{
  config.age.secrets = {
    # Caddy Secrets
    # thehedgehog-pem = {
    #   file = ../secrets/thehedgehog-pem.age;
    #   path = "/run/agenix/thehedgehog.me.pem";
    #   owner = "caddy";
    #   group = "caddy";
    # };
    # thehedgehog-key = {
    #   file = ../secrets/thehedgehog-key.age;
    #   path = "/run/agenix/thehedgehog.me.key";
    #   owner = "caddy";
    #   group = "caddy";
    # };
    # cloudflare-ca = {
    #   file = ../secrets/cloudflare-ca.age;
    #   path = "/run/agenix/cloudflare-ca.pem";
    #   owner = "caddy";
    #   group = "caddy";
    # };
    # step-root-ca-crt-caddy = {
    #   file = ../secrets/step-root-ca-crt.age;
    #   path = "/run/agenix/step-root-ca-crt-caddy";
    #   owner = "caddy";
    #   group = "caddy";
    # };

    # Cloudflared secrets
    # cloudflared-creds = {
    #   file = ../secrets/cloudflared-creds.age;
    #   path = "/run/cloudflared/cloudflared-creds.json";
    #   owner = "cloudflared";
    #   group = "cloudflared";
    # };
    # cloudflared-vars = {
    #   file = ../secrets/cloudflared-vars.age;
    #   path = "/run/agenix/cloudflared_vars";
    #   owner = "cloudflared";
    #   group = "cloudflared";
    # };

    # Vaultwarden Secrets
    vaultwarden-vars = {
      file = ../secrets/vaultwarden-vars.age;
      path = "/run/agenix/vaultwarden-vars";
      owner = "vaultwarden";
      group = "vaultwarden";
    };

    # Miniflux admin password
    miniflux-admin = {
      file = ../secrets/miniflux-admin.age;
      path = "/run/agenix/miniflux-admin";
      owner = "miniflux";
      group = "miniflux";
    };

    miniflux-oidc-secret = {
      file = ../secrets/miniflux-oidc-secret.age;
      path = "/run/agenix/miniflux-oidc-secret";
      owner = "miniflux";
      group = "miniflux";
    };

    # Wireguard private key
    external-wg-priv-key = {
      file = ../secrets/external-wg-priv-key.age;
      path = "/run/agenix/external-wg-priv-key";
    };

    # Cloudflare DynDNS secret
    # cf-dyndns-token = {
    #   file = ../secrets/cf-dyndns-token.age;
    #   path = "/run/agenix/cf-dyndns-token";
    # };

    # Step CA secrets
    # step-password = {
    #   file = ../secrets/step-password.age;
    #   path = "/run/agenix/step-password";
    #   owner = "step-ca";
    #   group = "step-ca";
    # };
    # step-root-ca-key = {
    #   file = ../secrets/step-root-ca-key.age;
    #   path = "/run/agenix/step-root-ca-key";
    #   owner = "step-ca";
    #   group = "step-ca";
    # };
    # step-inter-ca-key = {
    #   file = ../secrets/step-inter-ca-key.age;
    #   path = "/run/agenix/step-inter-ca-key";
    #   owner = "step-ca";
    #   group = "step-ca";
    # };
    # step-root-ca-crt = {
    #   file = ../secrets/step-root-ca-crt.age;
    #   path = "/run/agenix/step-root-ca-crt";
    #   owner = "step-ca";
    #   group = "step-ca";
    # };
    # step-inter-ca-crt = {
    #   file = ../secrets/step-inter-ca-crt.age;
    #   path = "/run/agenix/step-inter-ca-crt";
    #   owner = "step-ca";
    #   group = "step-ca";
    # };

    # Gitea Secrets
    gitea-db-pw = {
      file = ../secrets/gitea-db-pw.age;
      path = "/run/agenix/gitea-db-pw";
      owner = "gitea";
      group = "gitea";
    };
    gitea-mail-pw = {
      file = ../secrets/gitea-mail-pw.age;
      path = "/run/agenix/gitea-mail-pw";
      owner = "gitea";
      group = "gitea";
    };

    # Nix-serve Private key
    nix-serve-priv = {
      file = ../secrets/nix-serve-priv.age;
      path = "/run/agenix/nix-serve-priv";
      owner = "nix-serve";
      group = "nix-serve";
    };

    # Authentik Variables
    authentik-env = {
      file = ../secrets/authentik-env.age;
      path = "/run/agenix/authentik.env";
      owner = "thehedgehog";
      group = "misc";
    };

    # Vikunja Secrets
    vikunja-env = {
      file = ../secrets/vikunja-env.age;
      path = "/run/agenix/vikunja-env";
      owner = "vikunja";
      group = "vikunja";
    };
  };
}