diff --git a/nixos/hosts/hades/default.nix b/nixos/hosts/hades/default.nix
index 731d29a..737ea04 100644
--- a/nixos/hosts/hades/default.nix
+++ b/nixos/hosts/hades/default.nix
@@ -180,7 +180,6 @@
     hostname = "mastodon";
     ip = "192.168.0.138";
     mac = "52:60:8a:06:86:9c";
-    nix = false;
   }
   {
     hostname = "lidarr";
diff --git a/nixos/hosts/hades/mastodon/configuration.nix b/nixos/hosts/hades/mastodon/configuration.nix
index b695802..20d39db 100644
--- a/nixos/hosts/hades/mastodon/configuration.nix
+++ b/nixos/hosts/hades/mastodon/configuration.nix
@@ -14,7 +14,17 @@ in {
     package = pkgs.elasticsearch7;
   };
 
-  vault-secrets.secrets.mastodon = { };
+  vault-secrets.secrets.mastodon = {
+    services = [ "mastodon-init-dirs" "mastodon" ];
+  };
+
+  # Append the init-dirs script to add AWS/Minio secrets
+  systemd.services.mastodon-init-dirs.script = ''
+    cat >> /var/lib/mastodon/.secrets_env <<EOF
+    AWS_ACCESS_KEY_ID="$(cat ${vs.mastodon}/awsAccessKeyId)"
+    AWS_SECRET_ACCESS_KEY="$(cat ${vs.mastodon}/awsSecretAccessKey)"
+    EOF
+  '';
 
   services.mastodon = {
     enable = true;
@@ -72,8 +82,6 @@ in {
       S3_ENABLED = "true";
       S3_BUCKET = "mastodon";
       S3_PROTOCOL = "https";
-      AWS_ACCESS_KEY_ID = secrets.awsAccessKey;
-      AWS_SECRET_ACCESS_KEY = secrets.awsSecretKey;
       S3_HOSTNAME = "o.xirion.net";
       S3_ENDPOINT = "https://o.xirion.net/";
     };
diff --git a/nixos/pkgs/glitch-soc/default.nix b/nixos/pkgs/glitch-soc/default.nix
index 128651b..1f48ccc 100644
--- a/nixos/pkgs/glitch-soc/default.nix
+++ b/nixos/pkgs/glitch-soc/default.nix
@@ -52,6 +52,7 @@ stdenv.mkDerivation rec {
 
     buildPhase = ''
       export HOME=$PWD
+      export NODE_OPTIONS=--openssl-legacy-provider
       fixup_yarn_lock ~/yarn.lock
       yarn config --offline set yarn-offline-mirror ${yarnOfflineCache}
       yarn install --offline --frozen-lockfile --ignore-engines --ignore-scripts --no-progress