# Host-specific secrets
let
  keys = import ../../../../keys;

  all = [
    # Host key
    keys.hosts.porthos
    # Allow me to modify the secrets anywhere
    keys.users.ambroisie
  ];
in
{
  "acme/dns-key.age".publicKeys = all;

  "aria/rpc-token.age".publicKeys = all;

  "backup/password.age".publicKeys = all;
  "backup/credentials.age".publicKeys = all;

  "drone/gitea.age".publicKeys = all;
  "drone/secret.age".publicKeys = all;
  "drone/ssh/private-key.age".publicKeys = all;

  "forgejo/mail-password.age" = {
    owner = "git";
    publicKeys = all;
  };

  "gitea/mail-password.age" = {
    owner = "git";
    publicKeys = all;
  };

  "lohr/secret.age" = {
    owner = "lohr";
    publicKeys = all;
  };
  "lohr/ssh-key.age" = {
    owner = "lohr";
    publicKeys = all;
  };

  "matrix/mail.age" = {
    owner = "matrix-synapse";
    publicKeys = all;
  };
  "matrix/secret.age" = {
    owner = "matrix-synapse";
    publicKeys = all;
  };

  "mealie/mail.age" = {
    publicKeys = all;
  };

  "miniflux/credentials.age".publicKeys = all;

  "monitoring/password.age" = {
    owner = "grafana";
    publicKeys = all;
  };
  "monitoring/secret-key.age" = {
    owner = "grafana";
    publicKeys = all;
  };

  "nextcloud/password.age" = {
    owner = "nextcloud";
    publicKeys = all;
  };

  "nix-cache/cache-key.age".publicKeys = all;

  "paperless/password.age".publicKeys = all;
  "paperless/secret-key.age".publicKeys = all;

  "pdf-edit/login.age".publicKeys = all;

  "podgrab/password.age".publicKeys = all;

  "pyload/credentials.age".publicKeys = all;

  "sso/auth-key.age" = {
    owner = "nginx-sso";
    publicKeys = all;
  };
  "sso/ambroisie/password-hash.age" = {
    owner = "nginx-sso";
    publicKeys = all;
  };
  "sso/ambroisie/totp-secret.age" = {
    owner = "nginx-sso";
    publicKeys = all;
  };

  "tandoor-recipes/secret-key.age".publicKeys = all;

  "transmission/credentials.age".publicKeys = all;

  "vikunja/mail.age".publicKeys = all;

  "wireguard/private-key.age".publicKeys = all;

  "woodpecker/gitea.age".publicKeys = all;
  "woodpecker/secret.age".publicKeys = all;
  "woodpecker/ssh/private-key.age".publicKeys = all;
}