{ lib, config, ... }:
{
  age.secrets =
    lib.listToAttrs (
      map
        (secret: {
          name = secret;
          value = {
            file = ../../secrets/${secret}.age;
          };
        })
        [
          "gotosocial"
          "immich"
          "readeck"
          "storage-box-credentials"
          "vaultwarden"
          "donetick"
          "dnote"
          "mealie"
          "mosquitto/homie"
          "mosquitto/telegraf"
          "mosquitto/openhab"
          "mosquitto/shelly"
          "mosquitto/mokkimaatti"
          "gitlab-runner/default"
          "gitlab-runner/docker"
          "glance/reddit/app-id"
          "glance/reddit/app-secret"
          "hetzner"
        ]
    )
    // {
      smtp-password = {
        file = ../../secrets/smtp-password.age;
        owner =
          if (config.services.grafana.enable) then
            config.systemd.services.grafana.serviceConfig.User
          else
            "root";
      };
      hastebin-tokens = {
        file = ../../secrets/hastebin-tokens.age;
        owner = if (config.services.hastebin.enable) then config.users.users.hastebin.name else "root";
      };
      hledger-basic-auth = {
        file = ../../secrets/hledger-basic-auth.age;
        owner = if (config.services.hledger-web.enable) then "nginx" else "root";
      };
    };
}