diff --git a/configuration/nginx/ssl.nix b/configuration/nginx/ssl.nix
index 4cea508..7abc38e 100644
--- a/configuration/nginx/ssl.nix
+++ b/configuration/nginx/ssl.nix
@@ -64,5 +64,10 @@
         in
         ''${pkgs.runtimeShell} -c '${confirm}' '';
     };
+
+    sops.secrets = {
+      "porkbun/api-key".owner = "acme";
+      "porkbun/secret-api-key".owner = "acme";
+    };
   };
 }
diff --git a/configuration/services/backups.nix b/configuration/services/backups.nix
index 688f5f9..0ae8abf 100644
--- a/configuration/services/backups.nix
+++ b/configuration/services/backups.nix
@@ -265,5 +265,18 @@ in
       };
       groups.backup = { };
     };
+
+    sops.secrets = {
+      "restic/storagebox-backups" = {
+        owner = "root";
+        group = "backup";
+        mode = "0440";
+      };
+      "restic/storagebox-ssh-key" = {
+        owner = "backup";
+        group = "backup";
+        mode = "0040";
+      };
+    };
   };
 }
diff --git a/configuration/sops.nix b/configuration/sops.nix
index 0337438..a5b19f6 100644
--- a/configuration/sops.nix
+++ b/configuration/sops.nix
@@ -38,30 +38,12 @@
         group = "nextcloud";
       };
 
-      # Porkbub/ACME
-      "porkbun/api-key" = {
-        owner = "acme";
-      };
-      "porkbun/secret-api-key" = {
-        owner = "acme";
-      };
-
       # Restic
       "restic/local-backups" = {
         owner = "root";
         group = "backup";
         mode = "0440";
       };
-      "restic/storagebox-backups" = {
-        owner = "root";
-        group = "backup";
-        mode = "0440";
-      };
-      "restic/storagebox-ssh-key" = {
-        owner = "backup";
-        group = "backup";
-        mode = "0040";
-      };
 
       # Steam
       "steam/tlater" = { };
diff --git a/flake.lock b/flake.lock
index 705d87c..ad4903f 100644
--- a/flake.lock
+++ b/flake.lock
@@ -136,11 +136,11 @@
         "pyproject-nix": "pyproject-nix"
       },
       "locked": {
-        "lastModified": 1754978539,
-        "narHash": "sha256-nrDovydywSKRbWim9Ynmgj8SBm8LK3DI2WuhIqzOHYI=",
+        "lastModified": 1763413832,
+        "narHash": "sha256-dkqBwDXiv8MPoFyIvOuC4bVubAP+TlVZUkVMB78TTSg=",
         "owner": "nix-community",
         "repo": "dream2nix",
-        "rev": "fbec3263cb4895ac86ee9506cdc4e6919a1a2214",
+        "rev": "5658fba3a0b6b7d5cb0460b949651f64f644a743",
         "type": "github"
       },
       "original": {
@@ -356,11 +356,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1762868777,
-        "narHash": "sha256-QqS72GvguP56oKDNUckWUPNJHjsdeuXh5RyoKz0wJ+E=",
+        "lastModified": 1763319842,
+        "narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "c5c3147730384576196fb5da048a6e45dee10d56",
+        "rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761",
         "type": "github"
       },
       "original": {