let
  admin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin";
  silver_laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQWfVKls31yK1aZeAu5mCE+xycI9Kt3Xoj+gfvEonDg silver@helios";
  silver_laptop_2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmm4CCnpT+tF7vecSrku0+7aDA1z3pQ+PDqZvoCynCR silver@aether";
  silver_desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN34yTh0nk7HAz8id5Z/wiIX3H7ptleDyXy5bfbemico Desktop";
  thenobrainer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer";
  eliza = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIJaVEGPDxG/0gbYJovPB+tiODgBDUABlgc1OokmF3WA eliza-skynet";
  esy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINS2UR/o+nK8lNHHTj5I84ZAAp6P+ZhXqhedMfx0KHE4 <Skynet>";

  users = [
    admin
    silver_laptop
    silver_laptop_2
    silver_desktop
    thenobrainer
    eliza
    esy
  ];

  agentjones = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHOxA3uYcqS5gTrG1hS8XXwehzQYAI2I4iULtU8cXft root@agentjones";
  vendetta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvcxiSYE38V1IopHj7Z7ZWP1IqnskYCdhj8yCQohVUM root@vendetta";
  vigil = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDsz1bjNAThqwF48dKIJGOECsCKHTj/Gn5Gh9XyzoSO root@vigil";
  galatea = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3Mke5YtaMkLvXJxJ3y7YAIEBesoJk3qJyJsnoLUWgW root@galatea";
  glados = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6go7ScvOga9vYqC5HglPfh2Nu8wQTpEKpvIZuMAZom root@glados";
  wheatly = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPlgCGtyvd3xwYg9ZNyjTJNB/LvUSJO01SzN8PGcDLP root@wheatly";
  kitt = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPble6JA2O/Wwv0Fztl/kiV0qj+QMjS+jTTj1Sz8k9xK root@kitt";
  gir = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINL2qk/e0QBqpTQ2xDjF7Cv4c92jJ53jW2fuu88hAF/u root@gir";
  neuromancer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFAs6lBJSUBRhtZO3zGKhEIlWvqnHFGAQuQ//9FdAn6 root@neuromancer";
  skynet = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAIFPXJswth8H1k8+zrg8vCnPkfG1hIIa3wR9DBmjpB5 root@skynet";
  earth = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMpvgQcvK7iAm0QrIp5qSvUJzDhOrSBN9MJn9JUSI31I root@earth";
  cadie = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIACcwg27wzzFVvzuTytcnzRmCfGkhULwlHJA/3BeVtgf root@cadie";
  marvin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIAme2vuVpGYX4La/JtXm3zunsWNDP+SlGmBk/pWmYkH root@marvin";
  calculon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGsmeBfh4Jw2GOL7Iyswzn4TVNzalDbxDgh7WuQotFxR root@calculon";
  ariia = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA4kV6W1/tP/nf2ZWNhRoV1mK04R4pS+c5vdsA1n5gpN root@ariia";
  optimus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFv0Hb4qfzXUll+Hct1NQOE0bCf0MpE24Cqskd8vAFyj root@optimus";
  bumblebee = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINF31tsOZTEpPFCu4wZvJjxxvgFhRpxvo9SKyDMNWHZu root@bumblebee";

  systems = [
    agentjones
    vendetta
    vigil
    galatea
    optimus
    bumblebee
    glados
    wheatly
    kitt
    gir
    neuromancer
    skynet
    earth
    cadie
    marvin
    calculon
    ariia
  ];

  dns = [
    vendetta
    vigil
  ];

  email = [
    gir
  ];

  ldap =
    [
      kitt
    ]
    ++ gitlab
    ++ email;

  gitlab = [
    glados
  ];

  gitlab_runners = [
    wheatly
    glados
  ];

  grafana = [
    ariia
  ];

  restic = [
    neuromancer
  ];

  discord = [
    kitt
  ];

  nextcloud = [
    cadie
  ];

  bitwarden = [
    kitt
  ];
in {
  # nix run github:ryantm/agenix -- -e secret1.age

  "dns_certs.secret.age".publicKeys = users ++ systems;
  "dns_dnskeys.conf.age".publicKeys = users ++ dns;

  "stream_ulfm.age".publicKeys = users ++ [galatea];

  "gitlab/pw.age".publicKeys = users ++ gitlab;
  "gitlab/db_pw.age".publicKeys = users ++ gitlab;
  "gitlab/secrets_db.age".publicKeys = users ++ gitlab;
  "gitlab/secrets_secret.age".publicKeys = users ++ gitlab;
  "gitlab/secrets_otp.age".publicKeys = users ++ gitlab;
  "gitlab/secrets_jws.age".publicKeys = users ++ gitlab;
  "gitlab/ldap_pw.age".publicKeys = users ++ gitlab;

  "gitlab/runners/runner01.age".publicKeys = users ++ gitlab_runners;
  "gitlab/runners/runner02.age".publicKeys = users ++ gitlab_runners;

  "forgejo/runners/token1.age".publicKeys = users ++ gitlab_runners;
  "forgejo/runners/token2.age".publicKeys = users ++ gitlab_runners;
  "forgejo/runners/ssh.age".publicKeys = users ++ gitlab_runners;

  # for ldap
  "ldap/pw.age".publicKeys = users ++ ldap ++ bitwarden;
  # for use connectring to teh ldap
  "ldap/details.age".publicKeys = users ++ ldap ++ discord ++ bitwarden;

  # everyone has access to this
  "backup/restic.age".publicKeys = users ++ systems;
  "backup/restic_pw.age".publicKeys = users ++ restic;

  # discord bot and discord
  "discord/token1.age".publicKeys = users ++ discord;

  # email stuff
  "email/details.age".publicKeys = users ++ ldap ++ discord;

  # nextcloud
  "nextcloud/pw.age".publicKeys = users ++ nextcloud;

  # handles pulling in data from teh wolves api
  "wolves/details.age".publicKeys = users ++ ldap ++ discord;

  # for bitwarden connector
  "bitwarden/id.age".publicKeys = users ++ bitwarden;
  "bitwarden/secret.age".publicKeys = users ++ bitwarden;
  "bitwarden/details.age".publicKeys = users ++ bitwarden;

  # grafana
  "grafana/pw.age".publicKeys = users ++ grafana;
}