diff --git a/modules/nixos/services/forgejo/default.nix b/modules/nixos/services/forgejo/default.nix
index 9d556f9..fa7cd31 100644
--- a/modules/nixos/services/forgejo/default.nix
+++ b/modules/nixos/services/forgejo/default.nix
@@ -32,11 +32,9 @@ in
       services = {
         forgejo = {
           enable = true;
-          database.type = "postgres";
           lfs.enable = true;
           secrets = {
-            mailer.PASSWD = "/run/secrets/${serviceCfg.name}-smtp";
-            database.PASSWD = "/run/secrets/${serviceCfg.name}-database";
+            mailer.PASSWD = "/run/secrets/smtp";
           };
           dump = {
             interval = "5:00";
@@ -164,7 +162,7 @@ in
           {
             mountPoint = "/run/secrets";
             proto = "virtiofs";
-            source = "/run/secrets";
+            source = "/run/secrets/${serviceCfg.name}";
             tag = "host_secrets";
           }
         ];
@@ -173,7 +171,7 @@ in
   };
 
   systemd.tmpfiles.rules = [
-    "d ${serviceCfg.mntPaths.path0} 0755 root root -"
+    "d ${serviceCfg.mntPaths.path0} 0777 root root -"
   ];
 
   services.caddy.virtualHosts."${host}" = {
@@ -189,15 +187,13 @@ in
   };
 
   sops.secrets = {
-    "${serviceCfg.name}-smtp" = {
+    "${serviceCfg.name}/smtp" = {
       owner = "root";
       mode = "0600";
     };
-    "${serviceCfg.name}-database" = {
+    "${serviceCfg.name}/database" = {
       owner = "root";
       mode = "0600";
     };
-
   };
-
 }
diff --git a/modules/nixos/services/vaultwarden/default.nix b/modules/nixos/services/vaultwarden/default.nix
index ebdf53b..ec51021 100755
--- a/modules/nixos/services/vaultwarden/default.nix
+++ b/modules/nixos/services/vaultwarden/default.nix
@@ -57,7 +57,7 @@ in
           };
 
           # Environment file with secrets (mounted from host)
-          environmentFile = "/run/secrets/${serviceCfg.name}/env";
+          environmentFile = "/run/secrets/env";
         };
         openssh = {
           enable = true;
@@ -140,7 +140,7 @@ in
           {
             mountPoint = "/run/secrets";
             proto = "virtiofs";
-            source = "/run/secrets";
+            source = "/run/secrets/${serviceCfg.name}";
             tag = "host_secrets";
           }
         ];
@@ -171,7 +171,7 @@ in
   users.users.caddy.extraGroups = [ "acme" ];
 
   systemd.tmpfiles.rules = [
-    "d ${serviceCfg.mntPaths.path0} 0755 root root -"
+    "d ${serviceCfg.mntPaths.path0} 0777 root root -"
   ];
 
