diff --git a/hosts/homelab/home-assistant.nix b/hosts/homelab/home-assistant.nix
index 17ae55e..0b71526 100644
--- a/hosts/homelab/home-assistant.nix
+++ b/hosts/homelab/home-assistant.nix
@@ -17,6 +17,13 @@ in {
     mosquitto-zigbee2mqtt.rekeyFile = ../../secrets/hosts/homelab/mosquitto-zigbee2mqtt.age;
     mosquitto-sas.rekeyFile = ../../secrets/hosts/homelab/mosquitto-sas.age;
     mosquitto-ha.rekeyFile = ../../secrets/hosts/homelab/mosquitto-ha.age;
+    hassSecrets = {
+      rekeyFile = ../../secrets/hosts/homelab/hass.yaml.age;
+      path = "${config.services.home-assistant.configDir}/secrets.yaml";
+      mode = "400";
+      owner = "hass";
+      group = "hass";
+    };
   };
 
   networking.firewall.allowedTCPPorts = [
@@ -56,8 +63,8 @@ in {
 
     home-assistant = {
       enable = true;
-      package = pkgsUnstable.home-assistant;
-      customComponents = with pkgsUnstable.home-assistant-custom-components; [
+      package = pkgs.home-assistant;
+      customComponents = with pkgs.home-assistant-custom-components; [
         adaptive_lighting
         sleep_as_android
         (pkgs.buildHomeAssistantComponent rec {
@@ -86,9 +93,9 @@ in {
       config = {
         homeassistant = {
           name = "Home";
-          latitude = "56.2";
-          longitude = "10.2";
-          elevation = "0";
+          latitude = "!secret latitude";
+          longitude = "!secret longitude";
+          elevation = "!secret elevation";
           unit_system = "metric";
           time_zone = "Europe/Copenhagen";
         };
@@ -102,7 +109,7 @@ in {
             "127.0.0.1"
             "::1"
           ];
-          base_url = "https://ha.nickolaj.com";
+          # base_url = "https://ha.nickolaj.com";
         };
 
         automation = "!include automations.yaml";
diff --git a/secrets/hosts/homelab/.rekey/89aac8fd4d365506669c2d35e6d3abc5-hassSecrets.age b/secrets/hosts/homelab/.rekey/89aac8fd4d365506669c2d35e6d3abc5-hassSecrets.age
new file mode 100644
index 0000000..79e50f8
--- /dev/null
+++ b/secrets/hosts/homelab/.rekey/89aac8fd4d365506669c2d35e6d3abc5-hassSecrets.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 uxq+Zw reTHDLwj8jaI7giq5hw77+cvVurKP2vR8KeonjAJ+nY
+Pe6Df2WQawEnCp5GVCzegzEJaK868bhwZm2hEEwAc/I
+-> 6`Rk-grease K=O ttrh.^ [o4vdGR
+9xDUT+18cwMzzTgWlQzWBAniL9GAv+e4rmhwu3Vdwdh/mBeXJdfgEMxTqyRZk9TX
+BSW+CifV9iGZXmYm9b+NzKwWJUQ
+--- /NXPE/9QIghJoaXFNtmPMvs78dD2RdXbDWiBnwgXIzo
+����e���r��12�G��� �[�sM[#�ԝ��,��I<���*~a��Y�vYX��OQ��K�:�#g&:��m�H���K�Ƿ
�EZ�-��pj����!�]
\ No newline at end of file
diff --git a/secrets/hosts/homelab/hass.yaml.age b/secrets/hosts/homelab/hass.yaml.age
new file mode 100644
index 0000000..8bb8ad4
Binary files /dev/null and b/secrets/hosts/homelab/hass.yaml.age differ