diff --git a/flake.nix b/flake.nix
index 834a88e..f636dcf 100644
--- a/flake.nix
+++ b/flake.nix
@@ -79,6 +79,7 @@
               networking.hostName = "onlyoffice";
               services.vm_onlyoffice = {
                 enable = true;
+                pgsql_ip = pgsql_host;
               };
             }
           ];
diff --git a/secrets.nix b/secrets.nix
index 7ca541d..eb11d3d 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -1,16 +1,18 @@
 let
-  tbarnouin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxccGxdfOFXeEClqz3ULl94ubzaJnk4pUus+ek18G0B tbarnouin@nixos";
-  users     = [ tbarnouin ];
+  tbarnouin  = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxccGxdfOFXeEClqz3ULl94ubzaJnk4pUus+ek18G0B tbarnouin@nixos";
+  users      = [ tbarnouin ];
 
-  forgejo   = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2NAam+nseSCzJV/1UTyO2LgMjx0xT7/vTOOi5EG9HV root@forgejo-runner";
+  forgejo    = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2NAam+nseSCzJV/1UTyO2LgMjx0xT7/vTOOi5EG9HV root@forgejo-runner";
+  grafana    = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQxvO9vdd2f9aV4F3LEQrrTJaLwLvSLbLtjB9qNxc4z root@grafana";
+  onlyoffice = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQxvO9vdd2f9aV4F3LEQrrTJaLwLvSLbLtjB9qNxc4z root@grafana";
 
-  grafana   = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQxvO9vdd2f9aV4F3LEQrrTJaLwLvSLbLtjB9qNxc4z root@grafana";
-
-  systems   = [ forgejo grafana ];
+  systems    = [ forgejo grafana ];
 in
 {
   "secrets/initialPassword.age".publicKeys = users ++ systems;
-  "../services/grafana/secrets/grafana-db.age".publicKeys = [ tbarnouin grafana ];
-  "../services/grafana/secrets/kuma-token.age".publicKeys = [ tbarnouin grafana ];
+  "services/grafana/secrets/grafana-db.age".publicKeys = [ tbarnouin grafana ];
+  "services/grafana/secrets/kuma-token.age".publicKeys = [ tbarnouin grafana ];
+  "services/onlyoffice/secrets/office-dbpass.age".publicKeys  = [ tbarnouin onlyoffice ];
+  "services/onlyoffice/secrets/office-jwtpass.age".publicKeys = [ tbarnouin onlyoffice ];
 }
 
diff --git a/services/onlyoffice/default.nix b/services/onlyoffice/default.nix
index f8115c8..1e7e821 100644
--- a/services/onlyoffice/default.nix
+++ b/services/onlyoffice/default.nix
@@ -5,15 +5,16 @@ in
 {
   options.services.vm_onlyoffice = {
     enable = lib.mkEnableOption "Enable OnlyOffice service";
+    pgsql_ip = lib.mkEnableOption "Postgres database IP address";
   };
   config = lib.mkIf cfg.enable {
     services = {
       onlyoffice = {
         enable = true;
         hostname = "office.le43.eu";
-        port = "8000";
+        port = 8000;
         postgresName = "onlyoffice";
-        postgresHost = "${cfg.db_ip}";
+        postgresHost = "${cfg.pgsql_ip}";
         postgresUser = "onlyoffice";
         postgresPasswordFile = "/run/secrets/onlyoffice/office-dbpass";
         jwtSecretFile = "/run/secrets/onlyoffice/office-jwtpass";
diff --git a/services/onlyoffice/secrets/office-dbpass.age b/services/onlyoffice/secrets/office-dbpass.age
new file mode 100644
index 0000000..619e335
--- /dev/null
+++ b/services/onlyoffice/secrets/office-dbpass.age
@@ -0,0 +1,13 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBCVG1B
+RUtaTGRRQklZWTZqcGQwa2lOd0lEMDJDdnpYYVJwZHdGVG1veldrCmFDSGFOeHRD
+VDRRSCtJS2ZlS01ZRkFNeTkyWnJFaGVWajdQOFJKMU53STAKLT4gc3NoLWVkMjU1
+MTkgd25FVXB3IGpFRm9aSzFJK1BYTnZVU1R4cG0yakRTWGl1VXBtQkhUVXhGYngw
+bHJEa1kKcllxclNWb0FHazNOMWpQbW45MUs0ZjhWNTVsQWNSTTFCU0psWVZ4Q2RX
+YwotPiBbbVF2LWdyZWFzZQpldWFaOWpPZUMvQlh3aGNwZVErR3VtN0RRYmhveFZX
+NlEwNFAzY21qbDVPeFpOTWVwbzBPS1lGOXJwMXp1ZnNWCms1WjZCUXF3azJQamQr
+VDQ5eDl4aWFJN2pvK2lNb2x0d05HeS9NWVQzNVVhVFEwWkFlTkNGbmhaQmVVLzg2
+cnoKUFZNCi0tLSBmaG1zTWpaSDlLWmxjUDlQS0FDdlV3WHY1VTVLNEV2NjdOcDRX
+dUMvcVNvCpCNm1wYvouULKX0ykzzHtURSm73FR2pFsk3uXGO9fJqBb6CZFPwOkQu
+zy2u2HStrYc=
+-----END AGE ENCRYPTED FILE-----
diff --git a/services/onlyoffice/secrets/office-jwtpass.age b/services/onlyoffice/secrets/office-jwtpass.age
new file mode 100644
index 0000000..97da21d
--- /dev/null
+++ b/services/onlyoffice/secrets/office-jwtpass.age
@@ -0,0 +1,12 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyB4NnVr
+cHRPclQ5MFpkRVhDU3JwZFJ3TVFtZU5xMUhkb2NDUXU0MWhWYzNVCnk3c2UrdGpO
+cHZVUWljV2hpMFVoOEF1TTRBQ0RYQW1SWkFhNGswbm9GSG8KLT4gc3NoLWVkMjU1
+MTkgd25FVXB3IGtQUEVmcDRxK0hqMWIxcHRONDlQVDdFLzRBeUE1YjBvVWN3WURh
+NTR1emMKcm0rU0wza2JHaE5kb2FacURuZXE5eXlEeGlZRXZzQkhuVXVUd1BVRkNI
+dwotPiBvP2AwZyctZ3JlYXNlIEkgMFV3VktaQF4gfT5kJG4KTnVlNko3YmVsZVFD
+OGpnaHhaVTFoTUpjRHZyc2NqSlRCV1JoV29JVHA0Nm0zUWNJNU4vWFAyS2YrL1kK
+LS0tIEMzVVdyRW1GYzJnUGxHUVNGanlISjlpSW1mTkM3aFFyUGpVRWltZVZXWXcK
+fAPdPODCgOrgk2QcZC/ykTjbae7Dew+7QFC6oYvFxN/LmuJzkqdPUsnxsVR1gxy8
+TZU=
+-----END AGE ENCRYPTED FILE-----