os/secrets/secrets.nix

let
  # set ssh public keys here for your system and user
  machines = {
    dumpyourvms = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILDATEWAgDZFfYs1ZPh33Kg4sqQ9tWMVKyk8XqFu3Koe host@dumpyourvms";
    ryzensun = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH/l7MfEmt510BMeNjuXNPmZ0brcQidvrrpcea+qJMjX root@ryzensun";
  };
  users = {
    teutat3s = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms";
    teutat3s-5-nfc = "age1yubikey1qdxpc9qenrkhqxnu2p6sgyfxhnxcvz99jcaq36uqcztuzsy92q596shqxkf";
  };
  allKeys = [ machines.dumpyourvms machines.ryzensun users.teutat3s users.teutat3s-5-nfc ];
in
{
  "example-secret.age".publicKeys = allKeys;
  "environment-secrets.age".publicKeys = allKeys;
  "test-secret.age".publicKeys = [ users.teutat3s-5-nfc ];
}