secrets: reorganize & rekey

25 files changed, 99 insertions, 167 deletions

diff --git a/secrets/atlas/cloudflareApiKey.age b/secrets/atlas/cloudflareApiKey.age
new file mode 100644
index 0000000..adfa345
--- /dev/null
+++ b/secrets/atlas/cloudflareApiKey.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> X25519 X9ki4tKhqWl4xo45lECHDLKKLcC/5DjDD/uVBz/QOk0
+JvztdIlHBdn4cYV2+j28C7Z4DIC5++gpQN0ldC/nMLE
+-> X25519 aTBPBZ2yTm6oLSBWNz++lb/mwcXIpj+DRijBvVdPmgg
+n5/Vl8JC+Ko3sohm+CcM8kiiGIOS1pgAuSbS7kzCwXw
+-> 5F5JX\1p-grease P(`w.%xN
+pB0O/qyejUhq8rfbsn3uuB8qfEeC9hEbw43s5kV7h+22sEMh9+hTJLNugnDK+rgv
+ldFEsDDEVfQJICBwEejf/Q
+--- hBeJpfiroyaKtXP51kJizYcWyA0qJS2tiGBs0Xx3A8U
+�B�%#��Nj}J����r,��o
++}����7i�.�[�R0�vFBia�?�xw���O��+\0Հk�/�m�1j�EK��}��R���
\ No newline at end of file
diff --git a/secrets/atlas/cloudflaredCreds.age b/secrets/atlas/cloudflaredCreds.age
new file mode 100644
index 0000000..1263aa3
--- /dev/null
+++ b/secrets/atlas/cloudflaredCreds.age
diff --git a/secrets/atlas/miniflux.age b/secrets/atlas/miniflux.age
new file mode 100644
index 0000000..f23c26e
--- /dev/null
+++ b/secrets/atlas/miniflux.age
diff --git a/secrets/atlas/rootPassword.age b/secrets/atlas/rootPassword.age
new file mode 100644
index 0000000..f07d3a0
--- /dev/null
+++ b/secrets/atlas/rootPassword.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 rtqngaS/GzmM3+Wj0c2AdbqE0/P72OeH8444BaTOjwA
+jb0C81Dy9DlnmnvzDB1rmxRO4maaU+iLBcTTAqZEROk
+-> X25519 VjVFcH7Q2Y5OyBLrSXDCbwohuI2F2qBxSwq8XKa9/zw
+PtK1TDy9yBispHoVCBRNNrsgZtBlgwLY8YGFYhCNhRo
+-> +{-grease
+0r3eTVW3Qt3rYfeouxz5zuigqySle0jKqZXkeHs25mhhEk4ua1cS
+--- /qZafcKO6F+KGZDiabHiG59T7qF89sYrOj740wAT7fs
+b�_���x��UX�ݏl��w����DWy�����fG.��؈w�/�����j�D�RU�6�_�e@���bk�����c��1Ѥ����Cw��!�'nn/f�NE��~���.N�|30:c�u��a�u���
\ No newline at end of file
diff --git a/secrets/atlas/tailscaleAuthKey.age b/secrets/atlas/tailscaleAuthKey.age
new file mode 100644
index 0000000..c2d268e
--- /dev/null
+++ b/secrets/atlas/tailscaleAuthKey.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 OBV3kbQvAPdaDx9oUhiH1dtyZKNEBhz9L12W3z7l6FY
+u+SH6vmfv123qfymZEtZximXweXiZ1GQU//avusaGKI
+-> X25519 Q3BkDTHat2Q3iCcFp0hJno2p3KPj5Gs3KIWt7zUQDko
