diff --git a/services/go2rtc.nix b/services/go2rtc.nix
index 1f8cbc8..51669d9 100644
--- a/services/go2rtc.nix
+++ b/services/go2rtc.nix
@@ -6,24 +6,31 @@
 		virtualisation.oci-containers = {
 		  backend = "docker";
 		
+		  # Authelia
 		  containers."authelia" = {
-		    image = "authelia/authelia:latest";
-		    volumes = [
-		      "/home/fred/docker/authelia/config.yml:/config/config.yml:ro"
-		      "/home/fred/docker/authelia/secrets:/secrets:ro"
-		    ];
-		    ports = [ "9091:9091" ];
-		    extraOptions = "--restart unless-stopped";
+			image = "authelia/authelia:latest";
+			volumes = [
+			  "/home/fred/docker/authelia/config.yml:/config/config.yml:ro"
+			  "/home/fred/docker/authelia/secrets:/secrets:ro"
+			];
+			ports = [ "9091:9091" ];
+			extraOptions = "--restart unless-stopped";
 		  };
 		
+		  # Go2RTC
 		  containers."go2rtc" = {
-		    image = "blakeblackshear/go2rtc:latest";
-		    volumes = [
-		      "/home/fred/docker/go2rtc/config.yml:/config/config.yml:ro"
-		    ];
-		    ports = [ "1984:1984" ];
-		    extraOptions = "--restart unless-stopped";
+			image = "blakeblackshear/go2rtc:latest";
+			volumes = [
+			  "/home/fred/docker/go2rtc/config.yml:/config/config.yml:ro"
+			];
+			ports = [ "1984:1984" ];
+			extraOptions = "--restart unless-stopped";
 		  };
 		};
+		# Create directories for local secrets
+		systemd.tmpfiles.rules = [
+		  "d /home/fred/docker/authelia/secrets 0700 fred users -"
+		  "d /home/fred/docker/go2rtc 0755 fred users -"
+		];
 	};
 }