diff --git a/hosts/bicep/services/git-mirrors/default.nix b/hosts/bicep/services/git-mirrors/default.nix
index 4ab5fe2..56129a7 100644
--- a/hosts/bicep/services/git-mirrors/default.nix
+++ b/hosts/bicep/services/git-mirrors/default.nix
@@ -1,5 +1,9 @@
-{ ... }:
+{ config, ... }:
 {
+  sops.secrets."gickup/github-token" = {
+    owner = "gickup";
+  };
+
   services.gickup = {
     enable = true;
 
@@ -13,7 +17,7 @@
 
     instances = let
       defaultGithubConfig = {
-        # settings.token_file = ...
+        settings.token_file = sops.secrets."gickup/github-token".path;
       };
       defaultGitlabConfig = {
         # settings.token_file = ...
@@ -28,11 +32,11 @@
       "github:yushijinhun/authlib-injector" = defaultGithubConfig;
       "github:Git-Mediawiki/Git-Mediawiki" = defaultGithubConfig;
 
-      "gitlab:mx-puppet/discord/better-discord.js" = defaultGitlabConfig;
-      "gitlab:mx-puppet/discord/matrix-discord-parser" = defaultGitlabConfig;
-      "gitlab:mx-puppet/discord/discord-markdown" = defaultGitlabConfig;
-      "gitlab:mx-puppet/discord/mx-puppet-discord" = defaultGitlabConfig;
-      "gitlab:mx-puppet/mx-puppet-bridge" = defaultGitlabConfig;
+      # "gitlab:mx-puppet/discord/better-discord.js" = defaultGitlabConfig;
+      # "gitlab:mx-puppet/discord/matrix-discord-parser" = defaultGitlabConfig;
+      # "gitlab:mx-puppet/discord/discord-markdown" = defaultGitlabConfig;
+      # "gitlab:mx-puppet/discord/mx-puppet-discord" = defaultGitlabConfig;
+      # "gitlab:mx-puppet/mx-puppet-bridge" = defaultGitlabConfig;
 
       "any:glibc" = {
         settings.url = "https://sourceware.org/git/glibc.git";
@@ -40,24 +44,24 @@
     };
   };
 