+rBbElZ3NmeoY7zx2DCvVaAq7q3uLO1Y8ULOx5DQps9g
+-> }-grease yji7 Hr0n|V" {l-MhPj^
+qbwyF/qEI9AKW//B92Qv7r7dv0rEsVb29jNmbvpm5VAonb3nuz82Pcgu0wTHeeY
+--- aujzJ1TMpnZbECm8H5MWdGr+6x6lS8COox1PGmovBB8
+�Y���B��U�P{�"#{�h�b
�9ޤ6�l89)�ɏH[�</Sa�Õ�GlĒ�"�7Z�H�d�ڤ*�`N�^�)��
f����H�
\ No newline at end of file
diff --git a/secrets/atlas/teawieBot.age b/secrets/atlas/teawieBot.age
new file mode 100644
index 0000000..bfe4f5c
--- /dev/null
+++ b/secrets/atlas/teawieBot.age
diff --git a/secrets/atlas/userPassword.age b/secrets/atlas/userPassword.age
new file mode 100644
index 0000000..5a8e13f
--- /dev/null
+++ b/secrets/atlas/userPassword.age
diff --git a/secrets/glados-wsl/rootPassword.age b/secrets/glados-wsl/rootPassword.age
new file mode 100644
index 0000000..35b7552
--- /dev/null
+++ b/secrets/glados-wsl/rootPassword.age
diff --git a/secrets/glados-wsl/sethPassword.age b/secrets/glados-wsl/sethPassword.age
new file mode 100644
index 0000000..594f0ae
--- /dev/null
+++ b/secrets/glados-wsl/sethPassword.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> X25519 lXatjMUa+xCU5gHcpG4/egSWnMLCmzZYJizQNY6E3w0
+mhyO9XzgcA0cFTGygvecCBuXQsEcVWoLorRVUcBBrTc
+-> X25519 N+rNraL37bSWOJsW3vJ2wLKkOv8+9qOCw3Os+h2+vDg
+AwFzYRyzHenQpPEmKBXyllRrrk5qty+tVT0stjXyurA
+-> \L\KI-grease QT<mi~ $ glp%|6F
+zfUBXVbxxqdv5IjPj7ik8HHm8OlWQgfFKqQN2Ek
+--- nNCbZuyGWy2HuCCzn5XVb/p1trRyPW6gnKVWpqtzFU8
+Q^!�]��n��~>7�p܈��ܘD+I��X�L
+F@�du=�h$=&u����u��'Hq�����^��d��Q*˩�\���>�y~3�io�&�+"�b���Qx
\ No newline at end of file
diff --git a/secrets/glados/rootPassword.age b/secrets/glados/rootPassword.age
new file mode 100644
index 0000000..e7bf62e
--- /dev/null
+++ b/secrets/glados/rootPassword.age
diff --git a/secrets/glados/sethPassword.age b/secrets/glados/sethPassword.age
new file mode 100644
index 0000000..79f258e
--- /dev/null
+++ b/secrets/glados/sethPassword.age
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index bd1fb57..e2e78e2 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,18 +1,38 @@
 let
-  main = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ5K+yLHuz4kyCkJDX2Gd/uGVNEJroIAU/h0f9E2Mapn getchoo-nix"
-  ];
+  toSecrets = import ./toSecrets.nix;
 
