diff --git a/.sops.yaml b/.sops.yaml
index 49f37952..42e34f93 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -5,11 +5,11 @@ keys:
   - &ni age1dm9xugju4q5gx0zty8ckw655ea904c64gv9qw9fn3lu507ck8uzsag59y8
   - &plover age1sj497yr895335rk77qqnrqyx9f7462ma3lz0a0x3w5cnla5uqgpspgggtz
 creation_rules:
-  - path_regex: hosts/ni/(modules/\w+/secret|secrets/[^/]+)\.(yaml|json)$
+  - path_regex: hosts/ni/(modules/.+/secrets|secrets/[^/]+)\.(yaml|json|ini|env)$
     age: *ni
-  - path_regex: hosts/plover/(modules/\w+/secret|secrets/[^/]+)\.(yaml|json)$
+  - path_regex: hosts/plover/(modules/.+/secret|secrets/[^/]+)\.(yaml|json|ini|env)$
     age: *plover
-  - path_regex: users/home-manager/foo-dogsquared/[^/]+\.(yaml|json)$
+  - path_regex: users/home-manager/foo-dogsquared/(modules/.+/secret|secrets/[^/]+)\.(yaml|json|inienv)$
     key_groups:
       - age:
         - *foo-dogsquared-age
diff --git a/hosts/ni/modules/services/backup/secrets.yaml b/hosts/ni/modules/services/backup/secrets.yaml
index 9303b950..84f342ec 100644
--- a/hosts/ni/modules/services/backup/secrets.yaml
+++ b/hosts/ni/modules/services/backup/secrets.yaml
@@ -17,46 +17,17 @@ sops:
     azure_kv: []
     hc_vault: []
     age:
-        - recipient: age1say65zc678yc03tx4zexp20c9gvskvwrm4390j4x2jkepn97duhq9ptuj9
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkV2t1ZW5LUTdDQ0hXdHpm
-            bmdvN3A5bW03M09Oazl5Ums4cWl4NXljNGpnClFzZW4xZU43Q1N2bmlDcnZVVnE3
-            Z1BuT3E3Ym9vM1ZaTi93OTdtZDN6TWMKLS0tIGwzS3pjTDV6cHo5MHV6bVB0Rys3
-            ZEExUHNtSXhMMzVReTNhKytFZXRzdDAKgz1CrhcLZ9pN/+6mafqXlpW0l5urC69Z
-            JqQzi0Td9wFwdwrnP7vWLwCz3HWHNIwoI1XzR0IjI2vwp33G851crQ==
-            -----END AGE ENCRYPTED FILE-----
         - recipient: age1dm9xugju4q5gx0zty8ckw655ea904c64gv9qw9fn3lu507ck8uzsag59y8
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0QXplbjgzV3dGc2ZVMUIw
-            bGM4MU1CMVdxZDNpSEN6OUFYaDdIMWFaTFF3CmcvbW0wUHJVQ0NoMzQ1QnpBVjJz
-            QnBxbFJONytVN1o1SXMxUll3cHM4WmMKLS0tIHBYUTZXSjA1eFdWRXQwN3RsVXhO
-            cEVPdFlaR0hWNFRTMUtmdklBS2p3L1UKTk0DGtspX/MEky7GdmsG3EPw5bavxttJ
-            BF0k94Nt9nCU3PuoSeOEuBkubP90pdZPgqgIdG+6YAac7FHGktBM3w==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvSnZFWGxpMTBGNUF3RFhB
+            UG5SVWRhUDJ2bElnSVdqSHFhcXJYVU1MS3hRCmZEbGZpYlZPTWxZNzJ1UGFQNlF1
