGzLnB34Xg==,type:str]
+    lastmodified: "2023-03-08T14:35:20Z"
+    mac: ENC[AES256_GCM,data:V3LhoWRReZkj16s7/90zvS4GaAXDf7gY3qKGAoYRKPKrbBVDHS3Z6Vd+HZVTNcGZ0gfsJUeI8PXP2CnevN06/NKSIgyGP/8fDYSXCr2Qs3ccOnsWArAT6v83+xFxESIhlC9ww5plbAqCXPfUEHTg3SX7wa3vOQagOBjphKtPYD8=,iv:fYbmMGwbaMpyV7i8/rSTyOdK2TS0u4/0MUAPFZBV4E8=,tag:OIimZjzn6rvuweZVEmsnvw==,type:str]
     pgp:
         - created_at: "2023-03-07T12:32:53Z"
           enc: |