diff --git a/config/users.nix b/config/users.nix
index 0fc67aa..8fc973a 100644
--- a/config/users.nix
+++ b/config/users.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, fn, pkgs, ... }:
 
 with lib;
 
@@ -43,6 +43,10 @@ let
      };
    };
 in {
+  sops.secrets = (fn.sopsHelper
+    (user: "users/${user.name}/password")
+    config.machine.administrators
+    { neededForUsers = true; });
   users = {
     mutableUsers = false;
     users = listToAttrs (map administrators config.machine.administrators);
diff --git a/machines/Lilim/sops.nix b/machines/Lilim/sops.nix
index 6dd02ef..85c8b25 100644
--- a/machines/Lilim/sops.nix
+++ b/machines/Lilim/sops.nix
@@ -7,7 +7,5 @@
       keyFile = "/var/lib/sops-nix/key.txt";
       generateKey = true;
     };
-    # TODO: auto loop over users
-    secrets."users/derped/password".neededForUsers = true;
   };
 }