diff --git a/nix/systems/aarch64-linux/security.kaareskovgaard.net/post/openbao/default.nix b/nix/systems/aarch64-linux/security.kaareskovgaard.net/post/openbao/default.nix
index bbeb301..5bbb726 100644
--- a/nix/systems/aarch64-linux/security.kaareskovgaard.net/post/openbao/default.nix
+++ b/nix/systems/aarch64-linux/security.kaareskovgaard.net/post/openbao/default.nix
@@ -4,6 +4,7 @@
     ./ssh-host.nix
     ./loki-mtls.nix
     ./prometheus-mtls.nix
+    ./unix-users.nix
   ];
   khscodes.infrastructure.vault-server-approle.path = "\${ vault_auth_backend.approle.path }";
   khscodes.infrastructure.provisioning.post.modules = [
diff --git a/nix/systems/aarch64-linux/security.kaareskovgaard.net/post/openbao/unix-users.nix b/nix/systems/aarch64-linux/security.kaareskovgaard.net/post/openbao/unix-users.nix
new file mode 100644
index 0000000..ce8fc54
--- /dev/null
+++ b/nix/systems/aarch64-linux/security.kaareskovgaard.net/post/openbao/unix-users.nix
@@ -0,0 +1,14 @@
+{
+  khscodes.infrastructure.provisioning.post.modules = [
+    {
+      khscodes.vault.mount.unix-users = {
+        type = "kv";
+        path = "unix-users";
+        options = {
+          version = "2";
+        };
+        description = "Secrets used for forgejo";
+      };
+    }
+  ];
+}