{ sops = { defaultSopsFile = ../keys/production.yaml; secrets = { "battery-manager/email" = { owner = "battery-manager"; group = "battery-manager"; }; "battery-manager/password" = { owner = "battery-manager"; group = "battery-manager"; }; # Gitea "forgejo/metrics-token" = { owner = "forgejo"; group = "metrics"; mode = "0440"; }; # Grafana "grafana/adminPassword" = { owner = "grafana"; group = "grafana"; }; "grafana/secretKey" = { owner = "grafana"; group = "grafana"; }; # Heisenbridge "heisenbridge/as-token" = { }; "heisenbridge/hs-token" = { }; "hetzner-api" = { owner = "acme"; }; "porkbun/api" = { owner = "acme"; }; "porkbun/secret-api" = { owner = "acme"; }; # Nextcloud "nextcloud/tlater" = { owner = "nextcloud"; group = "nextcloud"; }; # Restic "restic/local-backups" = { owner = "root"; group = "backup"; mode = "0440"; }; "restic/storagebox-backups" = { owner = "root"; group = "backup"; mode = "0440"; }; "restic/storagebox-ssh-key" = { owner = "backup"; group = "backup"; mode = "0040"; }; # Steam "steam/tlater" = { }; # Turn "turn/env" = { }; "turn/secret" = { owner = "turnserver"; }; "turn/ssl-key" = { owner = "turnserver"; }; "turn/ssl-cert" = { owner = "turnserver"; }; # Wireguard "wireguard/server-key" = { owner = "root"; group = "systemd-network"; mode = "0440"; }; }; }; }