depot/secrets.nix

let
  max = (import ./users/max/userinfo.nix null).sshKeys;
  hosts = builtins.mapAttrs (_: v: v._module.specialArgs.depot.reflection)
    (builtins.getFlake "git+file://${builtins.getEnv "PWD"}").nixosConfigurations;
  systemKeys = x: x.ssh.id.publicKey or null;
in with hosts;
{
  "cluster/services/attic/attic-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "cluster/services/attic/attic-s3-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "cluster/services/attic/attic-server-token.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "cluster/services/cachix-deploy-agent/credentials/checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];
  "cluster/services/cachix-deploy-agent/credentials/grail.age".publicKeys = max ++ map systemKeys [ grail ];
  "cluster/services/cachix-deploy-agent/credentials/prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
  "cluster/services/cachix-deploy-agent/credentials/VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "cluster/services/cachix-deploy-agent/credentials/thunderskin.age".publicKeys = max ++ map systemKeys [ thunderskin ];
  "cluster/services/dns/acme-dns-direct-key.age".publicKeys = max ++ map systemKeys [ checkmate grail thunderskin VEGAS prophet ];
  "cluster/services/dns/acme-dns-db-credentials.age".publicKeys = max ++ map systemKeys [ checkmate VEGAS prophet ];
  "cluster/services/forge/credentials/forgejo-oidc-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "cluster/services/forge/credentials/forgejo-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "cluster/services/hercules-ci-multi-agent/secrets/hci-cache-config.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
  "cluster/services/hercules-ci-multi-agent/secrets/hci-cache-credentials-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
  "cluster/services/hercules-ci-multi-agent/secrets/hci-cache-credentials-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "cluster/services/hercules-ci-multi-agent/secrets/hci-effects-secrets-private-void.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
  "cluster/services/hercules-ci-multi-agent/secrets/hci-token-hyprspace-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "cluster/services/hercules-ci-multi-agent/secrets/hci-token-hyprspace-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
  "cluster/services/hercules-ci-multi-agent/secrets/hci-token-max-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "cluster/services/hercules-ci-multi-agent/secrets/hci-token-max-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
  "cluster/services/hercules-ci-multi-agent/secrets/hci-token-nixpak-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "cluster/services/hercules-ci-multi-agent/secrets/hci-token-nixpak-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
  "cluster/services/hercules-ci-multi-agent/secrets/hci-token-private-void-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "cluster/services/hercules-ci-multi-agent/secrets/hci-token-private-void-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
  "cluster/services/idm/secrets/service-account-checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];
  "cluster/services/idm/secrets/service-account-grail.age".publicKeys = max ++ map systemKeys [ grail ];
  "cluster/services/idm/secrets/service-account-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
  "cluster/services/idm/secrets/service-account-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "cluster/services/idm/secrets/service-account-soda.age".publicKeys = max ++ map systemKeys [ soda ];
  "cluster/services/idm/secrets/service-account-thunderskin.age".publicKeys = max ++ map systemKeys [ thunderskin ];
  "cluster/services/ipfs/cluster-secret.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
  "cluster/services/ipfs/cluster-pinsvc-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
  "cluster/services/irc/irc-peer-key.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
  "cluster/services/monitoring/secrets/grafana-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
  "cluster/services/monitoring/secrets/grafana-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
  "cluster/services/monitoring/secrets/loki-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "cluster/services/monitoring/secrets/secret-monitoring/blackbox.age".publicKeys = max ++ map systemKeys [ checkmate grail prophet ];
  "cluster/services/monitoring/secrets/tempo-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "cluster/services/patroni/passwords/metrics.age".publicKeys = max ++ map systemKeys [ grail thunderskin VEGAS ];
  "cluster/services/patroni/passwords/replication.age".publicKeys = max ++ map systemKeys [ grail thunderskin VEGAS ];
  "cluster/services/patroni/passwords/rewind.age".publicKeys = max ++ map systemKeys [ grail thunderskin VEGAS ];
  "cluster/services/patroni/passwords/superuser.age".publicKeys = max ++ map systemKeys [ grail thunderskin VEGAS ];
  "cluster/services/storage/secrets/heresy-encryption-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "cluster/services/storage/secrets/external-storage-auth-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
