diff --git a/systems/x86_64-linux/sgx/firefly.nix b/systems/x86_64-linux/sgx/firefly.nix
index 4331f11..8a077b7 100644
--- a/systems/x86_64-linux/sgx/firefly.nix
+++ b/systems/x86_64-linux/sgx/firefly.nix
@@ -1,7 +1,9 @@
-{ config, ... }:
+{ config, pkgs, ... }:
 let
   domain = "firefly.hoyer.world";
   importDomain = "firefly-import.hoyer.world";
+  aqHome = "/var/lib/firefly-aqbanking";
+  inbox = "/var/lib/firefly-iii-data-importer/inbox";
   vhostBase = {
     enableACME = false;
     useACMEHost = "internal.hoyer.world";
@@ -9,11 +11,24 @@ let
   };
 in
 {
-  sops.secrets."firefly/app_key" = {
-    sopsFile = ../../../.secrets/sgx/firefly.yaml;
-    owner = "firefly-iii";
+  sops.secrets = {
+    "firefly/app_key" = {
+      sopsFile = ../../../.secrets/sgx/firefly.yaml;
+      owner = "firefly-iii";
+    };
+    "firefly/sparda_pin" = {
+      sopsFile = ../../../.secrets/sgx/firefly.yaml;
+      owner = "firefly-iii-data-importer";
+    };
   };
 
+  environment.systemPackages = [ pkgs.aqbanking ];
+
+  systemd.tmpfiles.rules = [
+    "d ${aqHome} 0700 firefly-iii-data-importer firefly-iii-data-importer -"
+    "d ${inbox}  0700 firefly-iii-data-importer firefly-iii-data-importer -"
+  ];
+
   services = {
     firefly-iii = {
       enable = true;