diff --git a/files.nix b/files.nix
index 348c818..1e3d666 100644
--- a/files.nix
+++ b/files.nix
@@ -1,6 +1,16 @@
 { config, pkgs, ... }:
 let
   cfg = config.services.userdata;
+  dnsCredentialsTemplates = {
+    DIGITALOCEAN = "DO_AUTH_TOKEN=REPLACEME";
+    CLOUDFLARE = ''
+      CF_API_KEY=REPLACEME
+      CLOUDFLARE_DNS_API_TOKEN=REPLACEME
+      CLOUDFLARE_ZONE_API_TOKEN=REPLACEME
+    '';
+    DESEC = "DESEC_TOKEN=REPLACEME";
+  };
+  dnsCredentialsTemplate = dnsCredentialsTemplates.${cfg.dns.provider};
 in
 {
   systemd.tmpfiles.rules =
@@ -37,28 +47,16 @@ in
           rm -f /var/lib/nextcloud/db-pass
           rm -f /var/lib/nextcloud/admin-pass
         '';
-      cloudflareCredentials =
-        if cfg.dns.provider == "DIGITALOCEAN" then ''
-          mkdir -p /var/lib/cloudflare
-          chmod 0440 /var/lib/cloudflare
-          chown nginx:acmerecievers /var/lib/cloudflare
-          echo 'DO_AUTH_TOKEN=REPLACEME' > /var/lib/cloudflare/Credentials.ini
-          ${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
-          chmod 0440 /var/lib/cloudflare/Credentials.ini
-          chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
-        ''
-        else ''
-          mkdir -p /var/lib/cloudflare
-          chmod 0440 /var/lib/cloudflare
-          chown nginx:acmerecievers /var/lib/cloudflare
-          echo 'CF_API_KEY=REPLACEME' > /var/lib/cloudflare/Credentials.ini
-          echo 'CLOUDFLARE_DNS_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
-          echo 'CLOUDFLARE_ZONE_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
-          ${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
-          chmod 0440 /var/lib/cloudflare/Credentials.ini
-          chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
-        '';
-      resticCredentials = ''
+      cloudflareCredentials = ''
+        mkdir -p /var/lib/cloudflare
+        chmod 0440 /var/lib/cloudflare
+        chown nginx:acmerecievers /var/lib/cloudflare
+        echo '${dnsCredentialsTemplate}' > /var/lib/cloudflare/Credentials.ini
+        ${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
+        chmod 0440 /var/lib/cloudflare/Credentials.ini
+        chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
+      ''
+        resticCredentials = ''
         mkdir -p /root/.config/rclone
         chmod 0400 /root/.config/rclone
         chown root:root /root/.config/rclone