{config, ...}: {
  sops.secrets."service_accounts/authelia/password" = {};
  sops.secrets."service_accounts/forgejo/password" = {};
  sops.secrets."service_accounts/jellyfin/password" = {};
  sops.secrets."service_accounts/mail/password" = {};
  sops.templates."service-accounts.json" = {
    content = ''
      {
        "id": "authelia",
        "email": "authelia@procopius.dk",
        "password": "${config.sops.placeholder."service_accounts/authelia/password"}",
        "displayName": "Authelia",
        "groups": [
          "lldap_password_manager",
          "mail"
        ]
      }
      {
        "id": "forgejo",
        "email": "forgejo@procopius.dk",
        "password": "${config.sops.placeholder."service_accounts/forgejo/password"}",
        "displayName": "Forgejo",
        "groups": [
          "lldap_password_manager",
          "mail"
        ]
      }
      {
        "id": "jellyfin",
        "email": "jellyfin@procopius.dk",
        "password": "${config.sops.placeholder."service_accounts/jellyfin/password"}",
        "displayName": "Jellyfin",
        "groups": [
          "lldap_password_manager"
        ]
      }
      {
        "id": "mail",
        "email": "mail@procopius.dk",
        "password": "${config.sops.placeholder."service_accounts/mail/password"}",
        "displayName": "NixOS Mailserver",
        "groups": [
          "lldap_password_manager",
          "mail"
        ]
      }
    '';
    path = "/bootstrap/user-configs/service-accounts.json";
    owner = "lldap";
  };
}