diff --git a/linux/nebula/jellyfin.nix b/linux/nebula/jellyfin.nix
index 4076f37..ec04780 100644
--- a/linux/nebula/jellyfin.nix
+++ b/linux/nebula/jellyfin.nix
@@ -1,8 +1,4 @@
-{
-  config,
-  pkgs,
-  ...
-}:
+{config, ...}:
 with config.constants; {
   hardware.graphics.enable = true;
 
diff --git a/linux/singularity/coturn.nix b/linux/singularity/coturn.nix
index 2bb711c..4463ea2 100644
--- a/linux/singularity/coturn.nix
+++ b/linux/singularity/coturn.nix
@@ -1,8 +1,10 @@
-{config, ...}: {
-  services.coturn = with config.constants; let
-    acmeDir = config.security.acme.certs.${coturn-realm}.directory;
-    coturn-realm = "turn.${domain}";
-  in {
+{config, ...}:
+with config.constants; let
+  acmeDir = config.security.acme.certs.${coturn-realm}.directory;
+  coturn-realm = "turn.${domain}";
+  coturn-user = config.users.users.turnserver;
+in {
+  services.coturn = {
     enable = true;
     cert = "${acmeDir}/fullchain.pem";
     listening-port = port.coturn;
@@ -15,5 +17,6 @@
     use-auth-secret = true;
   };
 
-  sops.secrets.coturn = {};
+  security.acme.certs.${coturn-realm}.group = coturn-user.group;
+  sops.secrets.coturn.owner = coturn-user.name;
 }