From b189d061cbf033108068d00504b1597c506843fc Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Mon, 8 Jan 2024 21:46:40 +0100
Subject: [PATCH] encrypt secrets with all machines' and admins' public keys
 closes #32

---
 nixos/secrets/atlas_host_ed25519.age     | Bin 663 -> 1161 bytes
 nixos/secrets/atlas_user_ed25519.age     | Bin 712 -> 1161 bytes
 nixos/secrets/borg_passphrase.age        |  19 ++++--
 nixos/secrets/database_passwords.env.age |  18 ++++--
 nixos/secrets/ec2_borg_server.pem.age    | Bin 599 -> 1149 bytes
 nixos/secrets/jefke_host_ed25519.age     | Bin 680 -> 1161 bytes
 nixos/secrets/jefke_user_ed25519.age     | Bin 715 -> 1161 bytes
 nixos/secrets/lewis_host_ed25519.age     | Bin 611 -> 1161 bytes
 nixos/secrets/lewis_user_ed25519.age     | Bin 611 -> 1161 bytes
 nixos/secrets/postgresql_server.key.age  | Bin 1932 -> 2466 bytes
 nixos/secrets/secrets.nix                |  79 +++++++++++------------
 11 files changed, 67 insertions(+), 49 deletions(-)
diff --git a/nixos/secrets/atlas_host_ed25519.age b/nixos/secrets/atlas_host_ed25519.age
index 36d8be2882b47a063fb3ca8d239c3b68f4f48a9a..e2681144550d155e721fae7f9f80890229ef08ca 100644
GIT binary patch
literal 1161
zcmZ9_`-{^C007{Lpfd>S+;DO-<9RYhcBbhgNqx6X-$|1+ucqFZy|zjEO4BBNx?^)F
zQ%`Uz2;11H2yzp=b2?GP8#-{4ZF+MK@j1D}`Plh5VS?@f`~ALu;7h65?yR1!whSv*
z)|Z#7DqKf^?lqukYTen4-Q_~upwNhMaTa7?9l;3_3R<Y0(b6qET_xgPGl^F+RmxGU
z#xO$ajp}K!qyjvOR1*<Rl=8L=<&hvWt0wanYH+nMTOx2I8%gAqj8za+cIp<1V4Twf
zN@dl?7NJJl)~-3*EUbqdFqW0*CW29ox)-g{Lc2y9oFO;?xvAh<G;0;~Vv#}%P16x1
z(Of`b2su!|6A6jQ7KuifE0*M`TdHC<7!MfKQ4Wiy(I`Um9=M@4^_m$C1ie`}6*7rr
zE}ddBSVgPTx*xzypU4wMBHU}|@^PVpVi-ojTreDr)d-KC2qw$PtfPg<KL6B>^e{rB
z0s5VyABqPmoIp{YRxRL(CK1hNnsnY$GI>{#4_3@3#!9?|196F$p}K|>P!V;Ty_{iG
zV$DJ_VEL&WnW)4_NN0U=-Yyk{saxHf%)3;OG8`(5#`77<D`NF%)rhnd!;u#vVVBog
z;#p0L`+OP^!CDO<BenemM#^bkNl<n+ToTO`Lz^WMtvYRTs42DKdfrHvOx&Ehv5bvT
zJz%S?rl4x2-h{#$9B1oB!*T|bLEKaEB~unIi?U#=+5$`fp#a3`w(&WVg8X(Ln#A~M
zFIA>(G@4_osSugt#Abu<6(wDW<3M+JH|Q~<?tsa|DcP&})AqJ27Y$}&id!tWB4wuH
zFgOn#M$lZ0#(^_eJ{{>0mBm0=ISEbvmiXeymRUDXzqn7`4MF>8F?9L-@Y9h?KW)E#
z`q{(+-rD%a#Q5w5%7JxP@8u-xb-8cp*(>hx$pg@m>ExmYCd^zjJQfLePF@_nc6|Hp
zM|-}0GAO#fH-Wc~-cfoUR{T3a+1S?eaNESp<aZ~|E&S`-{`s?y%<}o3N8jvUDUT%v
z2HP+(L)Gv0Cv5dQo7N8<L9Ua_hISP*i@S&m*KgnaHGlu)2)O&;$lR<xw*S%M2)WnZ
zeC^459XnUudg`0Qe)-7*jjlYNKGG53llnwYXNNL`zFl6Yo;uvOqj&D_n{T-14c#47
zmzU<~KhG0@)<*u-feY1B2Z8qoJ`T`k*Kz9E3UI}w_0H#iF1vLp`_ZAfhc}$v5B}IG
zuwxy<iw)D@i-*l$9`rBhTQ=_x?7XsM%fROTV;}U*zOnb+t)*$l2d{LUsE=#sUq0Ws
zy0q2d=)1Q5>hPh<=^lOc<8#W<o`qd|I?+x4xxZN%vi?D@jc&R(KCGK-CjTD&*RgY{
m_!SEOaOTLWm!<S)T-Pg)!s6Mr^9PTuo$)fZXy53EyZ#3rMY_}g

delta 637
zcmV-@0)qXC36}+sC4WjvH&Zl0ATM|`Y;kWkMm9%8ZF6a7bWb>NV{mLYW@}e(SaD85
zMpZCGa4=C?I8Jyt3T#VDFK}8)ST{I#HAQD-PfSNwM>bDzPb)W2a!g}GH$gW?Zb(pP
zH85&t3N1b$U~@-NP%US2Wnpt=3RzD#bWL+vd3aehRaR7aW`9RWQ8jNvM0RO6VPiR3
zO*A!WI0`K-Eg&l^IAmpNZ8k`HNoG_scV<s^Ycp#&HfD5UMoLyxV^>2nY-4sWL2*rL
zO$xaN+Y5VMm>Di(<+*hH8K^@~CjHgV%<Hs*>ej1aQmOiT8!e7}dONl$e)|0`JEVkk
zp|WUz-ahw8=YL0;TIWQ|roFcb2Id7d#R*fYe2}`ChJ66uqjz`{`(G@#aq}_sP%4k}
zS<I9YH%q>N8ltP_UB#M6(Qrl<kF0TRiIqP_K;istX4Pxfy+W=$`RHEXagPnF+9<v*
z%t34Uxz&&tQY~+5V!XWE{*Mt3u~oVo7Nov~Cxk{8?tik!9I|`8NMQQ+0?>=^dzzS<
z64Np|D0^iwLW-JCL^YAGqDOiTJawi?V2)We1smtuwLe<)hJPX(u+~2LAShfrUXfNK
zmD$`z+UO+9PEkdSj{lk<nav^g>{<dgY5ph+he8^0W3b+8BGFC5KS)D0=TcM|-7~A0
zdsBt4T6WfFC{swg_U5(=YEVXPcaKBu>(dB^O)U~n=D8>n%9-hHXfSvjXf@u7Em2hL
zARHo3r$RirNMys!Sj6I@l!fMi@vMjXRiVZOn;D@ReR@Bg?o5LqD03hTw&E^a-QlxH
XWOn_U2}_e2kTqYyko5ZS-KT%o8H5*0