+            OXIyVUM3RkRCTkY3eGtWSXRpVm4yMTgKLS0tIEs2elQzOGw0T3UydVIyTUYxOUth
+            T1dFM2lCSGU4Yy9Zd2c4aUQ3YTlRaHMKL8RVIJE4v8aauIo7jmTvveuniwfs9A/W
+            SvdsKE/HxWplCZDvvW8y5OeT2hDemmn7a+46OrIWduao1qpK9PoCDQ==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2023-06-08T10:49:53Z"
     mac: ENC[AES256_GCM,data:ffkkhQagMqYbGKModSmUPNN9LZCcpNpe2mFOOxTUTdk3ghqM3IjEt5TuVvFa7DeYmWxV4wuBhTZ+bnWxm3LodHP1pUsiu4G21Zx2ht2Ru3kxRZdPTwcAoSosTKdQmSB2gxCAfunvfzA4b3cRLXdo1EAQ6v5qWyDj1ZD92cX7J+o=,iv:jWRKSN+Uyate8c/SYOLpt5RP8CeWIh+KJS43dzl+cAI=,tag:E8kSxM9fIb/NKWWcpA1ghg==,type:str]
-    pgp:
-        - created_at: "2023-07-24T09:38:08Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            wcFMA0MCE9LFsRfKARAAvb3OPctJrPgcR3VrcSuXgi6nZrueJgg623/NNYn1h8uD
-            Z3GJHFflBN2QawIyE2HCNcuK0r5fLMpAYVO74VqUp63IAF/raX+KjbJLs+yxlHv1
-            E7ZyfA27FUoHvv3sV5jgytOWOA1kBT4E0ZkY92jSMMfPFT89ufQgObGwZ78u6UiQ
-            pnSfXfQIgVsI5gpFfxCOTooj4rFZhsJfi/FLTLyDySmt8qd/ZeyPpRLuWZT3IAwD
-            Tg23npE+YuitTQwYSN01fW3sknCu350fvzm9I8EflWM5PyeBDeIRUKsXvrS0yKi4
-            tYksj0W9g95VZDbt07XJilyx9iohu/X92AYFtGys7HcfOIc68tzWaYcniFd1Z4fk
-            amGIBUkXEeGALm/TTXd3tMOpm9Pz1vn0AJZqyAjcNDKAxLvGVEgHu0Ka2bm82aYm
-            z7N175Ojz1Nr25SrPTq5QAY9Np+J81SoLkIA0apRTa3RQ1fefnfHIWRfhAi0nCsA
-            rU67hPPm1T+F5Gho8LE4pKrCUGweWRtYMWyi6nrBZ+b4w305kND2h+/Y8vLy6jZH
-            QkMOoc3aX0Vm6EfFQSqxOl5vDQTRvg0YpDMf3irsI0xF4HNCxI17YlO+mmgF5t0N
-            CBMmg8zBaPkaf8py27iPO6Gd7/vGriuzyZdPYIip51qIRafsS+VYy//3grKGnRTS
-            UQEa/W/KFPG6JldqbD6vrPbSJWcsvXr7Wa+ksGHen4w9mkTJpyyo9wnp07cf/fum
-            QEoh+CTQvjnSJkR+v1gqhFI2alvWfijM5EKjkHvPoGfHUA==
-            =4y3h
-            -----END PGP MESSAGE-----
-          fp: DDD7D0BD602E564BAA04FC3514310D9141152B92
+    pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3
diff --git a/hosts/ni/modules/services/download-media/secrets.yaml b/hosts/ni/modules/services/download-media/secrets.yaml
index fa67837a..7249f25d 100644
--- a/hosts/ni/modules/services/download-media/secrets.yaml
+++ b/hosts/ni/modules/services/download-media/secrets.yaml
@@ -5,46 +5,17 @@ sops:
     azure_kv: []
     hc_vault: []
     age:
-        - recipient: age1say65zc678yc03tx4zexp20c9gvskvwrm4390j4x2jkepn97duhq9ptuj9
