diff --git a/host/hamilton.nix b/host/hamilton.nix
index 7e83e88..f3f1b09 100644
--- a/host/hamilton.nix
+++ b/host/hamilton.nix
@@ -1,6 +1,7 @@
 {
   pkgs,
   lib,
+  config,
   ...
 }: let
   inherit (lib.strings) optionalString;
@@ -23,6 +24,15 @@ in {
   sops = {
     defaultSopsFile = ./secrets.yaml;
     age.keyFile = "/home/aftix/.local/persist/.config/sops/age/keys.txt";
+
+    secrets.gh_access_token = {};
+
+    templates.nixAccessTokens = {
+      mode = "0444";
+      content = ''
+        extra-access-tokens = github.com=${config.sops.placeholder.gh_access_token}
+      '';
+    };
   };
 
   my = {
@@ -59,6 +69,10 @@ in {
     '';
   };
 
+  nix.extraOptions = ''
+    !include ${config.sops.templates.nixAccessTokens.path}
+  '';
+
   environment = {
     systemPackages = with pkgs; [
       btrfs-progs
diff --git a/host/secrets.yaml b/host/secrets.yaml
index c3fc208..e8a2387 100644
--- a/host/secrets.yaml
+++ b/host/secrets.yaml
@@ -1,5 +1,6 @@
 backblaze_key_id: ENC[AES256_GCM,data:XTcodnmPdo6v3qIum4W+h8g80SzzOnX8dw==,iv:ktsvBUafzYGyk4RASxSO6iLh5Mbr6tS4WURlUYm5GaU=,tag:L6JuyAW880ZGVKpekYa4IA==,type:str]
 backblaze_application_key: ENC[AES256_GCM,data:IPww264yPPToRWwS0XaIaUOzhOcnlJyCEW0JvUWVfg==,iv:uhNZNrzkAahiqvMO2Ise4rBpEaNScu2gxnnqC0Bx9Rw=,tag:+apKUtlWIMjRi0Ffv+Ehdw==,type:str]
+gh_access_token: ENC[AES256_GCM,data:sk13zEkRavIFOY9xIsLI0PCfZFLhDyoORcjeloslGE/Xdbb+5WZBVO81jwGt0od0S6UYNLEVLnq7Eh7jCpufLvXwGk7Nf2Sn7jGiQbbZ/kTHRWrbg8s+GvMqDqaG,iv:3fvCpYuUXKkliK9BjnFlH8K1/MDujb3k2rNSGOCWLyI=,tag:zWoy1ZJn1w7NDLPzwa7eNw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -24,8 +25,8 @@ sops:
             RjhSaktPdEJ4RWJLaFNEYUp0UnBDdFUKPodmqC26uxy+e3ILWpEAhLhdsBLKe3Ex
             Z750N/XU26lCxZ9c+drILu57e/WitPx/sk6nodchDM0zD3+uRXnWng==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-08T19:40:47Z"
-    mac: ENC[AES256_GCM,data:3jx5CB4cfr1bfpOR2MYvhbrBH9jYwfeJg1n7ITCj2VX5Fikk2Y51Z03gWAdYgDHU3E8nBVYm6HGpILqDGgr4GSNF5jhv3EnDGjQdroh5PfjEBfQnO7NJV5dsEi4+XwFV+DCdgikCWtlCtIjwLX4cYE4j+5enRLl4n5DheX0+fwA=,iv:YHwjppHb4g+YTi5TffVPHbSeS4CWKOxW8ArUSTizvKI=,tag:Ye0o8c5wyQ2CTCkcHV1reQ==,type:str]
+    lastmodified: "2024-10-04T23:23:46Z"
+    mac: ENC[AES256_GCM,data:D6hgb6ZLyvULNoI7VzHnFAQyT18q8PGx0igXIfD4Gww6V2iU4D6kmOekOJFRagh0u2sc13umLgcgzFhZcfe6F2Elj935d8JDlrpb4N3XZY8xGTid1lcbiRFPt9TIUI13dYH3GeWQM8ulUyRYEMOZE6sDdilQd2o6L7iRUA4BDlk=,iv:XaM+2rlb+rH5rKxo2H5KinqSQqzMu/Whcyi8zusz8aM=,tag:4PIkc9kuPJmJaE5HIPaSsg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.9.0