diff --git a/services/onlyoffice/default.nix b/services/onlyoffice/default.nix
index 4131d19..5540e48 100644
--- a/services/onlyoffice/default.nix
+++ b/services/onlyoffice/default.nix
@@ -11,6 +11,16 @@ in
     };
   };
   config = lib.mkIf cfg.enable {
+    age.secrets = {
+      office-dbpass = {
+        file  = ./secrets/office-dbpass.age;
+        owner = "onlyoffice";
+      };
+      office-jwtpass = {
+        file  = ./secrets/office-jwtpass.age;
+        owner = "onlyoffice";
+      };
+    };
     services = {
       onlyoffice = {
         enable = true;
@@ -19,10 +29,10 @@ in
         postgresName = "onlyoffice";
         postgresHost = "${cfg.pgsql_ip}";
         postgresUser = "onlyoffice";
-        postgresPasswordFile = "/run/secrets/onlyoffice/office-dbpass";
-        jwtSecretFile = "/run/secrets/onlyoffice/office-jwtpass";
+        postgresPasswordFile = config.age.secrets.office-dbpass.path;
+        jwtSecretFile = config.age.secrets.office-jwtpass.path;
       };
     };
-    networking.firewall.allowedTCPPorts = [ 8000 ];
+    networking.firewall.allowedTCPPorts = [ 80 4369 5432 5672 6379 8000 8080 ];
   };
 }