diff --git a/rpi4.nix b/rpi4.nix
index 34b19ee..b8a40a4 100644
--- a/rpi4.nix
+++ b/rpi4.nix
@@ -32,11 +32,7 @@ in with builtins; {
     ./services/nextcloud.nix
   ];
 
-  age.secrets.cfdyndns = {
-    file = ./secrets/cfdyndns.age;
-    owner = "cfdyndns";
-    group = "cfdyndns";
-  };
+  age.secrets.cloudflare.file = ./secrets/cloudflare.age;
   age.secrets.hostKey.file = ./secrets/home-server/hostKey.age;
 
   nixpkgs.config.allowUnfree = true;
@@ -70,7 +66,7 @@ in with builtins; {
     use = "web";
     zone = "felschr.com";
     username = "felschr@pm.me";
-    passwordFile = config.age.secrets.cfdyndns.path;
+    passwordFile = config.age.secrets.cloudflare.path;
     domains = [
       "home.felschr.com"
       "cloud.felschr.com"
diff --git a/secrets/cfdyndns.age b/secrets/cloudflare.age
similarity index 100%
rename from secrets/cfdyndns.age
rename to secrets/cloudflare.age
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 6fb59d4..4c10931 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -21,7 +21,7 @@ in {
   "mqtt/tasmota.age".publicKeys = [ felschr home-pc home-server ];
   "mqtt/owntracks.age".publicKeys = [ felschr home-pc home-server ];
   "mqtt/owntracks-plain.age".publicKeys = [ felschr home-pc home-server ];
-  "cfdyndns.age".publicKeys = [ felschr home-pc home-server ];
+  "cloudflare.age".publicKeys = [ felschr home-pc home-server ];
   "owntracks/htpasswd.age".publicKeys = [ felschr home-pc home-server ];
   "etebase-server.age".publicKeys = [ felschr home-pc home-server ];
   "miniflux.age".publicKeys = [ felschr home-pc home-server ];
diff --git a/services/home-assistant.nix b/services/home-assistant.nix
index 2dff78d..f87fe18 100644
--- a/services/home-assistant.nix
+++ b/services/home-assistant.nix
@@ -120,5 +120,7 @@ in {
   age.secrets.hass-secrets = {
     file = ../secrets/hass/secrets.age;
     path = "/var/lib/hass/secrets.yaml";
+    owner = "hass";
+    group = "hass";
   };
 }
diff --git a/services/mosquitto.nix b/services/mosquitto.nix
index 4014ef4..6389820 100644
--- a/services/mosquitto.nix
+++ b/services/mosquitto.nix
@@ -9,7 +9,6 @@ let
   mkSecret = file: {
     inherit file;
     owner = "mosquitto";
-    group = "mosquitto";
   };
 in {
   age.secrets = {