diff --git a/nixos/secrets/atlas_user_ed25519.age b/nixos/secrets/atlas_user_ed25519.age
index 403104f9bc0171b1bf39c98e81f87b625882f0f9..cb4c5f7af61d2d01ffbc5763027b51563fb9f968 100644
GIT binary patch
literal 1161
zcmZY7`)?Bk0Kjn~Cb}*Lh)lv_pqR)EXSusxpBlxx_S$ZD*Y<kr<Hjq!$FA3VwY|O(
z!`lQAP+7zU!Xt|T6gMaSK;$807$L}n&G86xGl*GS!VE+)0}}ap{so`pn{QeYZKBQ>
zYPq6p=*x|Q1eRfo?QN@RW^AHhcRFFOHC_obG1@8;B<@38zI-X*^*hQbm1=EG=1eZ(
zMz}&zH*@uj<gz1?5LB@MW`NS|v@c2Nm4ssQQI=u~MiI{w9T}{~df|9PX;&R!x<t*?
z+S=TV1GSQBJW-Q7HBUy%&_TeZgxr{vg|pEVYNj-2T8ioh%jFr-hg(RO7K`UmwUl!N
z1%`v5IE(XjF`+O7P^`9*5=0ViPG+H)XQr0Uo0TYPWhs!A^U*X8L^%_1hjoET^BmV^
zIB~dDpkoBYrrb%IiK4W{Er1%swbf+3KpH{Noh(yYh1C><HwYQ6gJ8XoHT6`)(D<1e
ziALj<iWOGE?n06ba}bmF5Q;ZWFk%SPB`U^;!JL_fK;ENf-~h>ZEcwn*JHjgEke^Dl
z=6D#8lUnsD779zAPSaj8i+Vgnt8oG`XKH1vBkPo`pel=4dmycKFu`iTDcSWvN<`ES
zzejb#hAzirE<fQBm5}DJgmsC`#{`6mNF-Y|kcvoXPcLYfHP)NMoOn({S=r%s7|8!h
z(orZXp;jK|N~MTK!cx72i1kPaugDVOLNP2)0Cs;-uy??4DPIVphQ%}i&Zz?Fx*X<X
z668xmG$@$Cn%S1oOCet7;yKI@cls+;hs9>IS-mNs6{`h6jIFWJSc>9f1xAqt*nwa;
zryHDR1_MG6PemZg^5DZ)^T&P~d^C2=qD?-oetlzT_eU8EaD2RL;>Fq%0s6D$*@$C%
z|B{;*uKu|9W-akEzk6=W$F7T)cb?kw`EQf^;bHyn>Aj8LZnf>{UgIyQmxo7Qi3WkY
zT^q-I>sl5kcTDW2d%R!HUb((`^3cK8v5r$)SHF-QdgI{<aem?7w<05nIU5%*+<<)Y
zU4IWXNZnZgs-KNd3-gbkxIT96>^gSo2WOyA_=^Q!aieOlGL(JT@F;R`Zs%0r+NQvw
zEh`@18NK~iKU!pNDBJt`7HYqzr*0=WIkjPQ(Upe7jZIB=29_-Il_#%cS0<>NufgLR
zU*6fh51ShF?pSWc)m_5)zVw?Hlodek;H_=w$gbAdJKpB=tIof)3cs|>e`Z3ZyXx<A
z!<%QF+n=4EZ0~yF*akembfBeboj33#*u6>1)tXM?TPIfc-{0`ZMSShR=DnMcZ|3$k
z&gpsZUZMe=JkS^%&TT=7vzLyj59W<sKm9AcGPZtp066)Bz4=mk>~#3yq1E?C&rQ$z
rMLcXBS+nTsy(2dAxnrA;-tupM{0#klFM9XrKMm8z7kJ+N^Z@oBlVidA

delta 687
zcmV;g0#N;l3CIPIC4WjvH&Zl0AW&0bWJE_xW_CkYbTxK#NMl8DV>L`mQc!F$ICfK6
zSx99yM@(pJXjVo|3Nkb>OKCS_O;B=4MQ~<FFm`w_LT7PGNpN^!SWkC$MtDU{S#Uu#
zb2n>m3N1b$MPqC|T}Ulwa%Ew2WguK<bwWB^bRcRdbVpu$M}HtlbW&a`S|A~HCrfE-
za7YSpMQu%CT6ZyUId)`JG*C2Tb9QM&OG;5hM^{x&L32xFG(lr%Z9{cNHcV_%LTF+|
zH+KpxEiE8wT5VHgXf-!DXfIG?ZBs~eLuhMiQEhHVV`Mo^b}MIAX>KxBdQ^8zMRy8i
z1!98f_46XeSbwmrACoQ4V<JgKq+883(xG9lPaQYEozDyLC>oV4yF8{Jw3xU<pDs!9
zPliD~ibe2k>!g)Ys(?Kff{VD(yC)8P`YE5|O<HwmXv%qaaNUnYQnedlD#%F~2C0NL
zE&gtO37;iL+fhqwp^At^Kj%<=>T6d$x9K%l#gT$;1Aj7XB!{W#U8xM0&`<m>BTP2w
zt@PKj*Yj-j%ag__0&Xw|La81cvnvw=GxEW(1SsC^$)Y+zkuU+%_B0<gcRM-hedBqn
zP+Xyg<DZD(yVU}fjNXDgQXYS)hHh91c(RV4KsUM{%r!)<@&WHprhsX{o?6|NWr+JD
zs`3k4B!8fX>pschbQA43z2+@J`@)%qdQ+QbLNG{l8u6UpAHssoK#1U<07%-SyOU<n
zWMLs13GtLw+xctK5((R%%dRWZQB3*Z-M0trG#iHzT{nJFbWHTlbkRDTERi$IbUXzE
z4SJvHD0}h=gfY4-xG_qJr}Tnp_+E}WXz>hYYbczgP1W6CkDUQG32p5%g#XiRlx21f
VI6a8RRqY5(eBlozOzvoHh^*Q4BoqJu

