diff --git a/profiles/servers/webhooks.nix b/profiles/servers/webhooks.nix
index 86b32e1..64ef25d 100644
--- a/profiles/servers/webhooks.nix
+++ b/profiles/servers/webhooks.nix
@@ -4,14 +4,28 @@ let
     name = "blog-hook";
     runtimeInputs = with pkgs; [ git hugo openssh go ];
     text = ''
-      git pull
+      if [ ! -d ".git" ]; then
+        git init -b master && \
+            git remote add origin https://code.ataraxiadev.com/AtaraxiaDev/ataraxiadev-blog.git && \
+            git fetch && \
+            git symbolic-ref refs/remotes/origin/HEAD refs/remotes/origin/master && \
+            git reset --hard origin/master && \
+            git branch --set-upstream-to=origin/master
+      else
+        git fetch origin master
+        git reset --hard origin/master
+      fi
       hugo -d ../docroot
     '';
   };
 in {
-  sops.secrets.webhook-blog.sopsFile = inputs.self.secretsDir + /home-hypervisor/webhooks.yaml;
-  sops.secrets.webhook-blog.owner = "webhook";
-  sops.secrets.webhook-blog.restartUnits = [ "webhook.service" ];
+  sops.secrets.webhook-env.sopsFile = inputs.self.secretsDir + /home-hypervisor/webhooks.yaml;
+  sops.secrets.webhook-env.owner = "webhook";
+  sops.secrets.webhook-env.restartUnits = [ "webhook.service" ];
+
+  systemd.tmpfiles.rules = [
+    "d /srv/http/ataraxiadev.com/gitrepo 0755 webhook acme -"
+  ];
 
   persist.state.directories = [ "/var/lib/webhook" ];
 
@@ -23,7 +37,7 @@ in {
     home = "/var/lib/webhook";
   };
 
-  systemd.services.webhook.serviceConfig.EnvironmentFile = config.sops.secrets.webhook-blog.path;
+  systemd.services.webhook.serviceConfig.EnvironmentFile = config.sops.secrets.webhook-env.path;
   services.webhook = {
     enable = true;
     port = 9510;
diff --git a/secrets/home-hypervisor/webhooks.yaml b/secrets/home-hypervisor/webhooks.yaml
index a8c2d5f..36507bd 100644
--- a/secrets/home-hypervisor/webhooks.yaml
+++ b/secrets/home-hypervisor/webhooks.yaml
@@ -1,12 +1,12 @@
-webhook-blog: ENC[AES256_GCM,data:0y0fdUR4Ci/TIYhpRMpz6PGWi0UDka1m6z4/SnGU3ln9WpreOVvvuQMIA2bzohDwAV1BI00jXR+llH/3lFOSbSgVGY9th5uNWivGSewvjqZm,iv:lMX32BcOdZXft51IMSETQodFlYak1jqDchuVEPPxU1o=,tag:c73y1Vd61K0Vqiep3siVhw==,type:str]
+webhook-env: ENC[AES256_GCM,data:memezKRp3paJLFQdjx4GVy8Kp3+W2SGKvu7TWMJyi6WNKdxXPEYi2dvH6w/5jwWQfua6SI6MzjPJ6uVMJYBgzUedzEV8T6I/htJDAXiPXPBz/feSQAOMZvsecxAMA6XHP5C0I0Yy+ehILXa3rpBNsF4eV69bzS5kJZ2oDQBB5BH4vb/RRHJUgoIR1+BRVDI9mEQ3AzX7+Tdix+hLhXVtYVJ/JPo=,iv:9BcKyFJOzXTyQ0RNeYjKnpZKLbDn8fMPmpJOCuSwiY4=,tag:i6iGl8I6oaMArGgsMNeJPw==,type:str]
 sops:
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-01-21T19:26:05Z"
-    mac: ENC[AES256_GCM,data:iRKh4faThFId7VBi1D2k0oUjmSDMA1BWGiVcRUWyknzT1rbZJ1Tk/sT6LgQciiDU/wKLOJG0VMB3A4bRZgJ/HebCFqox2iPWtConQ8GMhOLSp/zrLuzvrrtsJKX8LGcp2fukCS0/yWeDS/ZkSBqgzxNA/VZsTTM3Lzf2ExYAito=,iv:Jgtdr2h1rK34X4nJVr0YJG31WXO9hh0TS994T4TWMFQ=,tag:MtjgZsJB8lGzXwhFz/7rtQ==,type:str]
+    lastmodified: "2024-04-23T22:22:42Z"
+    mac: ENC[AES256_GCM,data:qUbprUKUZz9sLWzoIKTl0DRlCCBnIGpzUxHuqviyUMLItK1OY33nQzl71OcAol/bQ1YTvlrw6i1oHANGyMy4I2VySPGfhSnkAt+6mIgu2Zzx4ZpVr9iNZzt7sGkFw/EU+bJ2tfYMXf1Rk/te/P/gSbEDBavaohJxPh0tXJ/28LQ=,iv:FtwuC5NRWG0AoTdUUonEiVjeD8v/EJNENWX8k8Qdl3A=,tag:V2ovIMSH+pNbuPvTjSfAKg==,type:str]
     pgp:
         - created_at: "2024-01-21T19:25:51Z"
           enc: |-