diff --git a/roles/traefik.nix b/roles/traefik.nix
index cfbf8fe..9fda20f 100644
--- a/roles/traefik.nix
+++ b/roles/traefik.nix
@@ -37,26 +37,26 @@
         in
         {
           sops.secrets = {
-            "traefik.acmeEmail" = {
+            "traefik/acmeEmail" = {
               owner = "traefik";
-              format = "dotenv";
+              # format = "dotenv";
             };
-            "traefik.CLOUDFLARE_EMAIL" = {
+            "traefik/CLOUDFLARE_EMAIL" = {
               owner = "traefik";
-              format = "dotenv";
+              # format = "dotenv";
             };
-            "traefik.CLOUDFLARE_DNS_API_TOKEN" = {
+            "traefik/CLOUDFLARE_DNS_API_TOKEN" = {
               owner = "traefik";
-              format = "dotenv";
+              # format = "dotenv";
             };
           };
 
           services.traefik = {
             enable = true;
             environmentFiles = [
-              config.sops.secrets."traefik.acmeEmail".path
-              config.sops.secrets."traefik.CLOUDFLARE_EMAIL".path
-              config.sops.secrets."traefik.CLOUDFLARE_DNS_API_TOKEN".path
+              config.sops.secrets."traefik/acmeEmail".path
+              config.sops.secrets."traefik/CLOUDFLARE_EMAIL".path
+              config.sops.secrets."traefik/CLOUDFLARE_DNS_API_TOKEN".path
             ];
 
             staticConfigOptions = {
diff --git a/utils.nix b/utils.nix
index 02bcbd3..ca01167 100644
--- a/utils.nix
+++ b/utils.nix
@@ -26,6 +26,7 @@
           { ... }:
           {
             sops.defaultSopsFile = ./secrets + "/${hostConfig.hostname}.yaml";
+            sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
             # Disable automatic pgp key generation based on ssh keys
             sops.gnupg.sshKeyPaths = [ ];