-  atlas = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBA861lnShM2ejpzn9arzhpw33I4XdtULfZWhMp/plvL root@atlas"] ++ main;
-in {
-  "shared/rootPassword.age".publicKeys = main;
-  "shared/sethPassword.age".publicKeys = main;
+  owners = {
+    getchoo = "age1zyqu6zkvl0rmlejhm5auzmtflfy4pa0fzwm0nzy737fqrymr7crsqrvnhs";
+  };
 
-  "systems/atlas/rootPassword.age".publicKeys = atlas;
-  "systems/atlas/userPassword.age".publicKeys = atlas;
-  "systems/atlas/miniflux.age".publicKeys = atlas;
-  "systems/atlas/tailscaleAuthKey.age".publicKeys = atlas;
-  "systems/atlas/cloudflaredCreds.age".publicKeys = atlas;
-  "systems/atlas/cloudflareApiKey.age".publicKeys = atlas;
-  "systems/atlas/teawieBot.age".publicKeys = atlas;
-}
+  hosts = {
+    glados = {
+      owner = owners.getchoo;
+      files = [
+        "rootPassword.age"
+        "sethPassword.age"
+      ];
+    };
+
+    glados-wsl = {
+      pubkey = "age16jps7cr3jtjjusf3p3yadcmnmmh2kzfyfcfpv2zs6hrmnlthhf2sr05jdn";
+      owner = owners.getchoo;
+      inherit (hosts.glados) files;
+    };
+
+    atlas = {
+      pubkey = "age18eu3ya4ucd2yzdrpkpg7wrymrxewt8j3zj2p2rqgcjeruacp0dgqryp39z";
+      owner = owners.getchoo;
+      files = [
+        "rootPassword.age"
+        "userPassword.age"
+        "miniflux.age"
+        "tailscaleAuthKey.age"
+        "cloudflaredCreds.age"
+        "cloudflareApiKey.age"
+        "teawieBot.age"
+      ];
+    };
+  };
+in
+  toSecrets hosts
diff --git a/secrets/shared/rootPassword.age b/secrets/shared/rootPassword.age
deleted file mode 100644
index 3770a2d..0000000
--- a/secrets/shared/rootPassword.age
+++ /dev/null
@@ -1,10 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEk5MkEzUSAxWmJN
-N2JKK3RvdE00MFVqOExvc0I0M05BM1NvclQ0YkdKelBhb0g0c3hnCjVEMUZ5OWI2
-d2FoeXJlREJGM29GdFJHNlpEVGMvTldkT0pyQ2trS1VBTDQKLT4gZS1ncmVhc2Ug
-MngodlYgKlczXkptUiBEQF85NAozLzQzZlVZMEpsUzdjY0JwdTFXczMyMEI2ODd2
-MjVVCi0tLSArTDBuNkF3UU5kK2doelhxcFhQUDJvekJxRVhLbkttYUk1OHJBS1JR
-QVc4CpYqifbaJyErbpJ9zw2M8T/nSfVM1vL/bXU0/CuSP7LwIsrrHkghuR6JyS3p
-POwDVg6hmNrGf//VJILqm4TKqrshWbQk99poXbEmr1hoGMZovXHYl+FkwZfVr6DW
-OABQJfFnrR4ZusvM7O0zdkkcxMtEi+iEVJeIf0jQEkKJQ4gTM2DcjGAeU1G/c2U=
------END AGE ENCRYPTED FILE-----