diff --git a/nixos/secrets/borg_passphrase.age b/nixos/secrets/borg_passphrase.age
index ccfb7ca..62a547f 100644
--- a/nixos/secrets/borg_passphrase.age
+++ b/nixos/secrets/borg_passphrase.age
@@ -1,6 +1,15 @@
 age-encryption.org/v1
--> ssh-ed25519 aqswPA BWfWJ0Detm+1l0tYnjR9n5rIUBfdHb/wTnZnGoYx6SU
-gp5vcIXtJpF6KJ0cHJ6GRpHQvxi7ij//1LH0afFoRuo
---- exwOM8D5yMcDFp0uzRnbD6TWSgs12WmZo7sKlnHYOwY
-4Öš¾0
-e(+×}²½f%Àã^‘ kÀb×“{WèŒôVüPän­×“ù:…Å6ý£s
\ No newline at end of file
+-> ssh-ed25519 UwNSRQ Lr6HfHB1pQVAVESUkR1a1ie8o9cTtCa0LA4y20UvfRU
+8X+VZUfk2oRrM+A4pZC/6yyexo2Kr8MO7isiXPsnOJk
+-> ssh-ed25519 JJ7S4A fngT1OkV0pfig7UZ4vA8CWFDWc//xn2KWRsk1+EI0Ac
+9J+I87tFasCug4rVaXJKNKzxr450YtZUypSTmwf/r7g
+-> ssh-ed25519 aqswPA I/RtBp+6CgMOPs41nbd8CqBgpgch8ixRGbzacXSDKRE
+adBD/lskyXK/QU+v/OlQ1wQK7PkhALpdxgHUc1i+jcU
+-> ssh-ed25519 LAPUww JtDnT4+NqLMBc+LpQSh0eQnSyXzJOHHbaZFNQmxIdC0
+/DjWq9XUAH3xZvU1PlB7Q70LQ0x9SRMmaSYQ+DyQZEM
+-> ssh-ed25519 vBZj5g 4YBFh5e32ZHr8byvd4vbZ9zljHO4FTrJGhsZiH//KVw
+iA+foYHtgt2PjBG9yfBWNLeygiIbW3MsbUQdVWgyrno
+-> ssh-ed25519 QP0PgA urlidySF5ZG9ILjdPuJPX6V/aDIAYzwBVd+XopDF5UA
+NL/RxiKPRn+uZW37jJKLOHCaktuvzm0SIwcMmBgF5CY
+--- aeaUWpBxSTjrcDDQa6Zk2dcdvhsdqs22JlvkduILpqE
+âå™§òQú²à¡)Š„Åçä¿7bt¡­­íu+Õ=¼¯M£ÁlìMúzsÕÚ8ð…	aÿ
\ No newline at end of file
diff --git a/nixos/secrets/database_passwords.env.age b/nixos/secrets/database_passwords.env.age
index 29f885b..0deb2ed 100644
--- a/nixos/secrets/database_passwords.env.age
+++ b/nixos/secrets/database_passwords.env.age
@@ -1,5 +1,15 @@
 age-encryption.org/v1
--> ssh-ed25519 aqswPA nsjKPakYuFVxfbJkPKnhqPytMz07KIT32xgJpiuaRD0
-fv+HZdDb1Evy0LIA5sFMFx+KUbAF7jJojrQXMSSmNAo
---- zJOYXheC2OupvfQNtDfcUCkVMg3TqJQEFjTfAwyi/Pw
-‚¼¬Î°‡¨×¶†¡£‰¹maåJ^¤ˆ•€UZÂ>¬f±ââ÷@¨•¤‰÷òmÎG¨`ðrOY2‰#‡ÜŽ¼oÎ™þ‡=	åSƒî_.ô¼MÅa3›HŸ–ŸLÉÈüçcB·t§ÜËZ× Žç5 c•ä0Á=ŽLK¢¥‹ +!cut«Rƒà¥U2îŸ6½ßª½)ƒ¯fPÚ³AU«‘¤
\ No newline at end of file
+-> ssh-ed25519 UwNSRQ 4tVNE9qMbAvdgvUV/lllntSWjschSe3gY8nknp1DgQk
+8nQh/bM1tkSyPd0j5Tn9DeUT6V4p8Fdk3GiGZUwoBwk
+-> ssh-ed25519 JJ7S4A QHRi+zGVWfa6+l/gpUC1SyCSrDjMRk89MAYUVmdINWQ
+RstWCyCv2sSQCqgcFT6Djza7gkztlFf3af1EvNQTg6k
+-> ssh-ed25519 aqswPA BSwMu/VwsKqpHaqWbP7TNVE3kNWeGV1xdj2AhIhJOQE
+1QwREnDoFi5UTd20dAbJEVeA9lp3R6746PTAyF5KRqQ
+-> ssh-ed25519 LAPUww zFWdRmb38deepDWtFIlQYFA205jKrM6T4iU6nURnBU4
+gxA0pT9DKQMXMSJjQ+fFp7K6rhwHx90pXwFcBuc1ptI
+-> ssh-ed25519 vBZj5g uYJyvL//qPFg1QXgvacb+0Z0+4NMTXCg5dddlVDJJDQ
+2DqHQ6FIw8oCXbkZPl5fLmUVmXzBMLe9wFJsPSEDoZQ
+-> ssh-ed25519 QP0PgA +CHjn/rPhNrsXSVMFgoyhSdhn8k6BWS58XSDwjipi0U
+DGVkPVEMzPZDRPygjIxX4VWv9wbknmrMXFMAXnWVI1Q
+--- GZXaTJpDKi0WIHeOzamI/MygV50iPVV94UFyqPMd1GA
+%ƒXQcZŠXZâ÷´¥¦ƒÇÿö\â–iÏ#_¤Û{L¥fŠ×åOc¡EsæõÂ"ãG:ÂM	D}£{\.äÛÙ†øÐû	Ôý~Û6†,|C•v0ºŠ*Rr74ñ{Š–ußásÝZ=s}YH:æÀZ¤Þ…&(­vR„ËMkqãàÈî_PEKàMÆ"?kÌ\¨­¶Ö—³êZ’¬P
\ No newline at end of file
diff --git a/nixos/secrets/ec2_borg_server.pem.age b/nixos/secrets/ec2_borg_server.pem.age
index 05f15bcc22ab9804aaafc4e4ec8e2a8a463c6d14..9aa5f824dbfefe5771cc76f8e4b48ae07f6b8cc7 100644
GIT binary patch
literal 1149
zcmZY5`)?Bk0Kjn{7+EDMIza@p4si-ixn8$E4kqj#Tia{z)w^r&8V&S$?X~M&ukH0A
zs5l3U%48~J8x9hP1|h<P7y}GqRD=+Nf{=i)P2JE4PEi7~C{ur)f59i;Z&-?(<JqWI
zQ41+0yHwF6KnD%x6~=r%X^zLNHX8^T`4Y+c86z)vO%;{^?Jk?g)-EQ{LdX@&rb$oC
z2REiT7L6z=(1%M<P%)rE*5isH1yO_&mVzD@K}ajh{){MQWoIM9F{ZfBjR+E0EKS#N
z+`%@%MlTuxC`fi<NjDVc#a7e_MchG?mGb(80E#mHEE|_R3L>CsL#kC)!m>{al4>U3
zo{aECe+2MxDZJ{WX$R7dLk=#BMU=3cnXZL%`4SBqJz|iKu)Ziks5lW2?QK5QBiJn-
zQ#GR%^H~hc<r}jVjwfN*&|ZZdib}*`4-#r~Rbe{^FqqaD7R!`OVp=XwC7iGmP%<<>
zUGu>-Un&{HP=Z3*iWtYkc9hA5aEE5gC)4E&Z>KP)LZnfp!jo-sjI|hWkt>1)Z&Qpz
zW1)l(rR`!?;7q6s%%#y{F0N{nS}hBl9*9oYbR;C(Bx96RL6OReNTixTEIOm7+^9e4
z$g_kq1JSUb(D|g0(Q}AjGK9%wYg9-G9@0ivLP5f53ua6lBb)Saj4gmgOh&1ygmRGl
zzcz-p&=PFKf&b=_nR1M6j{^k_q6%^$kp}=<gz!s>fa3|ks#?q52rC(wgv|tbQOpxm
z^=N@k1uP~f>6UXgN6Ai5VOii97OtZ1G@Le=&1R!s#xxv>d2)^bkaHLE6|gB12yq(Y
z^TqRupK>Sd8iIfUl4&*Ebx*(UzOZ{}@=DJjvgpTSr`M16pM5HO`|*z6+R~n$v1Kn#
z9;2t?GvjMkecDu0cWvJZY!SA1ck>?~d_0~U^C)k<D$QQG?3XVFUq2Jv@X_bY=@ArM
zw(C&Ct+j(d^quyBxo?j2Qla-_UEeII={_-UzWSbh)}ghB??qo)l0I<Z>)8iJh~5lv
z=iB>gW^6om=HdElJL`HZOVZf7rCN2%1NANT;p>0BEN%vG^|Ty}=>CaEhE6V=I9?i^
z`uWO$J~A=Z|H%`3Huhco=iNgqtgqbeKHD+8aAJNZK5y{X+mrEb-u~>>rso|4(9;)Z
z-BcPn&5xzdp9}0AUhKWGy<@1e`_bR_AKCP0$EF39x>Fr9yH2%QDYB$l1#AI)-^l*a
z!w=0~KWDP`HE{c-t(S<C+g*usKP}$UcY4c{Gd3Ui^5mtKXKsGgT)TYh_>F<zO*NO*
z=(iW{7~QvPRjiMnnnNc0wyhgKN@QQSdq)HP#&^#dcdi~nyDqP}y65_X2dBsn>uU#A
pmcvKSFE6b6Ue&6$QJ1)58`dlz={@y#D>?7}A56#RHhi|a=3nogynX-x

delta 573
zcmV-D0>b_M2-gIVC4XUYb9YcdAZ21NMM7a(S4DDgM^R%%YfEHOYEegLRCQNKXhnBs
zF=Tj4LS{!ra8*@V3UX6wcq>OTRd!lvPH;I)P)$rZV{0~8HdI4KQ889%L{m>`H+pt3
zV@PFH3N0-yAS*FAHexd|YH>$TYk7KdICN%BX>&zqG(kv3H-B+uV>M+oFHkXJS7}*y
zcM3mzlz_3>%v-iPSal@LazVN~bXfwE>pL!@Z~;aC1a}=BFW%Qa!fc^UVPd1MqREc@
zf=6IwJ=E2Br%Eh!Mhq`5t2WMHIlb)A-;^Me2v*KwDUGyLB~v1pU){;4{~OZMCmWpH
zhH92obGhRwu78`~sG8=z#K2{Mu_)-x?CMUYy$6Srt{9|)2qDN`fLbp$sC}v}{<ku>
zO+snv_Eh!H`!RiqIy<)sqvI_fR%fdQdo8t$*D0Wvc@*%P6Mg<0a$I$zC8%+W@NdBy
zBlUp$ow!MnA)vS!!U6(d&>z;l8ZIeqe<5N3EX&k}SARpCrR9cLB9v`uyh3F>_;){h
zV8<c~uxEkB<_z2v{T|~2hhYgr4q}GD3;(cwV&gd*Tw7`TW*bEZhrRXo)J}-A>GChD
z6lD@hCRZYTy<ug^+a3sf>ZRrQ`6A)OPRnPURRA{IU!@9|SIP-KGN8y;Q9vk1Mdtsc
z$7B(#EH<EB8rV^3NG^blPbVY-3+i~lP&}<RB!>x+9}Ic=Y&><XOXaH|Z*`>1pw<nh
LR^P?(?Y!)@GR*xX

