diff --git a/home/modules/runit/default.nix b/home/modules/runit/default.nix
index eb12c04..314d107 100644
--- a/home/modules/runit/default.nix
+++ b/home/modules/runit/default.nix
@@ -18,6 +18,16 @@
             description = "Shell commands executed as the service's main process";
           };
           log.enable = lib.mkEnableOption "Enable logging";
+          environment = lib.mkOption {
+            type = lib.types.attrsOf lib.types.str;
+            default = {};
+            description = "Environment variables passed to the service's processes";
+          };
+          environmentFile = lib.mkOption {
+            type = lib.types.nullOr lib.types.path;
+            default = null;
+            description = "Environment file passed to the service";
+          };
         };
       }));
     };
@@ -28,21 +38,45 @@
   config = {
     home.file = lib.mkMerge (
       lib.mapAttrsToList (serviceName: sCfg:
-        {
-          # run script
-          "runit/services/${serviceName}/run" = {
-            text = sCfg.script;
-            executable = true;
+        let
+          envExports = lib.concatStringsSep "\n" (
+            lib.mapAttrsToList (k: v: "export ${k}='${v}'") sCfg.environment
+          );
+          envFile = lib.mkIf (sCfg.environmentFile != null) {
+            "runit/services/${serviceName}/.env" = {
+              source = sCfg.environmentFile;
+            };
           };
-          
-          # logging
-          "runit/services/${serviceName}/log/run" = lib.mkIf sCfg.log.enable {
-            text = ''
-              #!/bin/sh
-              exec svlogd -t ./main
-            '';
-          };
-        }
+          envFileSetup = if sCfg.environmentFile != null then ''
+            set -a
+            source .env
+            set +a
+          '' else "";
+        in
+        lib.mkMerge [
+          {
+            # run script
+            "runit/services/${serviceName}/run" = {
+              text = ''
+                #!/usr/bin/env bash
+                ${envExports}
+                ${envFileSetup}
+                ${sCfg.script}
+              '';
+              executable = true;
+            };
+
+            # logging
+            "runit/services/${serviceName}/log/run" = lib.mkIf sCfg.log.enable {
+              text = ''
+                #!/bin/sh
+                exec svlogd -t ./main
+              '';
+              executable = true;
+            };
+          }
+          envFile
+        ]
       ) config.runit.services
     );
   };
diff --git a/home/modules/runit/services/glances.nix b/home/modules/runit/services/glances.nix
index 4a7079f..94db540 100644
--- a/home/modules/runit/services/glances.nix
+++ b/home/modules/runit/services/glances.nix
@@ -3,8 +3,7 @@
 {
   runit.services.glances = {
     script = ''
-      #!/bin/bash
-      ${pkgs.glances}/bin/glances -w
+      exec ${pkgs.glances}/bin/glances -w
     '';
   };
 }
diff --git a/home/modules/runit/services/opengist.nix b/home/modules/runit/services/opengist.nix
new file mode 100644
index 0000000..d7929c7
--- /dev/null
+++ b/home/modules/runit/services/opengist.nix
@@ -0,0 +1,20 @@
+{ pkgs, rootPath, ... }:
+
+{
+  runit.services.opengist = {
+    script = ''
+      exec ${pkgs.opengist}/bin/opengist start
+    '';
+    
+    environment = {
+      OG_HTTP_HOST = "127.0.0.1";
+      OG_HTTP_PORT = "6157";
+      OG_SSH_HOST = "127.0.0.1";
+      OG_SSH_PORT = "6522";
+    };
+
+    environmentFile = rootPath + /secrets/gitcrypt/opengist.env;
+
+    log.enable = true;
+  };
+}
diff --git a/secrets/gitcrypt/opengist.env b/secrets/gitcrypt/opengist.env
new file mode 100644
index 0000000..275e5fc
Binary files /dev/null and b/secrets/gitcrypt/opengist.env differ
diff --git a/secrets/gitcrypt/runit/env b/secrets/gitcrypt/runit/env
deleted file mode 100644
index 15a44d8..0000000
Binary files a/secrets/gitcrypt/runit/env and /dev/null differ