diff --git a/configuration.nix b/configuration.nix
index eb0e65a..edfb26c 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -56,6 +56,7 @@ in {
     (writeShellScriptBin "pufferpanel-nix" "pufferpanel --workDir /var/lib/pufferpanel $@")
     (writeShellScriptBin "nix-referrers" "nix-store --query --referrers $@")
     (writeShellScriptBin "silent-add" "git add --intent-to-add $@ ; git update-index --assume-unchanged $@")
+    (writeShellScriptBin "systemd-owner" "systemctl show -pUser,UID $@")
   ];
 
   environment.sessionVariables = {
diff --git a/modules/ptero.nix b/modules/ptero.nix
index c8486b5..b8026cc 100644
--- a/modules/ptero.nix
+++ b/modules/ptero.nix
@@ -15,6 +15,9 @@ in {
   };
   users.groups.${panel_user} = {};
 
+  age.secrets.ptero_env = {
+    file = ../secrets/ptero_env.age;
+  };
 
   systemd.services.init-ptero-data-dir = {
     description = "Create the pterodactyl panel data dir";
@@ -24,7 +27,9 @@ in {
     script =''
 mkdir -p ${DATA_DIR}/database
 mkdir -p ${DATA_DIR}/cache
-mkdir -p ${DATA_DIR}/panel
+mkdir -p ${DATA_DIR}/panel/var
+mkdir -p ${DATA_DIR}/panel/logs
+mkdir -p ${DATA_DIR}/panel/nginx
 chown ${panel_user}:${panel_user} -R ${DATA_DIR}
 chmod +777 -R ${DATA_DIR}
 '';
@@ -55,11 +60,10 @@ chmod +777 -R ${DATA_DIR}
     workdir = "${DATA_DIR}/database";
     extraOptions = [ "--pod=ptero" ];
     environment = {
-      "MYSQL_ROOT_PASSWORD" = "JMK1VmZDwoVAUhvClQ7DncOEw5B1XcKXwqERw45Cw4/CoMKKwqHCocKXwqZrwr9b";
       "MYSQL_USER" = "pterodactyl";
-      "MYSQL_PASSWORD" = "JMK1VmZDwoVAUhvClQ7DncOEw5B1XcKXwqERw45Cw4/CoMKKwqHCocKXwqZrwr9b";
       "MYSQL_DATABASE" = "panel";
     };
+    environmentFiles = [ config.age.secrets.ptero_env.path ];
     volumes = ["${DATA_DIR}/database:/var/lib/mysql" "${DATA_DIR}/database:${DATA_DIR}/database"];
     cmd=["--default-authentication-plugin=mysql_native_password"];
   };
@@ -92,7 +96,6 @@ chmod +777 -R ${DATA_DIR}
       "MAIL_PASSWORD" = "";
       "MAIL_ENCRYPTION" = "true";
 
-      "DB_PASSWORD" = "JMK1VmZDwoVAUhvClQ7DncOEw5B1XcKXwqERw45Cw4/CoMKKwqHCocKXwqZrwr9b";
       "APP_ENV"= "production";
       "APP_ENVIRONMENT_ONLY"= "false";
       "CACHE_DRIVER" = "redis";
@@ -105,6 +108,7 @@ chmod +777 -R ${DATA_DIR}
     labels = {
       "traefik.http.routers.pterodactyl_panel.entrypoints"="web";
     };
+    environmentFiles = [ config.age.secrets.ptero_env.path ];
   };
 
   security.acme.certs."${root_host}".extraDomainNames = [ ptero_host ];
diff --git a/secrets/ptero_env.age b/secrets/ptero_env.age
new file mode 100644
index 0000000..caa6e46
Binary files /dev/null and b/secrets/ptero_env.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 4c2cbef..f9a0752 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -14,4 +14,5 @@ in
   "matrix_mjolnir_pass.age".publicKeys = [ contabo_nix_pub ];
   "matrix_mjolnir_tle_pass.age".publicKeys = [ contabo_nix_pub ];
   "matrix_discord_bridge_token.age".publicKeys = [ contabo_nix_pub ];
+  "ptero_env.age".publicKeys = [ contabo_nix_pub ];
 }