diff --git a/nixos/secrets/jefke_host_ed25519.age b/nixos/secrets/jefke_host_ed25519.age
index f4fbc01386d0090b9f89e7a07b6d3a6c6dc7b1e3..562718dd9bece88d853f46b68daba95956e7293b 100644
GIT binary patch
literal 1161
zcmZ9_`)?Bk003aXL9}E-G!O?&D<YAMdR<E&m%v=F@7MKu*Y?_i%(nOFwb#3Auh;8c
zmhceA%S;6ViIYtu17Fz#HeW<BnvI8GkRanB$P$c7M!<xPux!)c_x%H3iY9d=mnkVi
znc=xt`4SCO8a28mtte)7Bw;X_8bNJThA}j(O<<xW9usVtQqrh!WP`&PlLJsm&ycFq
zK@${=rdT`|f;@R%qtHP$ZL^zVX%8hJkm8}pR3T#VWC15dhZLuf&-0wsK%hc!_U7|h
zuyr;q8LpZd3y2>;9cb7PG#5=Fg0V#4ctD7AVI!B0CP^HPqfS}Y@Fl*IFFA0=8Hk4?
zeq<fVxd9H-ryQs|WR-$?OUMtT@U)TQXK$&ZC?htlEml!X7B8E^AvP4HV6!XC0)AWt
zeH@f8lMdEzP{C9=g|kkLFJTHLK|d$QWQ=D-s*-gEV}xjiG7+y>;0+WVDX?&qPy_Vr
zEnq{UvaGd>RGi@|QjsOi1}9DMSUQuC8hMyi38yKIKpDJIgjsJkn$YCfD6a>6xguGT
z5QAb-U6@(K)l4>?;6YHz<eYiVL%<LyC1!6GD48?S+G^P%xf)}z8Ff`SYuE$u0R#*}
zLDfJwl!8!-u_9BYJtoE()s$5wV~rVk%mjc%NDiBGh!GK_Of~BE5`rKTijpEysMW@0
zW^Z9ckI*))I}%#wH&R*AQYaD<3}OOi#%)nPVT*c82@ru%PcR%49Z4v!i6z~M00^X2
z$qGvicoD$ZJY+@-W!OuT{s8Gx<uqfi=6oKnMyJzh3vqkK#ae7t*lVU}UKME{K=YwM
zL&8U?c>~HoR9;d`?lKV6RQU&Wm(T4vroaAfc7FS!TML^v+-oadJhjX7{?enjvv-U2
z52r>N+Ru)ZA3wis<pTTB&P&hs-H6<I>+aX~u5OImHa?L4xcB92Upo6f7cMVf`vyDH
zw<+JZoMZbtx|fCy;~OTMh7WH2G1NZQp+9}(ujImwE1uN1JmTglSA~&3XSSamz1UuV
zU9;1D{QTpIt+$W$Tsyf}=uV@yUw5yWuCZU*e!lbmP5Hw`8`sNiU-gdM@tjUR{mv89
zN3PBt^shQut-E!=zHI$Rj})n^@@8$z?<*gUgCg@=&eitWduLAlabjwJ&$fo|jQXAW
zXXX_*Ej&0ix@yk+`>kCALq89$E@Auig;k5@j%gP(RTmd?NdlPY*!jcQnW%AkdCTq<
zwbt4z_M0OEyXsrieXSGE4eJlB<_^_0$4CGEhnw@_C*Q-H$6hit_jkW=<HQ}7v7`Hn
z-}JQaArhS{&vAjpYrmM_+#kS`M?3#pd~eIAKe>D}Io;so=&~j230?aIDE;q_%lMKV
zhktpU9)4v=nLbd{U)jvG^^f0t>cMNr_t#AKwxW5@_=RtW4!&)gnR{i;mgfHfupi28

delta 648
zcmV;30(bq138)2-EPqXLb7@RTFG+eaL`6_+O+`gFZgppDRzfR9a5*tYP+>4MGD~A*
zOm{X{GzxM^F*QqMZ(~7EOKmtgSuaIza&#|AFL6O-axiykR82xmY;k#HQBz|xO$seO
zAT~-{EoX9NVRL05K71fqE+A_~FD+&YWi=~hP)uV&Ffn*9Gk-BFbX09JN<=YDV`W-S
zQ%G-ASVBZ~WGit<c2q$MEiEk|LwILrHc&HEZDC|bLvvzePck%1aYSu4L{>>vYj;#?
zX=rR>XKip-Zf0`|j^BhZgZ@#23?|4JblDZ*g{Ca26S>z1>fBbfq*=4B6wa{zrSdU1
z3n3!qR(x?|V1GI72*KCmF?GF(mG-FVkg&QIX>mfTt|{?V0OGNbA*S!Cv~K*(n{<ur
zRqggHbQ3(Mt(ytWjNXNHr8_rlbu++Tm@=_QOIUast907i&VB!uetjx8=Gas`+@dE@
z))QB3fO?_gP7i!({EL40R0!vf33oneUW0O&jP@@G7=MAKTT&zmPpoe9;PnP*V<2nC
zK~_vFIW5IKS6;Uk-#T=vsNs{cI(qe&H=%nH>WVodEtnwG%Wx-|nt9P}7WExd`zH4`
z_Fpy?g@-OEmvKV$Myl-as~l8jz()-f3ceu~Y)pJFNT3WM=FEVc%h$HoB^(S!1-Eu7
zBaUAY*MEPX7j~9*(Ilyoy!@vGj6}SdMIzm7;WO5w6YqOxGatb^T?x8(%+7E}tYzbE
z7H`|)c`XOjKsBdjs)kfAar9L4oz0Gy)a*^-ty|hFcwMqirI~mHvtNQuQRnV~1<J_y
iv?}OiK&53}yq_}G5Q0Y;7NTd14rj2bb<Z^HGXcTibr;A0

diff --git a/nixos/secrets/jefke_user_ed25519.age b/nixos/secrets/jefke_user_ed25519.age
index 50588c77dcae630c7fc1c89f413c302d3c6b1cbb..177a74ade228ea69f58c141cb581150dda516bd2 100644
GIT binary patch
literal 1161
zcmZY2>u(bU003}7gRv4~G-KJq*g=fAUAFexyK5_k(Ccg0$MxE+?OHXi*K6;tz4qF>
z-lNUj*nB`h2p|z7iA)$zhjA>^gzy0d=!9sZL=d(aBN53K$ee?WJ$!tgzklGDU{Xz~
zd{QhIN}P~y7DPs`K)R+afF!X^DcXo2kQE54L~AGr2tqq#4VYn$FT%X$q&;}B9g~e*
z)?I<@Y)q|yegV_x%XA3WrH!RbvaJM40S07bj73qz30hz(t9Q~)KA5raNID=V6*<Q&
z-#i|3D{KQKIFT`zDL)b{1;~=ZQX*=tph3NrjZ_k)lmb$gG@WswTG_92NahTV_;9lc
zM7gA#N*Bnu0>MeUfLYwKAr?}L9xPY(AvSgSmMBUpX#>KHp^}ufsAiE`LDma9bN>Hw
z7!QC77pf?P+7e5I9K6AcIdw%@h?`M!+ANBiJ)hDlnPkqYT1_?qOqEGF>Y{TzQxQ>t
z@-N?fHZrWLK!WsoJrRzfD3FLLglKgL2BB;dV=%3!;T9Oow?kTsFF-|9of*SYf;s9)
zwUpX4xu~cl6wSwTS*NRw(9#5x^;+!-J<Jvm!}3kR;u(YiNSveXHZ(>?EPkpadksMq
zRG=_bHn#c9C{!@SQejaa&e=6pr+{`B-$t=|!DJKNw3_FH2<Gu~nCSIo(<~@PifTwg
zN+AEgEl3(j#s*~DeYlN4cn9uIBm<G8WTe~)W6;mSSy*VPWUOg2=#L{joeS&IimhDK
zyNkh`sQ1J*5W;;WkYbAxE74*Ba`GgVjfVXSN+fknO-%shgJ3;eK{Y~AC?f5JF^HAY
zCc%^}<a`(yptUl?7()?@+poLSt&q>}o4nV$;h*2v|M2&hm+(3DiN~uhT&<t)9qb)y
zJ^o&|wUOU0{1N;fk?Xg9xMk#plc90$<+(k>b!hdKUysGsJwsEcN4gqF<k;fjZHE$f
zvUR2}?$>i4$9KQmRgYhLde4kt%G9w7<9N+yj~+G>si%r-KdtQ>Xjp4qJU_ZK%<bK2
z6}21KxuN@G8>Uv?%Gn&#N3&E7)PLvlnyVudo3_b4_r6X~L>rq|E>!zYb>2N|?%02Q
z-|UgwTY(h=uaFIghQ7ME%QWs7y11(9O??~JQ}&X&#A(N?9<ltS@5YJhf=LNfc?-3V
zhu`l$(@D(icw-Pa@X^sxnHud|>d$4KZTLlPMBlpBwfXpJSM2RSx7R&rsDcj&%E8ud
z*N#VvJwG1VwDjFrXXp5&W&Y=dhqbp>_sfCb+MOMR_UU2dH4+UOfL`F8fm2KF`ReCN
z;buG#?B9I;uWv6*p6NTmk2N^Pos+YJp0ic8cQaR@+jGXt5&U|6&91{GX5y1?h!=aO
sci)UwmU{LcT(R+|*^TF3|6nHSf3SY)CD+ut&povZYeFZbj^>;H0uK|vzW@LL

