diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 0000000..73a5868
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,5 @@
+creation_rules:
+  - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
+    key_groups:
+      - age:
+          - age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
diff --git a/secrets/caddy_reverse_proxy.yaml b/secrets/caddy_reverse_proxy.yaml
new file mode 100644
index 0000000..9ceabf1
--- /dev/null
+++ b/secrets/caddy_reverse_proxy.yaml
@@ -0,0 +1,22 @@
+#ENC[AES256_GCM,data:wyNRZzsDfae8R/ADyKc8w3Gx9mIQmx7yEEqWFCdhEtUTu5SPvQGwIB3zvV24Sk203jh4tA==,iv:mmPKoZVX241G6KvqbEMq/iqJDF7KVDOuF1kdanYgEgw=,tag:Uh8SxJHtESO+q97Xgp80Gg==,type:comment]
+forgejo: ENC[AES256_GCM,data:5XXkzc7U4/Fx9QtKPlB3BaF7STExgWz0RMpNxNEElF42Yh18pf6oV8O7cjhud4RiAi+y,iv:84F0WEzryK17RuAnix0EdXjfmA+ln9/ozPOlCRI65YA=,tag:ksRj3fXo3Bnd6zgd9vsSow==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhK1lrMkJlNmJwK3ZvSjhz
+            VnFQa2xMdEt0dU9pRlQxbWZIT09ObVI2cUNBCkx2UnBQOTFRYkhXR0pyWGgxdVIr
+            R3NvZDBTU3lIY3RHZkxKRDQzRWhmYUUKLS0tIDJtNFc2VzRNQVdxZ0kxME91Um9p
+            OTBPaGdUZ1ZueUlKMVlhOHBreFV6OVEKBhcqTTA9Vufnn/WAhR5zb08Nsn48zmD2
+            +bdJf+0B68Z57Q/47fNjvXclqLdDCWToTlIjOTnzVH2oXOWKQQxj6g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-06-13T05:31:48Z"
+    mac: ENC[AES256_GCM,data:J4oXHZeqH+h5Yq+wOzC0Bhx42/pS9hxeybeEtsWaymMgjKUbj4QpdF9mYXwRawp4juLrHIgGAypW0iFrgTkDpzY5AKrwN23CJQwxQtuCLkZXzm4QJ46fR60Rtf8Kx92wKpOaLknxa9k5L6nK0G7FU9m2afxPb5MsqH3o6WubVG8=,iv:49BL9vpS67SkhZbZlyjIl0Ip2MWwK5/tya/2O8mVXGE=,tag:9A08TsIP22nGNBMhmAGhrg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
diff --git a/system/modules/sops.nix b/system/modules/sops.nix
index 102bc9c..a2aa103 100644
--- a/system/modules/sops.nix
+++ b/system/modules/sops.nix
@@ -1,6 +1,6 @@
-{ pkgs, ... }:
+{ config, pkgs, ... }:
 let
-  owner = "tigor";
+  owner = config.profile.user.name;
 in
 {
   environment.systemPackages = with pkgs; [