diff --git a/modules/servers/keycloak.nix b/modules/servers/keycloak.nix
index b172128..2aab379 100644
--- a/modules/servers/keycloak.nix
+++ b/modules/servers/keycloak.nix
@@ -16,17 +16,20 @@ in
       owner = "keycloak";
       group = "keycloak";
     };
+    sops.secrets."keycloak/db_password" = {
+      sopsFile = ../../secrets/secrets.yaml;
+      owner = "keycloak";
+      group = "keycloak";
+    };
     services.keycloak = {
       inherit (cfg) enable;
       database = {
         type = "postgresql";
-        host = config.my.postgresSocket;
+        host = "localhost";
+        createLocally = false;
         username = "keycloak";
         name = "keycloak";
-      };
-      initialAdmin = {
-        user = "admin";
-        passwordFile = config.sops.secrets."keycloak/admin_password".path;
+        passwordFile = config.sops.secrets."keycloak/db_password".path;
       };
       settings = {
         hostname = cfg.host;
@@ -35,7 +38,11 @@ in
         "http-enabled" = true;
         "http-port" = cfg.port;
         "proxy" = "edge";
-        "frontend-url" = cfg.url;
+      };
+    };
+    systemd.services.keycloak = {
+      serviceConfig = {
+        EnvironmentFile = config.sops.secrets."keycloak/admin_password".path;
       };
     };
     services.nginx.virtualHosts.${cfg.host} =