diff --git a/platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix b/platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix
index 8f96e54..1f04d3d 100644
--- a/platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix
@@ -68,11 +68,7 @@ in
     # Tell Caddy to use Cloudflare DNS for ACME challenge validation
     services.caddy.package = pkgs.caddy.withPlugins {
       plugins = [ "github.com/caddy-dns/cloudflare@v0.0.0-20250228175314-1fb64108d4de" ];
-      hash =
-        if pkgs.stdenv.isx86_64 then
-          "sha256-YYpsf8HMONR1teMiSymo2y+HrKoxuJMKIea5/NEykGc="
-        else
-          "sha256-3nvVGW+ZHLxQxc1VCc/oTzCLZPBKgw4mhn+O3IoyiSs=";
+      hash = "sha256-YYpsf8HMONR1teMiSymo2y+HrKoxuJMKIea5/NEykGc=";
     };
     nmasur.presets.services.caddy.tlsPolicies = [
       {
diff --git a/platforms/nixos/modules/nmasur/presets/services/cloudflared.nix b/platforms/nixos/modules/nmasur/presets/services/cloudflared.nix
index 857c196..547c5bb 100644
--- a/platforms/nixos/modules/nmasur/presets/services/cloudflared.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/cloudflared.nix
@@ -94,9 +94,6 @@ in
     secrets.cloudflared = {
       source = cfg.tunnel.credentialsFile;
       dest = "${config.secretsDirectory}/cloudflared";
-      owner = "cloudflared";
-      group = "cloudflared";
-      permissions = "0440";
     };
     systemd.services.cloudflared-secret = {
       requiredBy = [ "cloudflared-tunnel-${cfg.tunnel.id}.service" ];