  "cluster/services/storage/secrets/garage-rpc-secret.age".publicKeys = max ++ map systemKeys [ grail VEGAS prophet ];
  "cluster/services/storage/secrets/storage-box-credentials.age".publicKeys = max ++ map systemKeys [ grail VEGAS prophet ];
  "cluster/services/wireguard/mesh-keys/checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];
  "cluster/services/wireguard/mesh-keys/grail.age".publicKeys = max ++ map systemKeys [ grail ];
  "cluster/services/wireguard/mesh-keys/thunderskin.age".publicKeys = max ++ map systemKeys [ thunderskin ];
  "cluster/services/wireguard/mesh-keys/VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "cluster/services/wireguard/mesh-keys/prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
  "secrets/coturn-static-auth.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/dovecot-ldap-token.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/gitlab-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/gitlab-initial-root-password.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/gitlab-openid-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/gitlab-runner-registration.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/gitlab-secret-db.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/gitlab-secret-jws.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/gitlab-secret-otp.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/gitlab-secret-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/hydra-bincache.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/hydra-builder-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/hydra-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/hydra-s3.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/hyprspace-key-checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];
  "secrets/hyprspace-key-grail.age".publicKeys = max ++ map systemKeys [ grail ];
  "secrets/hyprspace-key-thunderskin.age".publicKeys = max ++ map systemKeys [ thunderskin ];
  "secrets/hyprspace-key-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/hyprspace-key-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
  "secrets/keycloak-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/matrix-appservice-discord-token.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/minio-root-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/nextcloud-adminpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/nextcloud-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/oauth2_proxy-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/postfix-ldap-mailboxes.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/searxng-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/synapse-db.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/synapse-keys.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/synapse-ldap.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/synapse-turn.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/wireguard-key-storm-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
}
secrets: move secrets.nix to root 2022-08-03 22:23:24 +02:00			`let`
			`max = (import ./users/max/userinfo.nix null).sshKeys;`
hosts/thunderskin: init 2023-03-20 19:52:07 +01:00			`hosts = builtins.mapAttrs (_: v: v._module.specialArgs.depot.reflection)`
secrets: fix flake url 2023-10-25 17:33:08 +02:00			`(builtins.getFlake "git+file://${builtins.getEnv "PWD"}").nixosConfigurations;`
secrets: move secrets.nix to root 2022-08-03 22:23:24 +02:00			`systemKeys = x: x.ssh.id.publicKey or null;`
			`in with hosts;`
			`{`
cluster/services/attic: move to garage 2023-10-31 22:19:08 +01:00			`"cluster/services/attic/attic-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"cluster/services/attic/attic-s3-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
cluster/services/attic: init 2023-06-13 23:27:53 +02:00			`"cluster/services/attic/attic-server-token.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
cluster/services/cachix-deploy-agent: init 2023-07-21 01:15:10 +02:00			`"cluster/services/cachix-deploy-agent/credentials/checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];`
cluster/services/cachix-deploy-agent: add grail 2023-11-04 01:06:59 +01:00			`"cluster/services/cachix-deploy-agent/credentials/grail.age".publicKeys = max ++ map systemKeys [ grail ];`
cluster/services/cachix-deploy-agent: init 2023-07-21 01:15:10 +02:00			`"cluster/services/cachix-deploy-agent/credentials/prophet.age".publicKeys = max ++ map systemKeys [ prophet ];`
			`"cluster/services/cachix-deploy-agent/credentials/VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"cluster/services/cachix-deploy-agent/credentials/thunderskin.age".publicKeys = max ++ map systemKeys [ thunderskin ];`
cluster/services/dns: switch to acme-dns, host static records 2023-12-03 16:30:16 +01:00			`"cluster/services/dns/acme-dns-direct-key.age".publicKeys = max ++ map systemKeys [ checkmate grail thunderskin VEGAS prophet ];`
