diff --git a/modules/nixos/guests/opencloud/ceresOpenCloud/default.nix b/modules/nixos/guests/opencloud/ceresOpenCloud/default.nix
index f79373a..1529666 100755
--- a/modules/nixos/guests/opencloud/ceresOpenCloud/default.nix
+++ b/modules/nixos/guests/opencloud/ceresOpenCloud/default.nix
@@ -53,6 +53,24 @@ in
             opencloud = {
               path = [ pkgs.inotify-tools ];
             };
+            # opencloud-copy-secrets = {
+            #   description = "Copy secrets from virtiofs to local filesystem";
+            #   before = [ "<fill me senpai>.service" ];
+            #   requiredBy = [ "<fill me senpai>.service" ];
+
+            #   serviceConfig = {
+            #     Type = "oneshot";
+            #     RemainAfterExit = true;
+            #   };
+
+            #   script = ''
+            #     mkdir -p /etc/opencloud-secrets
+            #     cp /run/secrets/projectenv /etc/opencloud-secrets/env
+            #     chmod 755 /etc/opencloud-secrets
+            #     chmod 644 /etc/opencloud-secrets/*
+            #   '';
+            # };
+
           };
           network = {
             enable = true;
@@ -126,7 +144,6 @@ in
               source = "${serviceCfg.mntPaths.path0}/config";
               tag = "${serviceCfg.name}_config";
             }
-
             {
               mountPoint = "/run/secrets";
               proto = "virtiofs";
@@ -175,6 +192,8 @@ in
   systemd = {
     tmpfiles.rules = [
       "d ${serviceCfg.mntPaths.path0} 0751 microvm wheel - -"
+      "d ${serviceCfg.mntPaths.path0}/data 0751 microvm wheel - -"
+      "d ${serviceCfg.mntPaths.path0}/config 0751 microvm wheel - -"
     ];
   };