diff --git a/flux/cluster/apps/drone/secret.yaml b/flux/cluster/apps/drone/secret.yaml
index e2147cc..d5a694d 100644
--- a/flux/cluster/apps/drone/secret.yaml
+++ b/flux/cluster/apps/drone/secret.yaml
@@ -39,3 +39,11 @@ spec:
       remoteRef:
         key: k8s/drone
         property: gitea-server
+    - secretKey: DRONE_DATABASE_DRIVER
+      remoteRef:
+        key: k8s/drone
+        property: drone-db-driver
+    - secretKey: DRONE_DATABASE_DATASOURCE
+      remoteRef:
+        key: k8s/drone
+        property: drone-db-url
\ No newline at end of file
diff --git a/nixos/machines/postgres/default.nix b/nixos/machines/postgres/default.nix
index 5d48bcd..64a902b 100644
--- a/nixos/machines/postgres/default.nix
+++ b/nixos/machines/postgres/default.nix
@@ -24,7 +24,7 @@ in {
       host all all fd42:8db7:2e6b:8e9b:216:3eff::/96 trust
     '';
     ensureDatabases =
-      [ "gitea" "vault" "vaultwarden" "authentik" "umami" ];
+      [ "gitea" "vault" "vaultwarden" "authentik" "umami" "drone" ];
     ensureUsers = [
       {
         name = "gitea";
@@ -43,6 +43,7 @@ in {
         ensurePermissions = { "DATABASE \"authentik\"" = "ALL PRIVILEGES"; };
       }
       (user "umami")
+      (user "drone")
     ];
 
     enableTCPIP = true;