{ inputs, pkgs, lib, config, ... }:
{
gnupg.keys = {
"Julien Moutinho <julm@sourcephile.fr>" = {
  uid = "Julien Moutinho <julm@sourcephile.fr>";
  algo   = "rsa4096";
  expire = "3y";
  usage  = ["cert" "sign"];
  passPath = "members/julm/gpg/password";
  subKeys = [
    { algo = "rsa4096"; expire = "3y"; usage = ["sign"]; }
    { algo = "rsa4096"; expire = "3y"; usage = ["encrypt"]; }
    { algo = "rsa4096"; expire = "3y"; usage = ["auth"]; }
  ];
  backupRecipients = [""];
};
"Julien Moutinho <julm@mermet>" = {
  uid = "Julien Moutinho <julm@mermet>";
  algo   = "rsa4096";
  expire = "3y";
  usage  = ["cert" "sign"];
  passPath = "members/julm/gpg/password";
  subKeys = [
    { algo = "rsa4096"; expire = "3y"; usage = ["sign"]; }
    { algo = "rsa4096"; expire = "3y"; usage = ["encrypt"]; }
    { algo = "rsa4096"; expire = "3y"; usage = ["auth"]; }
  ];
  backupRecipients = [""];
};
} // lib.listToAttrs (
  let domain = "sourcephile.fr"; in
  builtins.map (machine: lib.nameValuePair "root@${machine}.${domain}" {
  uid = "root@${machine}.${domain}";
  algo = "rsa4096";
  expire = "0";
  usage = ["cert" "sign"];
  passPath = "machines/${machine}/root/key.pass";
  subKeys = [
    { algo = "rsa4096"; expire = "0"; usage = ["encrypt"]; }
  ];
  backupRecipients = [""];
}) (builtins.attrNames inputs.self.nixosConfigurations));
}