diff --git a/machines/deneb/configuration.nix b/machines/deneb/configuration.nix
index d65ac81..97022f9 100644
--- a/machines/deneb/configuration.nix
+++ b/machines/deneb/configuration.nix
@@ -24,12 +24,15 @@ in
         group = "nginx";
         secret = true;
       };
+      adminPassword.secret = true;
     };
-    runtimeInputs = [
-      pkgs.openssl
+    runtimeInputs = with pkgs; [
+      openssl
+      xkcdpass
     ];
     script = ''
       openssl req -x509 -newkey rsa:4096 -keyout $out/sslCertificateKey -out $out/sslCertificate -sha256 -days 3650 -nodes -subj "/C=TH/ST=ChiangMai/L=ChiangMai/O=kurogeek/CN=kurogeek.home" 
+      xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/adminPassword
     '';
   };
 
@@ -37,7 +40,7 @@ in
     enable = true;
     project = "poyerp";
     gunicorn_workers = 2;
-    adminPassword = builtins.toFile "admin-pass" "qwer123";
+    adminPassword = config.clan.core.vars.generators.frappix.files.adminPassword.path;
     apps = [
       pkgs.frappix.erpnext
     ];