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2eEp3K0hwZVBKQU53NVBn
-            Um1wdjY4Szg1ZXFiTDlhSEFZdXVIN1dUbXhzCkpCZzNmM3hWSlpCRkNIR2E1VHpU
-            MnR6ai9LRnp2dHllaVN5WTR5RFdNL1UKLS0tICs1dVNLeXd3bzQrNnBwam12UklU
-            WVIvUFM3OGNsck9tWmdtSHVTbGtoejAKGBNO/e93l3e/SjMm1rB9WvKSR33WqGNx
-            K3Ry4eN7rHUCZ+ATAkGm+vLk5MZNFMCIlaN0fhm9Q/PYFLRdVJwZqw==
-            -----END AGE ENCRYPTED FILE-----
         - recipient: age1dm9xugju4q5gx0zty8ckw655ea904c64gv9qw9fn3lu507ck8uzsag59y8
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaQzV6d0FVUVIwTlZFL1oz
-            VWcrYXkyWTdFNDhZYXZrYVl3Z3RqdXJzdlY0CjNpWDNhK2ZhSXJZWkFIUk0vVUhV
-            dVQyaXE0MGlkK2tDVUF5dnMwTkJKcW8KLS0tIEprbEM3dnBXSnpwaGJ6WEJqZDBG
-            SzNaellGdFlGU1YxeEhMcS9JbzZuR1EKRCnDF4qGnXq1fNxeJMn1ptsIRnL4eYay
-            vqo7thO8tQh302FS+2u5N2JFF6a5Fcx9Psh2BO6ZiP5EC+vnSEjwDg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZHFUS2FjOTFNTGpza3FG
+            TVVzN3lDRXhYNVowM3R4b3lVd2MzejZEamhZClVPMnRsbjcyckRrd1E0SkJoRTlV
+            bHZBVjJmbGJkMnEyV1YvdnFqQnAzb1kKLS0tIElCNFZzcGNRWFk0a3FVa3MyaG8w
+            TmoyL2wySVV6SWZ4ZjNTYVlTbmd6Z28Kot16Blm1wLrqUz3O3Y/0/9f6yA+9Lt8X
+            npo0Sw4yRDpU4tKwulpOQbbUEnnYTtWeB7kgBjQC+5Bn11otW1FKzQ==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2022-07-20T08:16:17Z"
     mac: ENC[AES256_GCM,data:KOCuxHeg4VEcuzF5SWVRx5ahWAvFb+eGOyTvv5sNgA9JE7ectven0REXMM+2Qytn9+UmVVFRH4SSV89YB0BI2x2+GL+hLuLYIRCJ1/s4p9B+LIRfz6rqeo/w0ETHT+b2JjRhC99igHwksD+bLnHQo9XFcNvT2gDxvOaX+mSurSQ=,iv:+zrR7lSHLEhgtNR3/IMSnzBFoE59NJ/CzuoVz/KdauI=,tag:H59qLT3SLo4yYrzJexTryA==,type:str]
-    pgp:
-        - created_at: "2023-07-24T09:42:41Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            wcFMA0MCE9LFsRfKARAAsSyRa9I+HCvau+yt8Xf/4IBAK9d+62bdtXY7yWicdTFJ
-            zXEr8NetgB0j0++k0JmAJ4nkmVHHr1aEw0J5uM/c7QrVpduytHvo1pubwZzgtLt9
-            EdZjqw0ga4GrkUFD//Y5Fo/V5gR5zl0cfHkjZ6LDA0YCpGBZsd1hQ2q/mnihXyjN
-            HZ3MK/Y5ljj1/QidPp0YxIpn0x52TW7rKgv2N6ZoAuSZC/BPrSf3n3fxDPcS8gqk
-            qzQrZIJaRNptpkDPQbsA7HchWACx4iWw3klge0kHMqCALhSFipdhNhDcmRMCAIHY
-            ghe/8kLNK03KGBgajenwm8F2/Gui/mZcTojEecSZkS7GhMi2POT+yujuwy0mYh0x
-            5Mf08gkppXnpXWgOTLb9iYpnV299eY1ZvPCXNAMan9SKNQfbQbgskYi3sRyX8t43
