diff --git a/modules/services/foundryvtt.nix b/modules/services/foundryvtt.nix
index e9542fd..14a5daf 100644
--- a/modules/services/foundryvtt.nix
+++ b/modules/services/foundryvtt.nix
@@ -1,4 +1,6 @@
-{config, ...}: {
+{...}: {
+  sops.secrets.foundry-username = {};
+  sops.secrets.foundry-password = {};
   virtualisation.oci-containers.containers.foundryvtt = {
     image = "felddy/foundryvtt:release";
     volumes = [
diff --git a/modules/services/traefik.nix b/modules/services/traefik.nix
index 1ab0cf2..741484c 100644
--- a/modules/services/traefik.nix
+++ b/modules/services/traefik.nix
@@ -1,6 +1,6 @@
 {config, ...}: {
+  sops.secrets.cloudflare-api-key = {};
   networking.firewall.allowedTCPPorts = [80 443 8080];
-
   systemd.user.services.traefik.after = ["docker.service"];
   systemd.services.traefik = {
     environment = {
diff --git a/modules/sops.nix b/modules/sops.nix
index 29d8d5f..684e9fe 100644
--- a/modules/sops.nix
+++ b/modules/sops.nix
@@ -1,9 +1,6 @@
-{config, ...}: {
+{...}: {
   sops = {
     defaultSopsFile = ../secrets/secrets.yaml;
     age.keyFile = "/home/notoh/.config/sops/age/keys.txt";
-    secrets.foundry-username = {};
-    secrets.foundry-password = {};
-    secrets.cloudflare-api-key = {};
   };
 }