delta 683
zcmV;c0#yBp3CjhLEPqljP+CYuctvnjR6$o_XlOWcOL<9YW=dH~GjcCSWp7wBV>xC~
zX*4u>a|$?dQFApjcuY1jGf_oJPex5>bU8szNHR@&SW7flc63^FG;Bp~L}D>kK?*HC
zAV^q!Zy_jWDJ^GmWnpt=AS57WJv?4{3R+}XZ7VfqIZbbNReyI!IZ9AfMowZ*Hgi)o
zXlrhGb9pc|H*iu=Q%X^7H8(LxLStt*RCZBIb45vGGBG%7Vo?fJM0QqEY+`z8bz=%G
zEiE87N<(5dMrk;AY;I6YS5#wFXmV<6P)ux9Gk7vcMP^1eFIhKuFG?{;D=-S*%@Yz>
z7EJ6fv}MfCxqo{Xb9D{*eoh=VE`T6QcJaEE{Wls3JR!0>nJ3-<z_;CxQe7&w)4G+i
z$OoHATU&E{ZV(N!<88QymcgL;S40<@vAmdyzzDnR3#y4E=RmzZ?&?vDXjOh6+Z#r4
zKIPMUt9k?8a!xyVb%z=@F3@;<GrTli`#AnP+cTZhg@5ON$;O2%4KJYj>kS}v8kY^e
z8Cm7A%}7*!F92@JaGy#LLc~{vR?+*|-ghtjQYcl)@S13M<>d>StFLqQVa`Ka;Y)Pr
zE74nm^2aADl>PdV&b2WCKg^siPtJzaZ7x%=`25dGn?dn6A7wX!l*2(>($0oz^#vN^
zvIMkeX@BW?4sE4rX;Eckc^#wrST1l3t|^$qK9<Z(%UmS-LtG`~AS(^&bB)|8Vtt^r
z{(1pm+=j?F2Ll8>1`IZ|lm~(eiUS@c_JL<>xH2jI38>E=A|}H>$OBTrtAk;Cnz26Y
zU0W;)I|m^OIXuD@D3e7^^C~T3{PfP#O)R^ll_XwTeY(GrIyP9H1@7=jRyF1ka|#QQ
RDtjcg%OmdXH#rL`AM#P-8)5(e

diff --git a/nixos/secrets/lewis_host_ed25519.age b/nixos/secrets/lewis_host_ed25519.age
index 78333f6853e4441cca297db9d0069f4bb0c6aa9a..437d298727e36e192e7a53472eae1c2b97eff442 100644
GIT binary patch
literal 1161
zcmZ9{>u(bU003|wfTTR!RDudhg@gdJ^mUIO<JG&hy}Q2duI~yX*SqUod+W8`wY|2=
z<b#gK2NoEKngKrIV>%Nsuo+lzQ8p1Kh-Qv4A|jGa=N4swKxQQJd4It#KUNeBg2FXd
za)ne@S)XkdjU}_ruvxFFl0o1tAZSMPA<Y+HXnn*}71LI`5%iQQlEM{XhYhjtehjGq
zbS5rjq-Zsth)_O_mUUr{CtPkRq2)9aTvS*iXXk<n>~V$Rpc+&BCKK%O<xva`I%aDm
z2?qeX-XAx*_%dS=2`|J`lEy`R1%Q+b{)S?u&ZJta37HkOCdpOx>X0m2!lF{bO9sTa
zHGr9YS+tt17_CqQ6N*w!$cSMzN%1@pnys;URio_sro2ZDq#{+D1!=I9XjA}84lY_u
z(onuk6%@&3p`qpw;)XD<E?r82cD$Ogqb5@@tDyh^p?D_b&cq#9B1jVe6wHB8DCEY}
z*_y{rg*5Hqjm#+|Ym@<xI}BS*)+%XaMZlY7V^xKt(|KD=B7LyQDH6I8Z*hhR6b!n|
zK^3M2Mj@lL!{ZY(SyKjPwK@>bU~Vka1e<1SB{ZG}MZG;nIlUZb7c`il3X)X9plDjn
zWBy`5a5@-Egwc!|%m$nlSyx7Z9K|*(erJ;A*^)_C{PBo4i2`J$=mvv86D8+}1jk@m
zdbUPWCQ7vHlPPzzXe;9?Zm)}&K^iGI0ut@w8{}dxhy+|93E)g3ZRK6GE|nC#MlMRI
znA3r441`CGU=AkGCeDw084yd8F0<L<bgRfi&0x@DuwQGchO#^ZsXXa&A|)$Thk}CH
z5<wjeawJ>`a|-T?xp`W5@Aeywx#z|%K7L}o<IbIdoy(`^LA_JwmJQzfw1ZvvA%LHd
zCy#D4q*@oQ+4=#|*1_tQkKSq>oIWu9%Ib6ex8*+u#tn}Cyt{7(6z)FzW!r=K9Y^#d
zCl~Lk-8j*{?S98m^_d&TSL{9&fAt0OQdix|*9_~nPQck^cUpjuv<T^b>)@Qzh3det
z^}92>r=LPbYCqY_jIUkr@wO%YpSQ0$c5Bg@>-(-5+P?|apFMQk^84cNt?J4DkPUx&
z8<Cd-pV2RlURnOqFGG3>x4l<h9qM`XulW+mt;0WBn!Qqc4Y;uN^p?Aa;;GB;^z^LR
zC9Xmpt1gdWtFCKb|G0m%vSaw)g<XeEU5M?;fA!OF+xBQMw~3lE&y!=or6KveZNuwi
z4SfFFv7vhJule2?@=cHBYWp}JIZ>V}w>&`{Xe0xV#T9p^bMACzXU%W_%xr>c2HWr6
zyghvQ=_76ZEeFkXs`JJmdvnhIc|DU)29EXqz2V}@AFdLE{c{@*DCG6yOIoZG-S3{B
vd=NRjLhfGiMR2XHkEtDbWJj&=ITP+W+xI-Vbnp8}=a$j>)&-sS_tpFlSme2U

