let
  soispha = "age1mshh4ynzhhzhff25tqwkg4j054g3xwrfznh98ycchludj9wjj48qn2uffn";
  sils = "age1vuhaey7kd9l76y6f9weeqmde3s4kjw38869ju6u3027yece2r3rqssjxst";

  server2HostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL1TUFoCTplkqTVbXQ6qDCyeo2h8+C0vjrIlKu6vmq5f";
  server3HostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP3s4FjGx7LEVf/GE3WeCl8TmCtPt8gW1J0mp0fUJBNm";

  publicKeys = {
    "server2" = [
      soispha
      sils
      server2HostKey
    ];

    "server3" = [
      soispha
      sils
      server3HostKey
    ];
  };

  lock = builtins.fromJSON (builtins.readFile ./flake.lock);
  nixLib =
    import (builtins.fetchTree lock.nodes.library.locked).outPath {};
  inherit ((import (builtins.fetchTree lock.nodes.nixpkgs.locked).outPath {})) lib;

  secrets = let
    base = nixLib.mkByName {
      useShards = false;
      fileName = "secrets";
      baseDirectory = ./hosts/by-name;
    };
    secrets = builtins.mapAttrs (name: value:
      nixLib.mkByName {
        relativePaths = true;
        useShards = false;
        fileRegex = "^.*\.age$";
        baseDirectory = value;
      })
    base;
    allSecretPaths = builtins.mapAttrs (serverName: secrets:
      lib.lists.flatten (
        lib.attrsets.mapAttrsToList
        (service: fileNames: builtins.map (fileName: "./hosts/by-name/${serverName}/secrets/${service}/${fileName}") fileNames)
        secrets
      ))
    secrets;
  in
    # We should be able to merge with the `//` operator here because all attribute paths
    # must be unique (they were files previously)
    builtins.foldl' (acc: elem: acc // elem) {} (
      builtins.attrValues (builtins.mapAttrs (serverName: secretPaths:
        builtins.listToAttrs (
          builtins.map
          (secretPath: {
            name = secretPath;
            value.publicKeys = publicKeys."${serverName}";
          })
          secretPaths
        ))
      allSecretPaths)
    );
in
  secrets