From f546f85037bf23f105a721132f06ab3a562d38f7 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 22 Nov 2025 23:34:06 +0100
Subject: [PATCH] hosts: nixos: porthos: secrets: sso: remove owner

Now that the service uses `LoadCredential` [1], I can make the files
root-owned.

[1]: https://github.com/NixOS/nixpkgs/pull/460305
---
 hosts/nixos/porthos/secrets/secrets.nix | 15 +++------------
 1 file changed, 3 insertions(+), 12 deletions(-)

diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix
index b3812b4..f1842b4 100644
--- a/hosts/nixos/porthos/secrets/secrets.nix
+++ b/hosts/nixos/porthos/secrets/secrets.nix
@@ -83,18 +83,9 @@ in
   "servarr/autobrr/session-secret.age".publicKeys = all;
   "servarr/cross-seed/configuration.json.age".publicKeys = all;
 
-  "sso/auth-key.age" = {
-    owner = "nginx-sso";
-    publicKeys = all;
-  };
-  "sso/ambroisie/password-hash.age" = {
-    owner = "nginx-sso";
-    publicKeys = all;
-  };
-  "sso/ambroisie/totp-secret.age" = {
-    owner = "nginx-sso";
-    publicKeys = all;
-  };
+  "sso/auth-key.age".publicKeys = all;
+  "sso/ambroisie/password-hash.age".publicKeys = all;
+  "sso/ambroisie/totp-secret.age".publicKeys = all;
 
   "tandoor-recipes/secret-key.age".publicKeys = all;