diff --git a/secrets/shared/sethPassword.age b/secrets/shared/sethPassword.age
deleted file mode 100644
index 4015d60..0000000
--- a/secrets/shared/sethPassword.age
+++ /dev/null
@@ -1,12 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEk5MkEzUSByV01G
-VW5QVjkrRm1NaGVpdU9FcGJRMlVuUG5WRHpoOWhFNExXUzRCbUJNCjRJMmZCSzEw
-S3BvSEdMemRkamUrcXoyckFqVTN0N2FuYytvUDdNN2p1QkkKLT4gTHhOOnIpLWdy
-ZWFzZSBDLD9jPSogSSNjPDNhIWcgYCBWZi8KSk5TOXZmL1RnVXI4aTM0N1NIb29Y
-bHdxNXZJWGVhOUtIanAzYlcyZTJFS3hJZ2ZtUVkyNnc3RXNxczNZeERjYQo0Y0Ju
-NFhyQzhYWHFSYnlhUjExT1gwawotLS0gQ0hJWDRQTzZRMVNXOFhYQWpnZ0hoQVdv
-b2VieUVTTm92SVJVOUplbVVkQQp39CqRv/NPvkJXqme6PWfaRUbcMUky+LolZe5G
-DJ2Dy0++hyV3xBJbrfJUJPzdRrKuZ8o0UFwss1RuqVWjwLYmiwb9OafddpCMwuOw
-BfuGB7HykaOYrgbgvmJuaZNUrM1wKnQXTZAzqB+TjI7MHWRyFgRkD4NuD2BWpxY9
-y+JxjbEa0MZF5W/CsTQM
------END AGE ENCRYPTED FILE-----
diff --git a/secrets/systems/atlas/binaryCache.age b/secrets/systems/atlas/binaryCache.age
deleted file mode 100644
index 4a5a4b8..0000000
--- a/secrets/systems/atlas/binaryCache.age
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGxXSVVGUSBDNXhv
-cU1uLzVidkVaVHZRNHhHaTdWUjNQYzRNcnloTVkvdjJSWSsxb1VvCnRaanRnUktI
-S0tGT2JzS2toY0lHMEhzZ0ZOdG1OUFNCMTVZSzV0b3VaK2MKLT4gc3NoLWVkMjU1
-MTkgSTkyQTNRIHdyNlczYkpHdS81T0dGWGc5a3FlY2FWN1hCSTBoSis5eGhkRjZy
-SjAvaVUKTUZDVWNqQ1pOMHNSUWZMRkNXK2FjZ0JiSEt1YzRLQTRmVVQzaWx1MitE
-TQotPiBbNGBUYEUtZ3JlYXNlCm1rOFJiUmZJa3NkbHU2Wk93b3E0TFZqSlJJVTlB
-UTMxSzZxT0pnCi0tLSBPY00rbXphVXFWN2R2NWJJeE9Wa3ZVMkd6WFVsNk5sTjQ0
-K3RnK0xXVkFRCg1GCPUODHhK0qOcFXAa25ya2VcUhpvaCkU5bwVgHd42wKSAxqjW
-adE7bXyoo94kpY7lPehG8t1ucQxZDqfz8fqBw/Qe/TncGUKbXrwnpjnkC7wENv7Y
-BwAmSB47esamvlsmIvXKX9p8ccJhyUrEPL/olrs698NiokoeF8ceN524K9Ik1Cjq
-4CAS7H1fZ04Bd0uhjNkLdiKMf2tzoSicjVIU0Nv1uTtCW3hlOT82gqAPsYRouSW8
-SffI9irxkqwUkIMAMLdG3VAdgdcgNfgVSmw1IUQ2Xf9hgU5VyUX9PTZ2H+yag02W
-fjDkSHcjYxjMrWspQC/4dW3RknxJoIsRwXMzI1obQ5MnWgowR1hj/0CxQdPbXqE/
-dhHS+NdzjjTs8Eyp7IMXUkGxobObJCFy6Tb1Rt9ahcdZ4hPmDRT8s9E12P7GPZEq
-hvDtf5X7wPxHig3GWDNuq9jXV39G2uk=
------END AGE ENCRYPTED FILE-----
diff --git a/secrets/systems/atlas/cloudflareApiKey.age b/secrets/systems/atlas/cloudflareApiKey.age
deleted file mode 100644
index e26a8a1..0000000
--- a/secrets/systems/atlas/cloudflareApiKey.age