delta 585
zcmV-P0=E5$3F8EiC4XUYb9YcdAWdU2L3LqAQFLQ)WJN|<OEXt`XIOYrRCQ2QFM45G
zYjtB<WHWGQR!L`73RQYyZf`a+Pc<`PYcV)sD=<=bGD1p8Hg<70NlZ8|IXPuFGf8Sj
zSwc={3N0-yAZ}JfWi)MOQ8{99Ic;oWYH~qjRd7XkGca0ISARx0H#tv9Y+_StPDCqf
zZwgA{^#|@Q5^r{|749KO9K;9IYnXrxmj7b>4v936eU+=XeuJ>R145nX0q}C(Z=ZeW
z>WLlXRU{1Cv8{|D+LU6K@B#<UFqk<@F~$%U_+(%7uCy84NOC_CSd-i;)s`^2bS3>A
zi(b1>pcErr_J2E%vl(Y+J9x`8`Ed5wgvR1Xd02v$W_7h-DdryhkfcBYnxLJfCfXl(
zjpqsE$2EY|CN#W1!0CS}(4=em6EymVAG(&b+04!NE=@?@#cbZoL@d!IycDV$%b<`a
zll{gX*A6TGFIXmx2R@`&zz0^p4SOAlppWpYfZ{S8&wn*(av>-Tlwd2GR`Sgo{0!O>
z2=X2*ytbbFD%s>h>Z#FG5CLg|t~pKCx^q(GBknubc1sv^W3hvX+t0I8kn@ylijcjG
z%O%P4XP5Ihn-;;uRCaS}G(4M6o2BXl5DtU_F%)4h4qbL0F$JFS%x>DEDW!SrQr{FZ
zwB60;;6mDGejy%dG`$dJQBP3-p^RLW7)OTr5@Cm0HXAcmla1KU3cuYq@~m77=5ip>
XRik+d)}!#LZ#+7R=Vga;r+%<LW$pyX

diff --git a/nixos/secrets/lewis_user_ed25519.age b/nixos/secrets/lewis_user_ed25519.age
index 663945374f6ad71ccb6bdb96673ee04cfe887165..1af0f9caee1efd943cdb0f88d0ec74245422dc9c 100644
GIT binary patch
literal 1161
zcmZY6`)?Bk0Kjn&6f7|2G(KXK24j?za=o_K_Si%2)?TmI>-BnV*R^D2yY_m$w!3zB
z*WR@QfrJPI;-Z@mHiIbR9UmApk>P_^!X5;H3`hVmCR0JD3mP$OWBT*_2fm*lzHK~b
z<ivzjE+|4?T$Pu2paklS4SHEl8@Z$zf<RawR;eHp(2FiFmV{h}#w4zg66RK8UY5wG
zl0`8K=Obc74mD|_KsJ$@tRwuOO)`5!Z8TPjN-W%_0!Wrn30!E35or%BwTHM2?zD@H
zW41;R_MjEfOEyJvGXch|rrZV5+n56BSR$5`LM}uI!yUXw!qa6i<i$)5U4bxDHd#=b
z4I&)XRIVLVODyPdBaq#Ji7G`pinK<O!BW^aTWjl(RT|N&W;x7Q$wUOu1TJr3DA*6D
zyb7P~ptWYV(<6dmwoD@!={D(by38Z83(PpMatFgJ(f_h&Iajejr6#x;%9cyHf(BF)
z2}5?aMj~`rRrTqV1Sx_nSv@{fp@J-iIVw~ZwHp))v{Ck86waU;kko<*qJs+(L2wkB
zLOq-Tb9ikm0{}?H$J<LNkOY%H7BaN)q7!UP%+^Y1ECca+w-w}q%~{Uvu@(J>1mpLq
zf<wzX91>kD@;TN+LIuT=_h*~Kx}b-##PC!&n2J!*kjCN|!kPmtiwDG<4NsWcD^^$(
zqG?a&f8PSMiRKYK*I41A5?*k7Rcka#DX~}{G*uF8$W%fKW>C{8f-rHEY!<@00`BzN
znWCxew~}}`q)1L1o02&fnLq&+_OeKaIp@ndN)a`xGa8Nh0!c7V91Eo)teSKQm7r8e
zhGK${$skzRC)iPeA`$`FP5WHBzOL4Vk%{W@(I;v$%QC^{Gne+AXnS(Up#jTlXBBwx
zv91H5-nS?3*Bwa%*IxW$?YHio+%wRME7$H7zIiD=b+Bi0WdG>>p84~Bomir7y7T4q
zM91#V_|WCv{oQ@bQ(JGTe~rBH)ro~$2kQrx9YmOiU0w6uwS4qhZSm`V!2S2y8uaY3
zs;!sL#s9F@>sx0QEm^skzdM%8yP^+m82_|t<kI%Q$hyN-PrY(;@%e2hQ#XuSI|ET4
zw7!1@EgpVnX)a@*(=xj7$d7k?HyS>tq3V6Mss(@Upz2#jpF{5wn}@0{Zu0`aFZg8=
zzqxC0dgtnw&pFQ!dmmZ9eO=2DP0h>yyncFvb^ZA*ub%wyhwt~^yEx~kzU5e4SVSFL
zHGQEr);X2Q&pCRpUyiQmpL@KC-!s<zLb*uff1Vk->OC>sxO&fcX<~Te*r~)-b@Ht@
z=UN8#0?yxd6>Ew;W$eJ_kv&uD{E>mnwejxnHe++wFm==L#PFe&7X}~X)@U^|&@D3F
z&)x2Pe0e{#;kMMf<y76%&z^61kJzZDuXjB-Ry$GVH=SN`{Lzn<qf4(p|A}pP^}n@(
B!+-z)

delta 585
zcmV-P0=E5$3F8EiC4XUYb9YcdAZ0^gZ*5L5PeW5>bT>+LWk)qfMKO3ma&T!YdQ4<i
zYD6?KHAqrZVKHb$3T$UWZ8KU!Q+iQsQ%`tIbWBn<PFFKCR8eDBXKht5Zb?mgT3B#l
zRAh5e3N0-yAbL1rF=A{_c}O!(Wi~QGG+9qDRbzK&M{jahSbs=#XLWisH8XEWSye?=
zFbePrBApK3UCZ7P^K0q#QkA<EaTn2-D~$1iW-5#?)&>G23EZMA2f<Y=HPq0E#j8;{
z%}c|^K8ZZCB`;8amOv%sBRep>D^z6_4X29nKl7Bdx*#IG&Qr?p3Mpb)T88?}eJy|M
z+?h93-X*R&2Y=h^ylDzD-}*c42UOWHs{5qB9Eoa$xSUS&>;1ILBXd~;8MxB&)RBn1
zWa?7ps<{5Ee~NvES3i-)*r3Q-uQ2o~@8kkiuThj_a>fD4s-qm+bprXO)m__<3nceN
zBLulU=V(Fjv#bqk^t0oXD;HWKp@nnFkzb#sH6<tw%YUj@fH6nLfMn9J2hMl+Ay*l>
zaMH-XN-_)iUoHxGB?8hLpGWVjFYUW0#}rT&WUS>^rb#@T+fxO?mjmuEptIG_y~BI!
z5M#EM^4>G^o0Ajo;@k-ZyqGmFMK)k46X>FbC<z+p@W*j*N-X!F+{r&ChWEXZE;#7d
zZK9s~X+r1IL4u}xEnuQOr$^6$Gw-H^N_z5jx?vM1)oUxlm6?+na@UzsN=O33@K5aG
Xl=81(y*a1<W)mHi)68lZ{Nz*(fF=yi

