diff --git a/build02/nixpkgs-update.nix b/build02/nixpkgs-update.nix
index 4114e74..0f834ae 100644
--- a/build02/nixpkgs-update.nix
+++ b/build02/nixpkgs-update.nix
@@ -183,7 +183,7 @@ in
 
   sops.secrets.nix-community-cachix = {
     path = "/home/r-ryantm/.config/cachix/cachix.dhall";
-    sopsFile = ../roles/nix-community-cache.yaml;
+    sopsFile = ../roles/nix-community-cache/secrets.yaml;
     owner = "r-ryantm";
     group = "r-ryantm";
   };
diff --git a/roles/nix-community-cache.yaml b/roles/nix-community-cache/secrets.yaml
similarity index 100%
rename from roles/nix-community-cache.yaml
rename to roles/nix-community-cache/secrets.yaml
diff --git a/services/hydra/default.nix b/services/hydra/default.nix
index 3103ded..dc5c0e6 100644
--- a/services/hydra/default.nix
+++ b/services/hydra/default.nix
@@ -60,7 +60,7 @@ in {
         ];
     };
 
-    sops.secrets.nix-community-cachix.sopsFile = ../../roles/nix-community-cache.yaml;
+    sops.secrets.nix-community-cachix.sopsFile = ../../roles/nix-community-cache/secrets.yaml;
     sops.secrets.id_buildfarm = {};
 
     services.hydra = {
diff --git a/tasks.py b/tasks.py
index 840465e..c8274d4 100644
--- a/tasks.py
+++ b/tasks.py
@@ -97,13 +97,9 @@ def update_sops_files(c):
     c.run(
         """
 find . \
-        -not -path "./.github/*" \
-        -not -path "./.mergify.yml" \
-        -not -path "./_config.yml" \
         -type f \
-        \( -iname '*.enc.json' -o -iname '*.yaml' \) \
-        -print0 | \
-        xargs -0 -n1 sops updatekeys --yes
+        \( -iname '*.enc.json' -o -iname 'secrets.yaml' \) \
+        -exec sops updatekeys --yes {} \;
 """
     )