diff --git a/systems/jeeves/docker/great_cloud_of_witnesses.nix b/systems/jeeves/docker/great_cloud_of_witnesses.nix
index 97c9e4a..2113c36 100644
--- a/systems/jeeves/docker/great_cloud_of_witnesses.nix
+++ b/systems/jeeves/docker/great_cloud_of_witnesses.nix
@@ -1,6 +1,10 @@
 let
   vars = import ../vars.nix;
 in
+{
+  config,
+  ...
+}:
 {
   virtualisation.oci-containers.containers.great_cloud_of_witnesses = {
     image = "ubuntu/apache2:2.4-22.04_beta";
@@ -13,4 +17,18 @@ in
     extraOptions = [ "--network=web" ];
     autoStart = true;
   };
+
+  sops.secrets.gcw_password = {
+    sopsFile = ../../../users/secrets.yaml;
+    neededForUsers = true;
+  };
+
+  users = {
+    users.gcw = {
+      isSystemUser = true;
+      hashedPasswordFile = "${config.sops.secrets.gcw_password.path}";
+      group = "gcw";
+    };
+    groups.gcw = { };
+  };
 }