diff --git a/nixos/secrets/postgresql_server.key.age b/nixos/secrets/postgresql_server.key.age
index 21954cc8c359232bf97808188db55e05c829262f..afc481073844525cb15801e6374064173e3565d1 100644
GIT binary patch
literal 2466
zcmZY4`9Bj30|0Q>Q<~x-il|rVDOqD|Z0pdodv@4ir-zuC4LfYJ6D6sX<cY@_lB>f}
zk_Yv8L^&c9Ii9D(Q*TeAg9uT0fA9SZzMn5&Bm@a%0;N7CHc~Egmn%gc8czVo*IA_!
zgM{H;-rk-FXO`AKfI)YLtD*%YgG!`S!n88INR0r)v|uDAoQ#e}WAwsElv>Y>0b(f-
zyb2)q^WgGCC<8_>5Q^voqJd6S=^+|V5l$uK6LmNQjKm=;V|gfj^!FN(2n&EBooQe$
z6{3j3(wQ+4XfDgo07v-4W8pB4lBv~k*r-4vn~c}_uu*g^0LkS^`9v{Q3HOKrs=#m+
zK1RfgX32>jL?IO?RE2S(eK;CF5}qgcUgIlNS{l+>;prXAkEEj_{9#Hslfe*b5qL=e
zgp5E^xL}qrDv%@LNDL|p4<Z6^RSK3tF69NH;9`cCzfb|iVF@B7#Ycrx@&)`bECWk~
zaPVw?B=&oajHI!&T4yqsFVw~wP@+HtTA>94>2Qn?CWb1#y|qxRh85#UB4T0KC=o};
z0{DcpB|hP?0y55D%9cQ32(ehf2dV;rC>}?s;OQi6uShmQDuB!XPt%|Rqr64Va*-#8
z&5^Ry9swAbgcG2HM(em@234x0G6`Ci1Q#9#g~A17A2tu550o0bW6&s1s#+5ki4|hJ
zbWj6E%Yl&zQ4C<XNQGq~v@rxYlZyQQMyG*kBBXPGR2vxWgNZT35+MG5C|N`#U&WSV
zu}Caf7$Nr;F{xB4U!o$18AJfG#GeB}QfW9fHWD4K3{d*u;Y=)C;2|X#&^jtETBT)?
z$ViGRfCT`7K+b4`zd-~6YH0`$g_th`a$uZ@NGb<RfyG1siBU9tY`7Q#51?V#(SStj
zzRs2eBRh1l{?6eq+KJ|K^-V0+PX~u{D<U$gq^;MGDKhei`B0i-f;7=G*!so)U}w^i
z34fE~;;>zpJ<VY5HnCpEWgD||_?sy7c1G}t(W&+^V*fsT=$_!C>iW~A>BiWTf56}!
z7IAzVFI2-pGw*x7UDazz-o9tGS@#qB`tH2hd?R>z#qs@3%nzXj(1Sxt{)i$yXn6PO
z_QmcsLckqH_|I0d#IH`PH}lcyJ0VWM3c4(%_OGw&Yf{8;!7Hcxza-mD?>hvSlP>sV
z?5yI8&+NI*JDHepd8Oj%vxmMHl6N^^g2r7FoX^b1zZ4?CP2WH*=CyiuNYRCbtJK7R
z^9#AIr@b3rr|m1|3)~JL_+flp>{WQvw%D>b>0QAuuQ%t;9Jlz<24Q9GX42BUA#~N^
zcagcpXv!oV0Q~KWq`}nJjqwk!hLIYfu!paM1e@9#@EgUcE6+k6C-hXMk!DdYBI}Eu
zJBMX!;rh+sQB6kC^wIVtjXLmf);}e8Q_N@0c8<LZDT(UOCIBaaEk*E*im={Jo>Sev
zeO#LTy7$oXJ$*RSo0w+B+GUBuXT*JM$<xo;gTY0vw(s!Ub2r?VjQBs=pLlO!?}J~$
zhT4ZF=a@~hH=iCJKwp~wmPX6v$J5_p1a;T5SfjPUrVe52mn!v^8q{9L2IHzqlhCi4
zVtAh&Qo`TnR<@Tiel<RXHVH~xRsed>O(P1vnKtcRB7v@`?xpAJy7z^4jTSj!mfheX
zj@MzQq8~P|Z(TFqdew{5cBvfkG3RbnVS@#(Ixw9gbok46@VpphaT>e$Z(7;cmquNG
zLtJ(pQGh!xt;l<obK_pNm!-+NkSNE+uGF91$B&m;nhi284xNqLicDq62HwvYx3OGC
zeV)iLLA6JlW?#6yk2EuCTedoRD5@a&*h@;OR0E|Waw-Kq!l}ObTFn-``PAUt-*qqU
zjxX0BJ)gOj+Aojf&D0)yA56+6d2FaH;5V96@W{Ej>u*b1J_x6tl*A2iwuis1&qJ-w
z4C_DUaOYv%sdp1KH?6mHIcz=n=eiWKeDY^CM}5_q3Q}&`R@W?Vx@>jo>FBmKOX$p_
z<||%F&nJK+LLRZ_b=$lCa;Jv?n=407CFo=;x4TU%{877YwtdO7<NlPNlzjhnw$Hd3
z=Gqzyqol%KoJ;oGE1fnUmYZH-L&{8;>G6j0LqloV80%ByZGr3Fl!90_pc`X5$RWwq
zSCEfCbFRI9GHwY&L=oGb=PZ7C>b`%?^~_tgM~qGOfDQHC&;}9St~M!1T2@}YLUS$N
zn15j%2_>C!i*L8_9vA_1>3(bVv;R=i<)tX?uYa4PpG3SqMSXGEBN^t&g=U%jcyk5!
z*fhK>U_R&9Mq5asIw*see|vvd-@hFbK~5)HJ{)HaTQ$c)&j)sgbxbv8CR<8g#I!k4
zR@=44MTnm3w+H@2dVWmrj@#5V^)LQVSU<Y&yll$_Z?m-d+~ZTN%7i>Wv-aP(<rfLY
zs1vPkal5n>m$Ea9!b=UCc4%U=X$#dSuK`Z4jqCb{ih#upR*WN<sJ4}kkjx}WMf)eO
z(miuh-Q2du?)v9J#xwAc_&(s*?Z1Dqx;Q*A{KUATt>#x){O?)tK9O@yfy=@T@YZL7
zH$gU8IYU#Kk+spg{M?14TRz(cEOp?+^8VpVFx7td0P79CAhZ$m@tsOSw*#YA6rF+^
z^!;zcbHAqOS-&^*vjukXcfX#sAeeHPvtybR$9uPWU&%6O5=-lnj7q0XJbO}ZxOOh&
zFrJyx$K=E|MC=3SA;)v<-7Sl5gKmC>GTksYp=In71baw*`EzB9?SBqDe}8*_>IJMK
z&t<F;Trfm9bqg6@sGYZK+Vs%=r##N5M?2Dr;*ztrr$TtQUWLRY%`|N3egQmGx)e9P
zgSYTUJISToEA*Co{>X!k#yy2@8o`76QD<l`F*i7sb>Dv6`S3&{pv`y3gUy3wS;r}#
zXYr!lzryY3O;d~e7MFTgqn3!hnUzS#;12YQQICR}|F*0>_HOIrVzrs2b!Hubx%GTc
z1TNcNtLnd6@_{JH?gSK86`F@1Gf`WOc*H)+n47S{jNg?W4j#CQmExa{R5q3uR{^HW
zDn14mwCPKdBLf`HpeO4GU4scm2ktoR?=_X(IH?MR5v$ZkLTi1dkbhv!#MLY22?Hg)
z75UbRz4n<*L7&y?-)HCkEN&)dRMS0Z0lTnAi)@RgZ(HOVh;LQ_z+)ECYf9HY`W!f$
kmIT>xvYP?g__VO2v-k|#Ti`j_c5SI^?cwa(UgtXg2g2P;tN;K2

