diff --git a/.gitignore b/.gitignore
index b511ae1..2093797 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 *.qcow2
+/result
diff --git a/roles/traefik.nix b/roles/traefik.nix
index 9fda20f..489af26 100644
--- a/roles/traefik.nix
+++ b/roles/traefik.nix
@@ -39,24 +39,27 @@
           sops.secrets = {
             "traefik/acmeEmail" = {
               owner = "traefik";
-              # format = "dotenv";
             };
             "traefik/CLOUDFLARE_EMAIL" = {
               owner = "traefik";
-              # format = "dotenv";
             };
             "traefik/CLOUDFLARE_DNS_API_TOKEN" = {
               owner = "traefik";
-              # format = "dotenv";
             };
           };
+          sops.templates."traefik.env" = {
+            owner = "traefik";
+            content = ''
+              acmeEmail="${config.sops.placeholder."traefik/acmeEmail"}"
+              CLOUDFLARE_EMAIL="${config.sops.placeholder."traefik/CLOUDFLARE_EMAIL"}"
+              CLOUDFLARE_DNS_API_TOKEN="${config.sops.placeholder."traefik/CLOUDFLARE_DNS_API_TOKEN"}"
+            '';
+          };
 
           services.traefik = {
             enable = true;
             environmentFiles = [
-              config.sops.secrets."traefik/acmeEmail".path
-              config.sops.secrets."traefik/CLOUDFLARE_EMAIL".path
-              config.sops.secrets."traefik/CLOUDFLARE_DNS_API_TOKEN".path
+              config.sops.templates."traefik.env".path
             ];
 
             staticConfigOptions = {