-  services.cgit = let
-    domain = "mirrors.pvv.ntnu.no";
-  in {
-    ${domain} = {
-      enable = true;
-      group = "gickup";
-      scanPath = "/var/lib/gickup";
-      settings = {
-        enable-commit-graph = true;
-        enable-follow-links = true;
-        enable-http-clone = true;
-        enable-remote-branches = true;
-        clone-url = "https://${domain}/$CGIT_REPO_URL";
-        remove-suffix = true;
-        root-title = "https://${domain}";
-        root-desc = "PVV's repository mirroring service";
-        snapshots = "all";
-      };
-    };
-  };
+  # services.cgit = let
+  #   domain = "mirrors.pvv.ntnu.no";
+  # in {
+  #   ${domain} = {
+  #     enable = true;
+  #     group = "gickup";
+  #     scanPath = "/var/lib/gickup";
+  #     settings = {
+  #       enable-commit-graph = true;
+  #       enable-follow-links = true;
+  #       enable-http-clone = true;
+  #       enable-remote-branches = true;
+  #       clone-url = "https://${domain}/$CGIT_REPO_URL";
+  #       remove-suffix = true;
+  #       root-title = "https://${domain}";
+  #       root-desc = "PVV's repository mirroring service";
+  #       snapshots = "all";
+  #     };
+  #   };
+  # };
 }
diff --git a/modules/gickup.nix b/modules/gickup.nix
index 5b88d1c..075d91a 100644
--- a/modules/gickup.nix
+++ b/modules/gickup.nix
@@ -183,10 +183,15 @@ in
           path = format.generate "gickup-configuration-${name}.yml" {
             destination.local = [ cfg.destinationSettings ];
             source.${instance.type} = [
-              ({
-                includeorgs = [ instance.owner ];
-                include = [ instance.repo ];
-              } // instance.settings)
+              (
+                (lib.optionalAttrs (instance.type != "any") {
+                  user = instance.owner;
+                  includeorgs = [ instance.owner ];
+                  include = [ instance.repo ];
+                })
+                //
+                instance.settings
+              )
             ];
           };
         }))
diff --git a/secrets/bicep/bicep.yaml b/secrets/bicep/bicep.yaml
index e3fe480..6e689c1 100644
--- a/secrets/bicep/bicep.yaml
+++ b/secrets/bicep/bicep.yaml
@@ -3,6 +3,8 @@ calendar-bot:
     mysql_password: ENC[AES256_GCM,data:Gqag8yOgPH3ntoT5TmaqJWv1j+si2qIyz5Ryfw5E2A==,iv:kQDcxnPfwJQcFovI4f87UDt18F8ah3z5xeY86KmdCyY=,tag:A1sCSNXJziAmtUWohqwJgg==,type:str]
 mysql:
     password: ENC[AES256_GCM,data:KqEe0TVdeMIzPKsmFg9x0X9xWijnOk306ycyXTm2Tpqo/O0F,iv:Y+hlQ8n1ZIP9ncXBzd2kCSs/DWVTWhiEluFVwZFKRCA=,tag:xlaUk0Wftk62LpYE5pKNQw==,type:str]
+gickup:
+    github-token: ENC[AES256_GCM,data:ICv6BP/kCrpx6qPCfdEeLK2NP/3iGmmv8hkHhHdwD1qyQb5g4NYBkm+OyRM4F75WUpg3j80x7I4k1vuSeVLzOldyIQ4uK00NQ58D8Ej/Wfm0ojMQM9g4Sr+6wyor,iv:TovZIU4Cs8nriYHXlCgnj3HV6c9F4A08xFOqrM3ls14=,tag:WwgM7z0ErREUvkafFK3AeQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -63,8 +65,8 @@ sops:
             cTh5bnJ3WW90aXRCSUp6NHFYeU1tZ0kK4afdtJwGNu6wLRI0fuu+mBVeqVeB0rgX
             0q5hwyzjiRnHnyjF38CmcGgydSfDRmF6P+WIMbCwXC6LwfRhAmBGPg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-08-15T21:18:33Z"
-    mac: ENC[AES256_GCM,data:uR5HgeDAYqoqB9kk1V6p0T30+v6WpQJi4+qIeCDRnoUPnQKUVR10hvBhICck+E+Uh8p+tGhM6Uf3YrAJAV0ZCUiNJjtwDJQQLUDT53vdOAXN4xADCQqNuhgVwVMaruoTheEiwOswRuhFeEwy0gBj3Ze2pu47lueHYclmEzumLeQ=,iv:t0UyXN2YaR2m7M/pV2wTLJG5wVfqTIUs7wSQMmyeTVw=,tag:O7dIffzrDAXz3kGx5uazhw==,type:str]
+    lastmodified: "2025-05-07T20:27:27Z"
+    mac: ENC[AES256_GCM,data:8K+epmSfXj8kne76KieVETzcinH/csyGRKIclGq0woKlSW/U6F8vhaRMQzw3Jvp/aCYYj0N5evmNsVwufgUmvBFovZ/aJ9wZXHRBrwBm9cqLxpb/inA5uB9adOQYXC6JF3RjqA/eKmXMLIuRck9WL65vB5XPny8iOZcgHJ/415w=,iv:21hG0/Ypy4EFWu4VjIgodQa7hFHyFuPSSSJtlIuLqJ8=,tag:I1d+p1V/ByJN+0pY76kOeQ==,type:str]
     pgp:
         - created_at: "2024-08-04T00:03:40Z"
           enc: |-
@@ -87,4 +89,4 @@ sops:
             -----END PGP MESSAGE-----
           fp: F7D37890228A907440E1FD4846B9228E814A2AAC
     unencrypted_suffix: _unencrypted
-    version: 3.9.0
+    version: 3.9.4