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGxXSVVGUSBNaW5V
-NEx0dU5xSTBNUWFBMWxQcHc2NkJ0cU5rMHIrK0FaS05wOEZaWVJFClBLZGo1em5N
-OGdrT0NISDhaaFp5bmlrRkxpVnlkMWEwbEpQR0ljQnVFaWMKLT4gc3NoLWVkMjU1
-MTkgSTkyQTNRIGxtZDhnWGw2UUlRNmlibWZJdm5qeDN4bys2Z3ZTQWUyZmNwOE5k
-Ny8yZ00KQXlhc2tBTCtTeXN3Zk1IZWhWMEM4dTBtQ2cydURlR2dzVlNJc1N4STQz
-VQotPiBzc2gtZWQyNTUxOSBqN0xJVUEgOXRvQytHZEp1cThYc2ExV2NSdDVzUXA0
-bGdRMENWVGwvWkdWRDNuNWtSbwpxaGNBZEx2Z3JkYTFxT3pNbXd6aHNPdlRiUTNS
-RFB1T2RiWlVkZUFjRWhBCi0+IDdsLWdyZWFzZSA9Z1csZFcxbApyazRscUFIR1JX
-aFNaV1hCUHU4VzZyNWFha2NRWFMzWXdpbUYxWEpodFNsNWQwOWxGaVpGUVZHemls
-bjQxNEU0CllSamI0RmdNOU9qVkdCYXZ2T0VCWCsrakpwcwotLS0gMlkrMGI1Z0dp
-dXl4eUd5eUNVZTFzckNTNVIzdXYvS0NoM0FObC83TG1QRQpUVcyYhenxo5+EvEfx
-RlnURdpStJwr2Uf9PowvV8Kz8OXCf222/jFm1MSr2c5HY04sTJuIrY8jyShKGkZb
-gX/rktW7xQMlJu6NDObyJFHnHTSbTrNhl6XtyjQeRw==
------END AGE ENCRYPTED FILE-----
diff --git a/secrets/systems/atlas/cloudflaredCreds.age b/secrets/systems/atlas/cloudflaredCreds.age
deleted file mode 100644
index 800dd96..0000000
--- a/secrets/systems/atlas/cloudflaredCreds.age
+++ /dev/null
@@ -1,13 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGxXSVVGUSBudzFm
-MmhMR1IzT2FiK2xKRVl5SG5vS1dSbDlieVIzek44bFg0WE9TZXdRCkdWdE9OS0JQ
-TU5HVU9rWlBTRlNCQ2NFTzlsbWJ1ZzVCYjVXN2NDU1NTTDgKLT4gc3NoLWVkMjU1
-MTkgSTkyQTNRIDNyNDBNYkV3bEpWN2RkTXplaXEzSlhpc2hIeGJZYXhPWldRN3B2
-MVJBaUUKYS9ua1M2R0FNalRqNXdGVGVQbkxldktyZjl2MW1XWjNDMEVvS2lYQWhi
-cwotPiAvU3U7PS1ncmVhc2UgQVxeJFBKdiBRMisjRwoKLS0tIHRCSjJCaFY4U0Mw
-dGJTdVV3d0ZBRDdxV2VyWVdkUWd2c0tGQ1oxYi9scjAKzIRCDNZ+82I9EsLCN6Sd
-uNvQIyga1EyjqF0SOWeXKe81TldrkoCvOiQaYSNK2JSwtDlM6uL0KZzWOOlUE1lV
-Z9BwyDC/QhPWd2hAv/YQS+nRsgyUy8bFbLv8/tohB5ukEHqoHIUEMb9s+kIAJmtF
-QhQSNBXyqhzQ8BNQnqSFmLrAKl1IsJ4VuEYODsC0fNobinYygGji624yuZRd3YeV
-9UxvJPMoNLcBtsFuP49Cj/0wrVSoak7BhBUfkRwCsDcqfT8=
------END AGE ENCRYPTED FILE-----
diff --git a/secrets/systems/atlas/clusterToken.age b/secrets/systems/atlas/clusterToken.age
deleted file mode 100644
index 5ca3074..0000000
--- a/secrets/systems/atlas/clusterToken.age
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGxXSVVGUSB6cnhF
-UXZIbjBpdVBjcEROaEhhV2QyNWw4NUlzU3dnWXRwdE5HZjM0cDJJCkNheUoyVDdK
