diff --git a/flake.lock b/flake.lock
index 00d7fa5..bdc7cdf 100644
--- a/flake.lock
+++ b/flake.lock
@@ -387,11 +387,11 @@
         "nixpkgs": "nixpkgs_5"
       },
       "locked": {
-        "lastModified": 1762540987,
-        "narHash": "sha256-SqE+KPd8N9Fef7u7lOXMayI6VB7lflop7KIwPg0jui4=",
+        "lastModified": 1762643722,
+        "narHash": "sha256-pDwGVYN6i/5uY4p/RXcQ5EKEv386JrkykxSvwoRHp5E=",
         "ref": "refs/heads/master",
-        "rev": "9e68e5dfdad75a5be8e95efce24d9b4708589dd2",
-        "revCount": 148,
+        "rev": "489860d74b0a1550549b06230ff3e5a609de52b5",
+        "revCount": 149,
         "type": "git",
         "url": "ssh://git@github.com/TheWanderingCrow/nix-secrets"
       },
diff --git a/modules/services/trilium/default.nix b/modules/services/trilium/default.nix
index a64f141..6a71099 100644
--- a/modules/services/trilium/default.nix
+++ b/modules/services/trilium/default.nix
@@ -2,14 +2,50 @@
   lib,
   config,
   pkgs,
+  inputs,
   ...
-}: {
+}:
+let
+  sopsFolder = builtins.toString inputs.nix-secrets + "/sops";
+
+  customTriliumModule = builtins.fetchurl {
+    url = "https://raw.githubusercontent.com/TheWanderingCrow/nixpkgs/refs/heads/update-trilium-server/nixos/modules/services/web-apps/trilium.nix";
+    sha256 = "sha256:1y4xqwf011lkjzpn5ygmdn7chbwshha16h53hwydlx76avzsmd8j";
+  };
+in
+{
+  disabledModules = [
+    "${inputs.nixpkgs}/nixos/modules/services/web-apps/trilium.nix"
+  ];
+  imports = [
+    customTriliumModule
+  ];
+
+  sops.secrets = {
+    "trilium/oidc/id" = {
+      sopsFile = "${sopsFolder}/services.yaml";
+    };
+    "trilium/oidc/secret" = {
+      sopsFile = "${sopsFolder}/services.yaml";
+    };
+  };
+
+  sops.templates."trilium-secrets".content = ''
+    TRILIUM_OAUTH_ISSUER_BASE_URL=https://auth.wanderingcrow.net/.well-known/openid-configuration
+    TRILIUM_OAUTH_BASE_URL=https://notes.wanderingcrow.net
+    TRILIUM_OAUTH_CLIENT_ID=${config.sops.placeholder."trilium/oidc/id"}
+    TRILIUM_OAUTH_CLIENT_SECRET=${config.sops.placeholder."trilium/oidc/secret"}
+    TRILIUM_OAUTH_ISSUER_NAME=Pocket ID
+    TRILIUM_OAUTH_ISSUER_ICON=https://auth.wanderingcrow.net/api/application-images/favicon
+  '';
+
   services = {
     trilium-server = {
       enable = true;
       package = pkgs.trilium-next-server;
       instanceName = "WanderingCrow";
       port = 8090;
+      environmentFile = config.sops.templates."trilium-secrets".path;
     };
 
     caddy = {