delta 1909
zcmV-*2a5Qj6O0d#EPrQCYG+4yX?a*ONoqGpQa5;1Zh1*IHfVM>c|<uiSvF@YK|w@9
zLU%J*FbY^=D??#<H*#Z9adcy4cz1JlXf-)&Hg$SvLQ8mZV>d-OIA}6dSZQWLK?*HC
zAbc%na%Ew2WeRj}RSGRFEg(j7HaS;KZenU{Wkokfa(YT*Z+}o}Vq|epGjVJ(L~1!&
zLS<THM{YzjPGbu5dN8pHeU>i(=K<#OOQ32T><|7uEfdj}O}<a+@&#$Mq6@<1Ru6V}
zNTfDS6y}Ug)nR8K?cv1YhA_(o4-Ln&*e3Zc<!}?Vx`q0DKzIF}l)=FBmkBmM&>Sbv
z{YAxiP4t@ykAKoiB33lB{Q2viN{tDFfA~1|$*`R?^eVPbPa`}$c>_?2S}^+XaHMPr
zHjK~AWFVnAf}}wepca`hHs`UD>DM?VOM`mPt%&uJsidTeqvXhV>|!^6^*G=qel<i>
za)ZxLLWjS0awo#%EPR7x{f?&?V;usayLO)uR{&vF>wf|~Y~C)Oc_~*yj!cLC&c(Co
zH<3Ef(~^Mc6$@3fT-t@I*Z%@60@}HCW2&toIk7@$I;U^Hhc680a`JRKiJus(Dd@OP
znz7?r&sH`vXB7g*dxe+$$P5ElGG<m_8~n1Cyc_^j5Y!9ME0%HLo!LC|+m*{0mjm-f
zC1}8%L4WDaC*PgAZU-21_6XhdvwA2qoR-pj8oABQ+^Sc;*QN`*WH(rW)F7MVm5CjU
zY>kXH&{J8M)E%phz@3H)vA;U}hLmx=kmYCs^_=d7DIWd=5zEzaCBDA74hQc0Yp*h!
z&ls^Blsr+V6%MTgySI}}qmWiNw=nff#d_%^O@CdYVX~i7>B(z_KD*p`4tZ~4mitgt
zmBQ;CpTLJt(D+mKp?$%n`Bymi>m0RxpA1zALsqO_>`MUTXQ(!ZR&B6jAy;*`ljztY
zo2+)_#gauOD?W#TD48Xo6;~|D#4OuVZPgEu|3%WwKbH5hpsWe*m9LtP{=*}^fF(da
zvwx*pQ1X3UY_&Ri#~*}}M>#cylSODyo47)jZhLcRUgKc3(Vt1{ey^(^q~fK~dFFUK
z;yK<<K0=PTdoE_UjUHR-K5(I~z&hA>%Z`!aFcv<%vCICW=BMCF$YuE=<+wH786Fa(
zif+JP8u;8P;^EDgytX{wWuxZK^eb5UoPP+DpERK%oe~wH`t^A=qM(nI!sgIZI95iD
zUG&3fau_>jT2yip?@A1H6rYNrrma^{KH!&jw2BR(NrV`tcBu)unTc~ib>4QN6p@!a
z+`Z6=xlSKsj9ZMLwQ;)J-EKn9#mIptq%w+Bamw5A!ZTi$c-&~>v83Ca%7H2bw0{k$
zR%_<kiT(Xd=44F~_9Vw=qRGCR#ltFaw~@24IfG<Ku78h@eAVY0J8boPI9Xqh(`ilK
zKfn$XP((|5o?F<xcdP;?2;VzI*l~m|mdVA?v#*`U80?PKX#)z6nI6ej<IksAgG}!g
zCNqIbD*}J{W8Pi9ODt#B7(@V;kAIDZ&|ZjP{#0>?#qWMYy8y$9VJp}A!+NY1H>VP9
zK<fdmxx-#jID=5Ze-tKT8erHWx)0<^MbZ))vJ??U>?GXT2df46vO+SEEjBUhd3hlM
zZokPQEFLEl>o)7lG1>xHlD*~6ht#gFv7NrY9R{^08ukfUTUc?i{RAj<)qiLGHO=vG
z3I%;<<S}qJHLH~3x_2qn8cX!-+AQ!ug4zcOqP`9_ta*`obku>c16$l5Jna0KH&FU~
zzK@3Qno2DxKV+QEwKxRjH@taCHKrKmENj)E<-)g+7G^~oTD@3p=CZ<m91@`|7>!U!
zXZrLPrYf)V4z{n*IFEu)uzzvL7;SsrL*gbl*uCnM+~$uLohZxK<X9w55dy-{I@uly
z-S3nEZ2-u&qR7sse~qSBHf0M{ZpG7OT85yYA~(T;{JW46(@vKsOzoU%a`ke4OI_Sv
z=Z$}kCOp%+Qf7F$O;Mvwks6{6_1R5Me>%fQByTc-gnfV8Xre6iZ+}r2MxkPwf9)6O
zb|xJ8k3NFAxytV*sDJQ183FYmiyViAkUA!b-{e!S_~-LR&rzM9o9OMP%qAQ?%8q3y
zTcH0K<}nd7?2YILPAsN#ji5~NEBbDBdlO-O__j~bAOjMCe!vpdB9zeCbg)c}ki>GK
zf}+%w30je3+%9@Rv45it3a<-gPo1I6nuxD4KnR%r&8j}<ml{Md;qjrLXASCD^Of7g
z=_<SH3oM6oWEm;IA+wBpgKyC_+t=sJu81tY*>-|NA77>VLVEn(GW452dh91<GlD4U
zg6&&`md(Ez#YsUf*EhXR=9um^kNbuTUw~v(oRk;fGoka8A8yeflw`uU0wZzEC^WLY
zX7wiK#n>l~AX1Q<nJLc(lvY&j{Hi~)Lo`NgT!1X`;-T#4BOx?F1>|H^r%cNkjm4sw
vy5k5B2rlkC787y37a^i%Q-iZBy??6P#W<`$8)lnjA;M9SRs;<w!5p4`Q2n5m

diff --git a/nixos/secrets/secrets.nix b/nixos/secrets/secrets.nix
index 9899923..577ba2e 100644
--- a/nixos/secrets/secrets.nix
+++ b/nixos/secrets/secrets.nix
@@ -1,44 +1,43 @@
-# TODO: Just encrypt each file with all hosts' public keys (plus our personal public keys) and deploy when demanded.
 let
   pkgs = import <nixpkgs> { };
   lib = pkgs.lib;
-  secrets = {
-    jefke = {
-      publicKeys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIJUSH2IQg8Y/CCcej7J6oe4co++6HlDo1MYDCR3gV3a pim@x260"
-      ];
-      encryptedFiles = [
-        "jefke_host_ed25519.age"
-        "jefke_user_ed25519.age"
-        "postgresql_server.key.age"
-      ];
-    };
-    atlas = {
-      publicKeys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZ1OGe8jLyc+72SFUnW4FOKbpqHs7Mym85ESBN4HWV7 pim@x260"
-      ];
-      encryptedFiles = [
-        "atlas_host_ed25519.age"
-        "atlas_user_ed25519.age"
-      ];
-    };
-    lewis = {
-      publicKeys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL5lZjsqS6C50WO8p08TY7Fg8rqQH04EkpDTxCRGtR7a pim@x260"
-      ];
-      encryptedFiles = [
-        "lewis_host_ed25519.age"
-        "lewis_user_ed25519.age"
-        "database_passwords.env.age"
-        "borg_passphrase.age"
-        "ec2_borg_server.pem.age"
-      ];
-    };
-  };
+
+  publicKeyURLs = [
+    "https://github.com/pizzapim.keys"
+    "https://github.com/pizzaniels.keys"
+  ];
+
+  encryptedFileNames = [
+    "jefke_host_ed25519.age"
+    "jefke_user_ed25519.age"
+    "postgresql_server.key.age"
+    "atlas_host_ed25519.age"
+    "atlas_user_ed25519.age"
+    "lewis_host_ed25519.age"
+    "lewis_user_ed25519.age"
+    "database_passwords.env.age"
+    "borg_passphrase.age"
+    "ec2_borg_server.pem.age"
+  ];
+
+  machinePublicKeys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIJUSH2IQg8Y/CCcej7J6oe4co++6HlDo1MYDCR3gV3a root@jefke.hyp"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZ1OGe8jLyc+72SFUnW4FOKbpqHs7Mym85ESBN4HWV7 root@atlas.hyp"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL5lZjsqS6C50WO8p08TY7Fg8rqQH04EkpDTxCRGtR7a root@lewis.hyp"
+  ];
+
+  fetchPublicKeys = url:
+    let
+      publicKeysFile = builtins.fetchurl { inherit url; };
+      publicKeysFileContents = lib.strings.fileContents publicKeysFile;
+    in
+    lib.strings.splitString "\n" publicKeysFileContents;
+
+  adminPublicKeys = lib.flatten (builtins.map fetchPublicKeys publicKeyURLs);
+
+  allPublicKeys = lib.flatten [ machinePublicKeys adminPublicKeys ];
+
+  publicKeysForEncryptedFileName = encryptedFileName:
+    { "${encryptedFileName}".publicKeys = allPublicKeys; };
 in
-lib.attrsets.mergeAttrsList (builtins.map
-  ({ publicKeys, encryptedFiles }:
-  lib.attrsets.mergeAttrsList (builtins.map
-    (encryptedFile: { "${encryptedFile}" = { inherit publicKeys; }; })
-    encryptedFiles))
-  (lib.attrsets.attrValues secrets))
+lib.attrsets.mergeAttrsList (builtins.map publicKeysForEncryptedFileName encryptedFileNames)