-MUJaVDQ0d2RxYVU0VWlKZFdLa1ZzSFRFREFieVVXNlJVelEKLT4gc3NoLWVkMjU1
-MTkgSTkyQTNRIDBJODBiS0wxTG52ZGFuTkF5WVJrbksrd2psT1lpcUxXekFoTzN6
-dW1RQmsKcDd6aFI4Z1Q0RUJLVjZWUkJmNG1WMUw2VWI4cWprM0MwUzhUeUsxWUt0
-TQotPiBqdCxGaCktZ3JlYXNlIHZja1ciNSB+PCghWiAvYVZnVWYgJApaT2s2czIr
-a2xWV0h5T1ZVbDN1WTVRQ2JRVkN3bndRVzZweGJWcXI2SlRYYVRyTTRmOWVGK2lz
-dW13ajRkNGgxCmxqZWxtdXZ6eEZId1RaZmZhL3B0QlFXRVh3UFcKLS0tIG5hR1Z2
-ZmZ5SlQ2WitscEdDRVpIMWg2UDNHdHltbnpUQ2RJejd2SEdOczgKB977ot8kAYxY
-bVCk5eXqXXYRLiF8ynnVXlRKEXdOUBxreT6rISllcW+tZahAu67beZCJopqAMcLH
-MREJloCuNnGPR1dTJDDd76ecOiFVpMdh6+zIF+juZ64LYjZN9CtnJlMlAk6CBniq
-lDSiQTA0pyrZa3V+zFXYaqJRHhmMq9pn06mXIJV9IOV5Fy60VU1VXAW04lQxlC7+
-yQK+c+jPg2+cYqs7LCYP7UgDDzMXQ940DISwfj403ijEv96Fgp2+6Z/zLdh5pCOH
-0xuV67ptxAk41mNEdXSMf7iW55ogkzDUVBQLVad2kOJKoSMLkaX/BhlvgrC74m8Q
-+Icm7ol5b4lQuCLVFyurbCrVTA==
------END AGE ENCRYPTED FILE-----
diff --git a/secrets/systems/atlas/miniflux.age b/secrets/systems/atlas/miniflux.age
deleted file mode 100644
index 0be7920..0000000
--- a/secrets/systems/atlas/miniflux.age
+++ /dev/null
@@ -1,12 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGxXSVVGUSBhUmhV
-Y3JIQ01RL1ZZNXczVGJuckxnSndGbVZIVTE2bWNGZUtHdTdmSVJBCjNMTmxsSHhQ
-Z2Q2Qm5PMGxsSDZrY3J3R0VMUlYvRlYrNzV1Z0RMTHFoTjQKLT4gc3NoLWVkMjU1
-MTkgSTkyQTNRIFpZNzRVbXVOemtFZU1pY1c5eUdYV0x5MUl0QmhwbElXSEtNMFhp
-SXFCSDAKTkRvZ1lPVXozSkJZNDh0MkNsRCtSTmpCL3hEbXdPdjVhRVJJVVU4UTYx
-SQotPiBKckFyUXQtZ3JlYXNlCi9sY3JUbkxCQ2c4aHlNVDFjcUQ4dGIvSTZET1ZK
-QXJuYkJMem5zdy9OSkkKLS0tIGh6K3FxZTk0OW4wdDU3NFord0YwS0dDV0w4dGVH
-REhMbyt3anRDQXBGeW8KVThL4z//n7UsTYkdD4Cpc3jVcaMJfBdir0ion0adIb3y
-dhwVt6c88nXBrPe0a0esfq4Y8wwzq8cS916fSbkzChjTW7pI3DTFzZXJs/o7VIJA
-aYLrEC8jWg==
------END AGE ENCRYPTED FILE-----
diff --git a/secrets/systems/atlas/rootPassword.age b/secrets/systems/atlas/rootPassword.age
deleted file mode 100644
index 9609bfa..0000000
--- a/secrets/systems/atlas/rootPassword.age
+++ /dev/null
@@ -1,13 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGxXSVVGUSBpTEdi
-ZlBDdkUraVhiZmVUVjBzNDRlc056cisvbzNVeFRPQkRJb1Z2VXhVCjBmU1JCbEds
-RmhRc1kvK2dXS2RRZWFKRkRMaWttS2l3ZWF2ZkJsSUZJcGMKLT4gc3NoLWVkMjU1
-MTkgSTkyQTNRIGdGVHRlMGlGSzJxcXpDNnhTYzJUb01MU29HMkI3ZGdrU01OTkEz
-S1RQVWsKMDVFQVUwWERDMGhKTnROdzVWZXRhR0tvdUU5TWh1Y21HUnZvWlNxcy9K
