Serives: Use sops for service secrets (heidi, kopia)

system/services/0_TEMPLATE.nix

@@ -14,7 +14,7 @@
 
       # DockerHub Credentials
       username = "christoph.urlacher@protonmail.com";
-      passwordFile = "${config.age.secrets.dockerhub-pasword.path}";
+      passwordFile = "${config.sops.secrets.docker-pasword.path}";
     };
 
     dependsOn = [];
@@ -31,9 +31,18 @@
       # NVIDIA_DRIVER_CAPABILITIES = "all";
     };
 
+    # If we need to pass secrets to containers we can't use plain env variables.
+    sops.templates."TEMPLATE_secrets.env".content = ''
+      SECRET=${config.sops.placeholder.SECRET}
+    '';
+
+    environmentFiles = [
+      config.sops.templates."TEMPLATE_secrets.env".path
+    ];
+
     extraOptions = [
-      # "--gpus=all"
       "--net=behind-nginx"
+      # "--gpus=all"
     ];
   };
 }