{ sops = { defaultSopsFile = ../keys/production.yaml; secrets = { "nextcloud/tlater" = { owner = "nextcloud"; group = "nextcloud"; }; "steam/tlater" = {}; "heisenbridge/as-token" = {}; "heisenbridge/hs-token" = {}; "wireguard/server-key" = { owner = "root"; group = "systemd-network"; mode = "0440"; }; "restic/local-backups" = { owner = "root"; group = "backup"; mode = "0440"; }; "turn/env" = {}; "turn/secret" = { owner = "turnserver"; }; "turn/ssl-key" = { owner = "turnserver"; }; "turn/ssl-cert" = { owner = "turnserver"; }; }; }; }