## TODO use defaultSopsFile mayb _: {config, ...}: let # autheliaUser = config.services.authelia.instances.main.user; in { sops.secrets = { wireguard = { format = "binary"; sopsFile = ./wireguard; }; grafana-pass = { format = "binary"; sopsFile = ./grafana-pass; }; wireguard-config = { format = "binary"; sopsFile = ./wireguard-config; }; slskd = { format = "binary"; sopsFile = ./slskd; # restartUnits = ["podman-slskd.service"]; }; cloudflare = { format = "binary"; sopsFile = ./cloudflare; }; jackett = { format = "binary"; sopsFile = ./jackett; restartUnits = ["podman-qbittorrent.service"]; }; betanin = { format = "binary"; sopsFile = ./betanin; restartUnits = ["podman-betanin.service"]; }; transmission = { format = "binary"; sopsFile = ./transmission; }; "lldap/jwt" = { sopsFile = ./lldap.yaml; owner = "lldap"; }; "lldap/password" = { sopsFile = ./lldap.yaml; owner = "lldap"; }; # authelia authelia_lldap_password = { format = "yaml"; sopsFile = ./authelia.yaml; key = "lldap_password"; # owner = autheliaUser; }; authelia_jwt_secret = { format = "yaml"; sopsFile = ./authelia.yaml; key = "jwt_secret"; # owner = autheliaUser; }; authelia_session_secret = { format = "yaml"; sopsFile = ./authelia.yaml; key = "session_secret"; #owner = autheliaUser; }; authelia_encryption_key = { format = "yaml"; sopsFile = ./authelia.yaml; key = "encryption_key"; #owner = autheliaUser; }; authelia_storage_password = { format = "yaml"; sopsFile = ./authelia.yaml; key = "storage_password"; #owner = autheliaUser; }; brawlstars-api-key = { format = "binary"; sopsFile = ./brawlstars; }; wakapi = { format = "binary"; sopsFile = ./wakapi; mode = "004"; }; }; }