diff --git a/flake.lock b/flake.lock
index a80e1b1..dcd4a81 100644
--- a/flake.lock
+++ b/flake.lock
@@ -216,11 +216,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1714430505,
-        "narHash": "sha256-SSJQ/KOy8uISnoZgqDoRha7g7PFLSFP/BtMWm0wUz8Q=",
+        "lastModified": 1714203603,
+        "narHash": "sha256-eT7DENhYy7EPLOqHI9zkIMD9RvMCXcqh6gGqOK5BWYQ=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "f8e6694edabe4aaa7a85aac47b43ea5d978b116d",
+        "rev": "c1609d584a6b5e9e6a02010f51bd368cb4782f8e",
         "type": "github"
       },
       "original": {
@@ -317,11 +317,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1714273701,
-        "narHash": "sha256-bmoeZ5zMSSO/e8P51yjrzaxA9uzA3SZAEFvih6S3LFo=",
+        "lastModified": 1713869268,
+        "narHash": "sha256-o3CMQeu/S8/4zU0pMtYg51rd1FWdJsI2Xohzng1Ysdg=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "941c4973c824509e0356be455d89613611f76c8a",
+        "rev": "dcb6ac44922858ce3a5b46f77a36d6030181460c",
         "type": "github"
       },
       "original": {
@@ -332,11 +332,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1714253743,
-        "narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=",
+        "lastModified": 1714076141,
+        "narHash": "sha256-Drmja/f5MRHZCskS6mvzFqxEaZMeciScCTFxWVLqWEY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "58a1abdbae3217ca6b702f03d3b35125d88a2994",
+        "rev": "7bb2ccd8cdc44c91edba16c48d2c8f331fb3d856",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index b25b850..9dcbbae 100644
--- a/flake.nix
+++ b/flake.nix
@@ -67,7 +67,6 @@
         # thinkpad = self.nixosConfigurations.thinkpad.config.system.build.toplevel;
         jmri = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/jmri { };
         adguardian-term = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/adguardian-term { };
-        matrix-authentication-service = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/matrix-authentication-service { };
         pww = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/pww { };
         gnome-break-timer = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/gnome-break-timer { };
         hashcash-milter = nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/hashcash-milter { };
diff --git a/hosts/nuc/modules/seafile/default.nix b/hosts/nuc/modules/seafile/default.nix
index 44833ba..0ec6ef0 100644
--- a/hosts/nuc/modules/seafile/default.nix
+++ b/hosts/nuc/modules/seafile/default.nix
@@ -3,6 +3,11 @@ let
   domain = "seafile.${config.networking.domain}";
 in
 {
+  age.secrets."seafile/oidc-secret" = {
+    file = ../../../../secrets/nuc/seafile/oidc-secret.age;
+    mode = "0440";
+    group = "seafile";
+  };
   services.seafile = {
     enable = true;
     adminEmail = "admin@rfive.de";
@@ -15,7 +20,7 @@ in
       OAUTH_ENABLE_INSECURE_TRANSPORT = True
 
       OAUTH_CLIENT_ID = "seafile"
-      with open('/var/lib/seafile/.oidcSecret') as f:
+      with open('${config.age.secrets."seafile/oidc-secret".path}') as f:
         OAUTH_CLIENT_SECRET = f.readline().rstrip()
       OAUTH_REDIRECT_URL = 'https://seafile.rfive.de/oauth/callback/'
  
diff --git a/pkgs/matrix-authentication-service/default.nix b/pkgs/matrix-authentication-service/default.nix
deleted file mode 100644
index 9f3feae..0000000
--- a/pkgs/matrix-authentication-service/default.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{ lib, rustPlatform, fetchFromGitHub }:
-rustPlatform.buildRustPackage rec {
-  pname = "matrix-authentication-service";
-  version = "0.9.0";
-
-  src = fetchFromGitHub {
-    owner = "matrix-org";
-    repo = pname;
-    rev = "v${version}";
-    hash = "sha256-e5JlkcSJ44iE+pVnGQpGiSNahxUcIFeaPyOjp9E3eD0=";
-  };
-  cargoLock = {
-    lockFile = "${src}/Cargo.lock";
-    outputHashes = {
-      "opa-wasm-0.1.0" = "sha256-f3IIln7BbN7NJiCVMgfoell/plzlqkSm4YYK7mqzKgw=";
-    };
-  };
-
-  meta = with lib;
-    {
-      description = "O.uth2.0 + OpenID Provider for Matrix Homeservers";
-      homepage = "https://github.com/matrix-org/matrix-authentication-service/blob/main/LICENSE";
-      license = with licenses; [ asl20 ];
-      maintainers = with maintainers; [ therealr5 ];
-      mainProgram = "mas-cli";
-    };
-}
-
-
diff --git a/secrets.nix b/secrets.nix
index f73f67b..8e11522 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -22,6 +22,7 @@ in
   "secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ];
   "secrets/nuc/keycloak/db.age".publicKeys = [ rouven nuc ];
   "secrets/nuc/cache.age".publicKeys = [ rouven nuc ];
+  "secrets/nuc/seafile/oidc-secret.age".publicKeys = [ rouven nuc ];
   "secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ];
   "secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ];
 
diff --git a/secrets/nuc/seafile/oidc-secret.age b/secrets/nuc/seafile/oidc-secret.age
new file mode 100644
index 0000000..07c0f6c
Binary files /dev/null and b/secrets/nuc/seafile/oidc-secret.age differ