-            EKZ4M5TfyrScFPI4eIOJvTRTUSJ79fvhPTgb85hg1yI4Efbw9H/UXJ/AlVT2Lh4b
-            9wA5E4hVhWYdYfnqodn0m7LHSeqdKd5YjphALQsp94/qYsgNGYsgUj0CN5Auo+Hv
-            s1dGjHpg9M0EsOB8IgJcweZ6jX7XtW38N7Bj4TrviLiaKOcZEm7TNiWai6IDdScJ
-            EMD3rVDvAdOQtCUWc3MzGBLewqZ2vYgyZP8mF40YCByedCe/OW48SoQWDHt9n2jS
-            UQFOjGhRW+VjUHs7OgAep3wF/VteY7iaGBRA5TvfkYCTJ4mWK1hNbe5Ku8zckK6Z
-            FPYedSenABf3R0bB7Vc4vMJrqXNmG535tARbtKtPtK9yYA==
-            =rB30
-            -----END PGP MESSAGE-----
-          fp: DDD7D0BD602E564BAA04FC3514310D9141152B92
+    pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3
diff --git a/users/home-manager/foo-dogsquared/secrets/secrets.yaml b/users/home-manager/foo-dogsquared/secrets/secrets.yaml
index 4b62a31f..97adcba2 100644
--- a/users/home-manager/foo-dogsquared/secrets/secrets.yaml
+++ b/users/home-manager/foo-dogsquared/secrets/secrets.yaml
@@ -1,50 +1,27 @@
 davfs2-credentials: ENC[AES256_GCM,data:pl0rlf8q5/QKp/N7QiYHz/Ol8Lu6QSwIWUTYkkZ0zKO4uhWubICZyJu3Yc4bsn19DCEA7ch8wZ+zHVU8YgMHyesc5OeB5FBjmGCFEqmlM0QwCY3lhy1LirBhqzUf4/x0vIIrgO4d2fI=,iv:H2IYE2cHLzaZ/ni+t0BaSAcdHAmE2PCBlq93R6qQBhY=,tag:DewKYU/tvgtXH3gmcp6TCQ==,type:str]
 sops:
+    shamir_threshold: 2
+    key_groups:
+        - hc_vault: []
+          age:
+            - recipient: age1say65zc678yc03tx4zexp20c9gvskvwrm4390j4x2jkepn97duhq9ptuj9
+              enc: |
+                -----BEGIN AGE ENCRYPTED FILE-----
+                YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmN3FtZ3hTRVdDbDFTbTZt
+                ZHRKZ1lDUlU0c042RXRqRXFZbUhibnFnb0JrCkZnTDAyZ2xZYXZML0E2Nmg0Mk13
+                d1dWa0t0ZHdGZ0xPMHVhc241QzFmSFkKLS0tIGZLSW5NZlNlOXVOQ1d5dzJZZGcy
+                MmZMcjlmYUQybVU2UVpTOWh2a3p2N1UKtAer0EZBUwgftHd5ITbzy/X8VaeMfH1O
+                RG0uA9kZOOXkW8yFu23VvUjp0F+SQhQoxKde4qXLbpIMS30juOHYlE8=
+                -----END AGE ENCRYPTED FILE-----
+        - hc_vault: []
+          age: []
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
-    age:
-        - recipient: age1say65zc678yc03tx4zexp20c9gvskvwrm4390j4x2jkepn97duhq9ptuj9
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBNkhBaWFYRm1RWHlHVEwy
-            NFVndndMdTBaWnd5NTF1K0pmUGRvUVdnZ25RClJFM0F0d3NkcU91bXAzWnNjdUZa
-            QlhLYk80RnNQS05CS3hRdG0zMS8xUHcKLS0tIHdISWdMTGlUdnVTZTE5QTBBa1dR