-awotPiB0LWdyZWFzZSAwCjNxYlFKa29HcG85SzdFeXBZNUszeVdCVHVVYjh5UlF6
-dkRRZ3pBbXpXQVhLY2NGdXNWdnpNT2Jsblg2em13b0wKCi0tLSBxSUtkQ25WRFlW
-NElUdVpnZTE4Q0VtMkhQNTJ2NEFGZWxNejgwM1Fvb2lNCuWdXCjQizC+xKTjhHvz
-oFrtSCdddtStKjVO3yGgbgPfW85j0JDnCqrJcNX4ebnNED46OqmySItFVnxiCfAd
-/ekLNrB8PDY16vRK8SsZ15GinEcTsrdlbHCJ5rnLi4II+idUcAeI3E/Uo2sP8gRa
-kwNTM0Rt5tAeT3sMGB6ASFdgLT2eGhUWR6vkgMc=
------END AGE ENCRYPTED FILE-----
diff --git a/secrets/systems/atlas/secretsJson.age b/secrets/systems/atlas/secretsJson.age
deleted file mode 100644
index c5fdf34..0000000
--- a/secrets/systems/atlas/secretsJson.age
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGxXSVVGUSBIV2sy
-ZitMaDRrOXBxYUlJZXVSbEpMSmpPUUV4STZqcExzaTJ2TGdxZTJBCmU3b3hFSHRp
-VU83M1QzRGZsdmtJOUtvQ0F4cjltTWRJSzlUYVl2VDdVU3cKLT4gc3NoLWVkMjU1
-MTkgSTkyQTNRIHlPYVRwa0p1Q1o0WDZBa015RExjZk9iMXVLU1FZOHorT3haZFVU
-TmNhVHMKRkJlbDAyU1IwbHduVFI1UHZqUDlIaGhhclFBbTIyOFZlM0x2SEx4Z29k
-dwotPiA+YnphLWdyZWFzZQpkUlUwSVhkbkJ5S2ZvYjZDQk1yK3JLeC9YVVgvdnJX
-YlVJWGVUZnVlNGxuQU9VVTZCNk10aEtGVUhjV1Mwd08zCi9xTmdNeGEvUVF0Q2hR
-bFZwVzYvdkVqOXRCTEFvNGMvNzdnQmZhZ20xVXdnU1VpWmQ3Y2N0Yk1DY0MraVdB
-Ci0tLSAwNTgyZERKUUk2MXFDOXhrT1drUmZhdHR5aTVBK0tpanFSTFJRYTN2WDhR
-Cs/4/jHb8Op00lKo2IlJqQ3dSOlV3obyoeR6YBJoh9djxIR1LpZ3qSGuwB2l7Xqk
-uBKGT+XT3hG+x/KhfFiHWyG3lMSI2xjqj7wfAlDDNMClnC298yDh4VoFoLxDkX9D
-Mp/qnLiqLpFPZfJEIiFNa21yFIyVy191AwDXtzh8SLfj2jd7z+RW2YnH5L7wNeBU
-2gMkI9QJ6BSw7yvMWO8TNvegGdBB4BajC8/CB5aX4m4YArhztfjP+2yD603WPVt4
-PZG3BiUqc+6tpWCqGFISl7fHY5d2onbJNHqqNBuwcKb/MtB+HOh0xhbg1gMCAi9R
-zzA1dKvToSZy79hFzXfs0MruOOqNWBUaeis2e3BREDCglbfwPLoRQnXFdye1TUMr
-aH9RrHDH2KCcwtwG52dIgrJIAE+Ij00VCbdYU5D8cswdngkYB8beAQWFX/NPLQlQ
-i8spKTNdGoz7s2SZrfxw+2JIvbBY
------END AGE ENCRYPTED FILE-----
diff --git a/secrets/systems/atlas/tailscaleAuthKey.age b/secrets/systems/atlas/tailscaleAuthKey.age
deleted file mode 100644
index 81233cc..0000000
--- a/secrets/systems/atlas/tailscaleAuthKey.age
+++ /dev/null
@@ -1,10 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 lWIUFQ CXgyzFe3Cy1f8iVqgjdvYOehiBcL5zWcPpR2bg4WIwQ
-w6BUaNOU/7W1pA7IxTrLH9sRX3iS/zVfLWmFRTlNiNk
--> ssh-ed25519 I92A3Q yByZPsvHzdbKk/GNik8kGsraK+ZaIwyjfqUYW4j83jY