   sops.secrets = {
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index 04899ad..955fd7f 100755
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -14,8 +14,9 @@ peertube-database: ENC[AES256_GCM,data:nm0bHwTcT+ROZc2BC9jx+tXWjZ3689rdn4fdYW+7J
 peertube-redis: ENC[AES256_GCM,data:SQoPzPjgf4YN9dhvO0wo2DEra7cTgfZBx4vCBpNVSXI=,iv:mcCwYtE9E/Mb4V0j9NnU9WhaUMeBpX7BOcc8HGDiEvI=,tag:CsSiS4peZhnZ22uNtUC44w==,type:str]
 peertube-root: ENC[AES256_GCM,data:BR0pmqEYYJuDqK7fstyW/hvh8V1GQXVHP24iz2eDeho500IbWaMuDxkNQyfInmIfjC3YvfsHME3S,iv:EgaLKBHYrklF+q5jBPvGKFYJosZxFFMXElTcyKU0ypQ=,tag:PztyBdK5OzeEDvQi/yqRIg==,type:str]
 peertube-secret: ENC[AES256_GCM,data:Of4UsWGTXd+uzHE4XkxQOLKBbDd0sQHWQrLgxmn8C9bHgEB85ZnSqOe04IZ4chYKheuzBQ4Vg7pYfGFVBDjx8Q==,iv:cXuVrmQOEHtq7Q6+vzPXKdiuYjLx9hjsd3bCHpBQBqw=,tag:xL8us1XLJsdON/O+BG+xpQ==,type:str]
-forgejo-database: ENC[AES256_GCM,data:Stnd+vsoBDK0eLmfgaNaSdO6qY0vF1d0WgrAw1U451I=,iv:7CHPXUPXkTXP0GVqHPK3KavysbSOKuUhJ5EoeAh5Mp4=,tag:iqASITas49wrqCRN8TjLIQ==,type:str]
-forgejo-smtp: ENC[AES256_GCM,data:oCLcZWPHqEOZxrg7YHG9tdE5uNNkv68AEEWVzE1d/1U=,iv:vy30yl6R5zoL1PGwgd8fYPer2hqMi2ynQ8ErnPzZ7dU=,tag:YmqlOXksx2YBcITGeeWDWA==,type:str]
+forgejo:
+    database: ENC[AES256_GCM,data:KhwJNJdICaZpnouDecDQM/ShL60nzqzPuyTCO7reilJc,iv:LQord5Bkfhuq/13DqEk51EB+qtunWpJ+g5fFXbhXV90=,tag:TG/fsyXerdy+MEnsjBbuBg==,type:str]
+    smtp: ENC[AES256_GCM,data:rL1loo/yKrIPmZVpa6S8ka9lX2bwkgCNYRCZ1Np07ANp,iv:Si2sqBNlVQzi8rlfp8WQFUoyu4xJGfPYc9N6V6jrry4=,tag:SdPIRaiiIaHe1DnOxp1Y0Q==,type:str]
 discord-token: ENC[AES256_GCM,data:KnG6hy6X4WmOyHm7B/P0wfp99zZMWd/T+qnwx2z0QvgAtJSswG+5r1YQug8G8xbCF2gV1YfKIqcklNhnwW9x/JW4+IWN3Kib,iv:Rmeh5PKvl0DZJbZ+8xXpLRZZmZJw900b1LkHP7ldM0U=,tag:CgEMcuFpWpL/oAW3Ozc7Ww==,type:str]
 minecraft-pass: ENC[AES256_GCM,data:0natV6dEpItFp5zsUKqgVMZLLmqRLBEf,iv:Bc7RTXnpdec0wn25Rb7SkVTf5BjXzq3YCXcjwrC7V9k=,tag:Og5qN94G6pHdpIk6YDg1ZA==,type:str]
 vaultwarden:
@@ -60,7 +61,7 @@ sops:
             bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD
             aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-11-08T20:52:41Z"
-    mac: ENC[AES256_GCM,data:Hh8TQJH8MGbTFYbWiMfiAorvf4X7mN6Nnmm1lgGnahE5ZSMTZloIIWguDplroWTdgpLHtfSntbVzWozFL1PvGtcwUSEpfuGZ5HEDsBehPrdQ3MfulA7ClhBkx4GrJDmNoJSJlOpaSvA5R4Iwl/xO5+udHSB3DPleP/TZZndk4Ho=,iv:QNgZvvdYL/z9kVGRWoMJhBGSJi3gEBa8fBZeTnmGbrg=,tag:7muXvZcekqRnN8DSVxU2fw==,type:str]
+    lastmodified: "2025-11-09T09:28:13Z"
+    mac: ENC[AES256_GCM,data:JRE3egK93AnFH+d7MJIZ9a0URE2BV/BJIdfbAWZqdfhicOVYb3zg3iJ2EhLIQ2Nm6UnqZe/t27bveQ222orZ3XmD0K8afS+dakEhGy+TcdBuehUiKQ4WNn8cVmahBWc7cy/WaTY4l9L9YzD5N5v7gJgpPknMpdr6qyyzf+i1vj8=,iv:BVunX3YbWzxqPAScme/5RFka7Lyi6gjZ5miSky61kss=,tag:7ont6bHzZuAxHvctsnUN8A==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.11.0