diff --git a/config/portunus_seeds.json b/config/portunus_seeds.json
deleted file mode 100644
index a5908ae..0000000
--- a/config/portunus_seeds.json
+++ /dev/null
@@ -1,54 +0,0 @@
-{
-	"groups": [
-		{
-			"name": "admins",
-			"long_name": "Portunus Admins",
-			"members": ["admin"],
-			"permissions": {
-				"portunus": { "is_admin": true },
-				"ldap": { "can_read": true }
-			}
-		},
-		{
-			"name": "ifsr",
-			"long_name": "Mitglieder des ifsr",
-			"members": [],
-			"permissions": {
-				"portunus": { "is_admin": false },
-				"ldap": { "can_read": false }
-			}
-		},
-		{
-			"name": "strukturer",
-			"long_name": "Strukturer des ifsr",
-			"members": [],
-			"permissions": {
-				"portunus": { "is_admin": false },
-				"ldap": { "can_read": false }
-			}
-		},
-		{
-			"name": "search",
-			"long_name": "LDAP search group",
-			"members": ["search"],
-			"permissions": {
-				"portunus": { "is_admin": false },
-				"ldap": { "can_read": true }
-			}
-		}
-	],
-	"users": [
-		{
-			"login_name": "admin",
-			"given_name": "admin",
-			"family_name": "admin",
-			"password": { "from_command": ["/usr/bin/env", "cat", "/run/secrets/portunus/admin-password"] }
-		},
-		{
-			"login_name": "search",
-			"given_name": "search",
-			"family_name": "search",
-			"password": { "from_command": ["/usr/bin/env", "cat", "/run/secrets/portunus/search-password"] }
-		}
-	]
-}
diff --git a/modules/ldap/default.nix b/modules/ldap/default.nix
index 2f7ee21..3c60dde 100644
--- a/modules/ldap/default.nix
+++ b/modules/ldap/default.nix
@@ -1,6 +1,46 @@
 { config, lib, pkgs, ... }:
 let
   domain = "auth.${config.fsr.domain}";
+  seed = {
+    groups = [
+      {
+        name = "admins";
+        long_name = "Portunus Admin";
+        members = [ "admin" ];
+        permissions.portunus.is_admin = true;
+      }
+      {
+        name = "search";
+        long_name = "LDAP search group";
+        members = [ "search" ];
+        permissions.ldap.can_read = true;
+      }
+      {
+        name = "fsr";
+        long_name = "Mitglieder des iFSR";
+      }
+    ];
+    users = [
+      {
+        login_name = "admin";
+        given_name = "admin";
+        family_name = "admin";
+        password.from_command = [
+          "${pkgs.coreutils}/bin/cat"
+          config.sops.secrets."portunus/admin-password".path
+        ];
+      }
+      {
+        login_name = "search";
+        given_name = "search";
+        family_name = "search";
+        password.from_command = [
+          "${pkgs.coreutils}/bin/cat"
+          config.sops.secrets."portunus/search-password".path
+        ];
+      }
+    ];
+  };
 in
 {
   sops.secrets = {
@@ -22,7 +62,7 @@ in
     inherit domain;
     port = 8681;
     dex.enable = true;
-    seedPath = ../config/portunus_seeds.json;
+    seedPath = pkgs.writeText "portunus-seed.json" (builtins.toJSON seed);
 
     ldap = {
       suffix = "dc=ifsr,dc=de";