			`"cluster/services/dns/acme-dns-db-credentials.age".publicKeys = max ++ map systemKeys [ checkmate VEGAS prophet ];`
cluster/services/forge: init 2023-07-21 01:26:26 +02:00			`"cluster/services/forge/credentials/forgejo-oidc-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"cluster/services/forge/credentials/forgejo-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
cluster/services/hercules-ci-multi-agent: init obsoletes modules/hercules-ci-agent Hercules CI orgs: - private-void - nixpak 2022-11-23 16:24:04 +01:00			`"cluster/services/hercules-ci-multi-agent/secrets/hci-cache-config.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];`
			`"cluster/services/hercules-ci-multi-agent/secrets/hci-cache-credentials-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];`
			`"cluster/services/hercules-ci-multi-agent/secrets/hci-cache-credentials-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
cluster/services/hercules-ci-multi-agent: configure HCI effects secrets for private-void 2023-03-23 19:43:44 +01:00			`"cluster/services/hercules-ci-multi-agent/secrets/hci-effects-secrets-private-void.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];`
cluster/services/hercules-ci-multi-agent: add hyprspace org 2024-05-24 22:51:57 +02:00			`"cluster/services/hercules-ci-multi-agent/secrets/hci-token-hyprspace-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"cluster/services/hercules-ci-multi-agent/secrets/hci-token-hyprspace-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];`
cluster/services/hercules-ci-multi-agent: add some more agents - nixpak: prophet - max: VEGAS, prophet 2022-11-23 17:05:40 +01:00			`"cluster/services/hercules-ci-multi-agent/secrets/hci-token-max-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
cluster/services/hercules-ci-multi-agent: fix secrets 2022-11-23 17:32:24 +01:00			`"cluster/services/hercules-ci-multi-agent/secrets/hci-token-max-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];`
cluster/services/hercules-ci-multi-agent: init obsoletes modules/hercules-ci-agent Hercules CI orgs: - private-void - nixpak 2022-11-23 16:24:04 +01:00			`"cluster/services/hercules-ci-multi-agent/secrets/hci-token-nixpak-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
cluster/services/hercules-ci-multi-agent: fix secrets 2022-11-23 17:32:24 +01:00			`"cluster/services/hercules-ci-multi-agent/secrets/hci-token-nixpak-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];`
cluster/services/hercules-ci-multi-agent: init obsoletes modules/hercules-ci-agent Hercules CI orgs: - private-void - nixpak 2022-11-23 16:24:04 +01:00			`"cluster/services/hercules-ci-multi-agent/secrets/hci-token-private-void-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
cluster/services/hercules-ci-multi-agent: add some more agents - nixpak: prophet - max: VEGAS, prophet 2022-11-23 17:05:40 +01:00			`"cluster/services/hercules-ci-multi-agent/secrets/hci-token-private-void-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];`
cluster/services/idm: enable unixd 2023-06-11 02:00:46 +02:00			`"cluster/services/idm/secrets/service-account-checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];`
cluster/services/idm: add grail to clients 2023-11-04 00:46:14 +01:00			`"cluster/services/idm/secrets/service-account-grail.age".publicKeys = max ++ map systemKeys [ grail ];`
cluster/services/idm: enable unixd 2023-06-11 02:00:46 +02:00			`"cluster/services/idm/secrets/service-account-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];`
			`"cluster/services/idm/secrets/service-account-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
cluster/services/idm: include soda 2023-06-11 17:05:35 +02:00			`"cluster/services/idm/secrets/service-account-soda.age".publicKeys = max ++ map systemKeys [ soda ];`
cluster/services/idm: enable unixd 2023-06-11 02:00:46 +02:00			`"cluster/services/idm/secrets/service-account-thunderskin.age".publicKeys = max ++ map systemKeys [ thunderskin ];`
cluster/services/ipfs: add ipfs-cluster 2022-10-20 00:08:12 +02:00			`"cluster/services/ipfs/cluster-secret.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];`
cluster/services/ipfs: expose pinning service API cluster endpoint 2022-10-22 02:29:56 +02:00			`"cluster/services/ipfs/cluster-pinsvc-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];`
cluster/services/irc: init 2022-09-18 22:13:06 +02:00			`"cluster/services/irc/irc-peer-key.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];`
cluster/services/monitoring: rekey secrets 2023-06-03 01:43:22 +02:00			`"cluster/services/monitoring/secrets/grafana-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];`
			`"cluster/services/monitoring/secrets/grafana-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];`
cluster/services/monitoring: prepare loki for s3 2023-11-07 20:29:45 +01:00			`"cluster/services/monitoring/secrets/loki-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
cluster/services/monitoring: move one blackbox agent from VEGAS to grail 2023-11-05 00:12:19 +01:00			`"cluster/services/monitoring/secrets/secret-monitoring/blackbox.age".publicKeys = max ++ map systemKeys [ checkmate grail prophet ];`
