diff --git a/clanModules/dyndns/default.nix b/clanModules/dyndns/default.nix
index f22fda632..7e3e5d4ed 100644
--- a/clanModules/dyndns/default.nix
+++ b/clanModules/dyndns/default.nix
@@ -1,5 +1,4 @@
 {
-  inputs,
   config,
   pkgs,
   lib,
@@ -13,7 +12,7 @@ let
   # We dedup secrets if they have the same provider + base domain
   secret_id = opt: "${name}-${opt.provider}-${opt.domain}";
   secret_path =
-    opt: config.clan.core.facts.services."${secret_id opt}".secret."${secret_id opt}".path;
+    opt: config.clan.core.vars.generators."${secret_id opt}".files."${secret_id opt}".path;
 
   # We check that a secret has not been set in extraSettings.
   extraSettingsSafe =
@@ -49,11 +48,12 @@ let
   secret_generator = _: opt: {
     name = secret_id opt;
     value = {
-      secret.${secret_id opt} = { };
-      generator.prompt = "Dyndns passphrase for ${secret_id opt}";
-      generator.script = ''
-        echo "$prompt_value" > $secrets/${secret_id opt}
-      '';
+      share = true;
+      migrateFact = "${secret_id opt}";
+      prompts.${secret_id opt} = {
+        type = "hidden";
+        createFile = true;
+      };
     };
   };
 in
@@ -128,13 +128,12 @@ in
   };
 
   imports = [
-    #../nginx
-    inputs.clan-core.clanModules.nginx
+    ../nginx
   ];
 
   config = lib.mkMerge [
     (lib.mkIf (cfg.settings != { }) {
-      clan.core.facts.services = lib.mapAttrs' secret_generator cfg.settings;
+      clan.core.vars.generators = lib.mapAttrs' secret_generator cfg.settings;
 
       users.groups.${name} = { };
       users.users.${name} = {