-UglyMU5Kbpi4iAJoMcPQ393fT+eSb9uMRE9SBjaCetA
--> s%VD'-grease KAp* (mA7/P{ H1^'s1T= t
-4bY2hWlERIj0kHhVC7VMArN1q/MPMarDi1sxq+YUpK3Kfn9HB7vHF6enT4ZeDJEj
-4EnN7E9N
---- wbuhvv4tLwmeEsMRj9OoIVpEOvDL4ZG9yRR7RXeeMoo
-;���U
��@tq��O
���頭���&���.՘�bq�4۬�F~��9��=_�l�-{ԩ�h��~ߢ�Gsz`�!Ͽ��aj
\ No newline at end of file
diff --git a/secrets/systems/atlas/teawieBot.age b/secrets/systems/atlas/teawieBot.age
deleted file mode 100644
index eeb096d..0000000
--- a/secrets/systems/atlas/teawieBot.age
+++ /dev/null
diff --git a/secrets/systems/atlas/userPassword.age b/secrets/systems/atlas/userPassword.age
deleted file mode 100644
index 3e658ba..0000000
--- a/secrets/systems/atlas/userPassword.age
+++ /dev/null
@@ -1,14 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGxXSVVGUSBJajlU
-eFFSMjBlTUxoUEg3ZlNjb2tUSncwOUFnODRKZHlFai9wRkFaWVhFCmJNbnovL3NL
-VjZHLzB6cDVMM0Y1bXllY3RWOEY5NWVkOWhKNmZ0eUJrQk0KLT4gc3NoLWVkMjU1
-MTkgSTkyQTNRIDJRd1lMdU9scDhFMVk5azhDc0dwMGljU2tiQkMxMDBESkpiaXdE
-V3BFMDgKUWZ5UkttQmw2a3huVlhsNi81WHYxYlpJdnJ6T29UUHJ6MEZwakJUYzN1
-cwotPiA+bC1ncmVhc2UgSyl8Rm9wLUAgd1hHd3JqdWoKSHZldG9wMmRhM0ZvcEts
-cUJ1K0NJK2JYUmVFVHpqYUhBRW13VjhaNXhyS3ZVL29hbVpycklOdmREZCtVeFA4
-QgpraXpwS1J2VC93YUx2bi9MMjZuUUhxQzdFaEEKLS0tIDBPczBUNUJEKzF4ZnB0
-aldTaEZwVjJ6OUtGYjFwZjUwMDJUeStzK1ZrcEUKwjr8W3jUtGjhvB0w8irGnIpR
-tn8mLq5c9nMjUMAQ5qRWd6U0+XS1U7/UrP8zuzezlCNRri6tryOgujT7195CLr06
-9WAhEPqCN4FpyowsugbwPEuLgwCswn/YF5m6vg7T41m4VhXPkBlcRIR6c4T076ok
-I3/MK2MEavBoGlW73cX4blDgtNozSxHLCQ==
------END AGE ENCRYPTED FILE-----
diff --git a/secrets/toSecrets.nix b/secrets/toSecrets.nix
new file mode 100644
index 0000000..3d495c6
--- /dev/null
+++ b/secrets/toSecrets.nix
@@ -0,0 +1,25 @@
+hosts: let
+  optional = attrset: val:
+    if attrset ? ${val}
+    then [attrset.${val}]
+    else [];
+
+  mkPubkeys = host: optional host "pubkey" ++ optional host "owner";
+
+  op = acc: host:
+    acc
+    // (
+      builtins.listToAttrs (
+        map (
+          file: {
+            name = "${host}/${file}";
+            value = {
+              publicKeys = mkPubkeys hosts.${host};
+            };
+          }
+        )
+        hosts.${host}.files
+      )
+    );
+in
+  builtins.foldl' op {} (builtins.attrNames hosts)