let
  pkgs = import <nixpkgs> { };
  lib = pkgs.lib;

  publicKeyURLs = [
    "https://github.com/pizzapim.keys"
    "https://github.com/pizzaniels.keys"
  ];

  encryptedFileNames = [
    "jefke_host_ed25519.age"
    "jefke_user_ed25519.age"
    "postgresql_server.key.age"
    "atlas_host_ed25519.age"
    "atlas_user_ed25519.age"
    "lewis_host_ed25519.age"
    "lewis_user_ed25519.age"
    "database_passwords.env.age"
    "borg_passphrase.age"
    "ec2_borg_server.pem.age"
  ];

  machinePublicKeys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIJUSH2IQg8Y/CCcej7J6oe4co++6HlDo1MYDCR3gV3a root@jefke.hyp"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZ1OGe8jLyc+72SFUnW4FOKbpqHs7Mym85ESBN4HWV7 root@atlas.hyp"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL5lZjsqS6C50WO8p08TY7Fg8rqQH04EkpDTxCRGtR7a root@lewis.hyp"
  ];

  fetchPublicKeys = url:
    let
      publicKeysFile = builtins.fetchurl { inherit url; };
      publicKeysFileContents = lib.strings.fileContents publicKeysFile;
    in
    lib.strings.splitString "\n" publicKeysFileContents;

  adminPublicKeys = lib.flatten (builtins.map fetchPublicKeys publicKeyURLs);

  allPublicKeys = lib.flatten [ machinePublicKeys adminPublicKeys ];

  publicKeysForEncryptedFileName = encryptedFileName:
    { "${encryptedFileName}".publicKeys = allPublicKeys; };
in
lib.attrsets.mergeAttrsList (builtins.map publicKeysForEncryptedFileName encryptedFileNames)