cluster/services/monitoring: move tempo to s3 2023-11-08 23:10:10 +01:00			`"cluster/services/monitoring/secrets/tempo-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
cluster/services/patroni: move one worker from prophet to grail 2023-12-01 00:20:28 +01:00			`"cluster/services/patroni/passwords/metrics.age".publicKeys = max ++ map systemKeys [ grail thunderskin VEGAS ];`
			`"cluster/services/patroni/passwords/replication.age".publicKeys = max ++ map systemKeys [ grail thunderskin VEGAS ];`
			`"cluster/services/patroni/passwords/rewind.age".publicKeys = max ++ map systemKeys [ grail thunderskin VEGAS ];`
			`"cluster/services/patroni/passwords/superuser.age".publicKeys = max ++ map systemKeys [ grail thunderskin VEGAS ];`
cluster/services/storage: init 2023-07-05 20:53:04 +02:00			`"cluster/services/storage/secrets/heresy-encryption-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
cluster/services/storage: move prophet storage to S3 2023-11-02 03:22:28 +01:00			`"cluster/services/storage/secrets/external-storage-auth-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];`
cluster/services/storage: add grail to garage cluster 2023-11-04 01:38:35 +01:00			`"cluster/services/storage/secrets/garage-rpc-secret.age".publicKeys = max ++ map systemKeys [ grail VEGAS prophet ];`
			`"cluster/services/storage/secrets/storage-box-credentials.age".publicKeys = max ++ map systemKeys [ grail VEGAS prophet ];`
cluster/services/wireguard: add checkmate to host mesh 2023-03-01 01:02:41 +01:00			`"cluster/services/wireguard/mesh-keys/checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];`
cluster/services/wireguard: add grail to mesh 2023-11-04 00:27:30 +01:00			`"cluster/services/wireguard/mesh-keys/grail.age".publicKeys = max ++ map systemKeys [ grail ];`
hosts/thunderskin: init 2023-03-20 19:52:07 +01:00			`"cluster/services/wireguard/mesh-keys/thunderskin.age".publicKeys = max ++ map systemKeys [ thunderskin ];`
cluster/services/wireguard: init 2022-08-03 22:53:45 +02:00			`"cluster/services/wireguard/mesh-keys/VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"cluster/services/wireguard/mesh-keys/prophet.age".publicKeys = max ++ map systemKeys [ prophet ];`
secrets: move secrets.nix to root 2022-08-03 22:23:24 +02:00			`"secrets/coturn-static-auth.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
VEGAS/mail: adjust ldap settings for idm-ldap 2023-10-25 19:30:49 +02:00			`"secrets/dovecot-ldap-token.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
VEGAS/gitlab: use Patroni database 2022-08-09 22:33:05 +02:00			`"secrets/gitlab-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
secrets: move secrets.nix to root 2022-08-03 22:23:24 +02:00			`"secrets/gitlab-initial-root-password.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/gitlab-openid-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/gitlab-runner-registration.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/gitlab-secret-db.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/gitlab-secret-jws.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/gitlab-secret-otp.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/gitlab-secret-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/hydra-bincache.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/hydra-builder-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/hydra-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/hydra-s3.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
hosts/checkmate: add hyprspace 2023-03-01 21:51:49 +01:00			`"secrets/hyprspace-key-checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];`
hosts/grail: enable hyprspace 2023-11-04 01:04:30 +01:00			`"secrets/hyprspace-key-grail.age".publicKeys = max ++ map systemKeys [ grail ];`
hosts/thunderskin: init 2023-03-20 19:52:07 +01:00			`"secrets/hyprspace-key-thunderskin.age".publicKeys = max ++ map systemKeys [ thunderskin ];`
secrets: move secrets.nix to root 2022-08-03 22:23:24 +02:00			`"secrets/hyprspace-key-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/hyprspace-key-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];`
			`"secrets/keycloak-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/matrix-appservice-discord-token.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/minio-root-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/nextcloud-adminpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/nextcloud-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/oauth2_proxy-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/postfix-ldap-mailboxes.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/searxng-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/synapse-db.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/synapse-keys.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/synapse-ldap.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/synapse-turn.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/wireguard-key-storm-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`}`