diff --git a/modules/system/hedgedoc/default.nix b/modules/system/hedgedoc/default.nix
index 45dcafd..f5fe510 100644
--- a/modules/system/hedgedoc/default.nix
+++ b/modules/system/hedgedoc/default.nix
@@ -8,7 +8,6 @@ let
   cfg = config.myConfig.hedgedoc;
 
   user = config.users.users.hedgedoc.name;
-  inherit (config.users.users.hedgedoc) group;
 
   manage_users = "CMD_CONFIG_FILE=/run/hedgedoc/config.json NODE_ENV=production ${lib.getExe' pkgs.hedgedoc "manage_users"}";
 in
@@ -27,24 +26,17 @@ in
 
   config = lib.mkIf cfg.enable {
     sops = {
-        secrets = {
-          "hedgedoc/seb-password" = {
-            owner = user;
-            inherit group;
-          };
-          "hedgedoc/gitlab-auth-secret" = {
-            owner = user;
-            inherit group;
-          };
-        };
-
-        templates."hedgedoc/environment" = {
-          owner = user;
-          inherit group;
-          content = "GITLAB_CLIENTSECRET=${config.sops.placeholder."hedgedoc/gitlab-auth-secret"}";
-        };
+      secrets = {
+        "hedgedoc/seb-password".owner = user;
+        "hedgedoc/gitlab-auth-secret".owner = user;
       };
 
+      templates."hedgedoc/environment" = {
+        owner = user;
+        content = "GITLAB_CLIENTSECRET=${config.sops.placeholder."hedgedoc/gitlab-auth-secret"}";
+      };
+    };
+
     services.hedgedoc = {
       enable = true;
 
diff --git a/modules/system/nextcloud/default.nix b/modules/system/nextcloud/default.nix
index 1c085a6..69846c3 100644
--- a/modules/system/nextcloud/default.nix
+++ b/modules/system/nextcloud/default.nix
@@ -9,7 +9,6 @@ let
   cfg = config.myConfig.nextcloud;
 
   user = config.users.users.nextcloud.name;
-  inherit (config.users.users.nextcloud) group;
 in
 {
   options.myConfig.nextcloud = {
@@ -26,10 +25,7 @@ in
   };
 
   config = lib.mkIf cfg.enable {
-    sops.secrets."nextcloud/admin-password" = {
-      owner = user;
-      inherit group;
-    };
+    sops.secrets."nextcloud/admin-password".owner = user;
 
     services.nextcloud = {
       enable = true;
diff --git a/modules/system/tailscale/caddy-serve.nix b/modules/system/tailscale/caddy-serve.nix
index 25b6fba..91746e7 100644
--- a/modules/system/tailscale/caddy-serve.nix
+++ b/modules/system/tailscale/caddy-serve.nix
@@ -38,10 +38,7 @@ in
   };
 
   config = lib.mkIf (nodes != { }) {
-    sops.secrets."service-tailscale-auth-key" = {
-      owner = config.services.caddy.user;
-      inherit (config.services.caddy) group;
-    };
+    sops.secrets."service-tailscale-auth-key".owner = config.services.caddy.user;
 
     services.caddy = {
       enable = true;