-            WnBjSnd4VkZRNE1xTjVXMkQ4b29MbVkKhDD0Ex1gx3pgesNLIA5Wo2uOjsehG6zK
-            8uMD75AGrLzl2UoJtsaAuWxs94tLi8bVAbTAFDqWsZSvW7iCkEYDEQ==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1dm9xugju4q5gx0zty8ckw655ea904c64gv9qw9fn3lu507ck8uzsag59y8
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpdjZEdEdtZkx2U1hxSHlB
-            TzVqaXFhUTFJckhsc0U3ZWcwZXkydDRrZ3o0Ck0rS0YyS1MwQ2NKcjJ5aDhYZW9a
-            VStkRmY5enEvZXYvbzJWYTZiMmNKUXMKLS0tIFpxaCsrRW9KUFVpWlN2cHo5RTZC
-            MmN4OGJyU0lHdVNOa0Zqanh1NmNEL1UKLozqWvab09d0LX+cd0NnlnrdjOe1Cr2K
-            HWGvRqy9BfYUvr0Ze+HXyoOS57Iee1ILzN85rkg++3e8gqgqc3sZ5g==
-            -----END AGE ENCRYPTED FILE-----
+    age: []
     lastmodified: "2023-07-28T15:02:44Z"
     mac: ENC[AES256_GCM,data:RI4HgCcLAK/0kS3FOQUJ4AvjGWwziJYvj4ymjWscujsPqQVqhCf35wIoTJ9Wa7Fb6gMM+5ws6LgUj0W3Evu56qi5ej022kyWbO4opOopJGXhZzUzUkX3w2rayDpCu0M9H3EM0AGUvqj8dScFV7GhEFKFeGJ0re9U7ZFXLCfanRs=,iv:lMRuV1/UiIJ3ftK48AGgo6uVdIyWJO9YcbSy57xOC+0=,tag:9RdYy95TwZmhHzNDQMnA6w==,type:str]
-    pgp:
-        - created_at: "2023-09-05T23:03:32Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            wcFMA0MCE9LFsRfKARAAxe7+A+DbFeeIva58vwzXh9jVMiSksx/fUd1EzxfRTI+m
-            tu6dpO7er4+r7ZeoQcpA/J6K6VYrFSJ+vIrSyWF3NZ8aM4QNFGyKuodthxar9Uks
-            eKcKtSXedco0N5U5RqBbVhxPAdzA7Y1oM10hNTBaLcpKpnTJpLZzn+1o7lyGmPnK
-            vcbmGXpnJVvNrm4y9ilb5JiC9NE8HHyUcIaloLq+WNivj8QUek+KMLqu6j/x3ok0
-            bmG6EklsLNKVyw+zSPbgA/4CbyYqaevcD4Pd6nG0+Ih3ZjhY8usXOA358rpdlz8q
-            j0/ijzzkXVoRPujazNKcQxKSeAEyxKuhJ3KmyG/GL+XktGuWK4KhpELeRsLtGKSd
-            4rYNyd9Jt6CNkbaVdDU5kKTNFBurLR+kJdQSMwh6esNLK57IIH0tNbMt33xWg1tS
-            kT+ipdvk44sokibA5oVAjtRoeuyaHeFzz6u8oX8wiOKzt55h751iUKxdA01rxq8a
-            TzJn0Xqp48gbT66WE63wORinx41UOQyHp2ASI5dGJpGvWnPnlF1lSr63r+3/GBhq
-            IB/Hu9+7t593zyq30Bne0TdruohziiPOV8dxRpZbZKnH1I7CSDqibNuyBMmWOqpT
-            AP2RqUjedL6bdE2kmFnahaT+DoVMC/4DgQvMw9LshDfbWrrUi6UTVWwrMtOOyEbS
-            UQGSGRGdNiO5CwCBJJ5C6UKZBUIBR2SWapay04839q1VFFNW9/nuViB7aNzaL9J/
-            beYxUDVNw0SdKdbg7yufqnPoq8mz2KuGlLqLplcFLAXaaA==
-            =yLvz
-            -----END PGP MESSAGE-----
-          fp: DDD7D0BD602E564BAA04FC3514310D9141152B92
+    pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3