diff --git a/flake.nix b/flake.nix
index 9d7fd01..b5dd818 100644
--- a/flake.nix
+++ b/flake.nix
@@ -37,27 +37,11 @@
       deploy = pkgs.writeShellScriptBin "nhs" ''
         nh os switch --hostname extremist-software --target-host root@extremist-software path:. "$@"
       '';
-      check-secrets = pkgs.writeShellScriptBin "check-secrets" ''
-        set -euo pipefail
-        failed=0
-        for f in secrets/*.age; do
-          last=$(agenix -d "$f" | tail -c 1 | od -An -tx1 | tr -d ' \n')
-          if [ "$last" = "0a" ]; then
-            echo "FAIL: $f has trailing newline"
-            failed=1
-          fi
-        done
-        if [ "$failed" -eq 0 ]; then
-          echo "All secrets OK: no trailing newlines"
-        fi
-        exit $failed
-      '';
     in pkgs.mkShell {
       packages = [
         pkgs.nh
         inputs.agenix.packages.x86_64-linux.default
         deploy
-        check-secrets
       ];
     };
   };
diff --git a/modules/mail.nix b/modules/mail.nix
index 124393a..5dae503 100644
--- a/modules/mail.nix
+++ b/modules/mail.nix
@@ -48,8 +48,7 @@
     };
   };
 
-  # Allow Stalwart to read the ACME certificate procured for Caddy and the agenix secret
+  # Allow Stalwart to read the ACME certificate procured for Caddy
   systemd.services.stalwart.serviceConfig.SupplementaryGroups = [ "acme" ];
-  systemd.services.stalwart.serviceConfig.ReadOnlyPaths = [ "/run/agenix/stalwart-admin" ];
 
 }
diff --git a/secrets/forgejo-db.age b/secrets/forgejo-db.age
index eb4383e..989d149 100644
--- a/secrets/forgejo-db.age
+++ b/secrets/forgejo-db.age
@@ -1,7 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 uKftJg Te84EkKqyNTBmTCMcStRmGDVlqxb2OwKjg7IR6gN7RQ
-lmALupFfrndxzf8mFEy8NG66etMSsjIJ1NsLbNuyT28
--> ssh-ed25519 Ziw7aw psq3NjNBYHq59suobWWYAS+G48z6YkbeWb0H+71w2wc
-4ZtwI6wKGLa0USEdnwspuT9cs0BB9HwLvEJai17RjXM
---- rVkEVIprnhGwC3WExw4sWjBRaFT7Vkqlz6QbcDbDHO0
-„MM w«—\±'ÆÖÐJúSÀìì"Ûž ]‰£ÀÌLj¸ŠœLÑÂ%ˆ×í~Ÿ˜ê-é‰œ]jmsq¡øÒd-d…²qçÆ
\ No newline at end of file
+-> ssh-ed25519 uKftJg mtSxHYyX33fx/dUTpNGgu4ah3X/I6zTB0amu7Ji+iWU
+6EXDWMEoDuDZ36rYqUR52IQFASZb5s0bm3KRyAKIXUg
+-> ssh-ed25519 Ziw7aw zqjgjZGh9C3H/gpuLx+dUC9EngSoHB/feiyCgqss+F4
+MyCY88yFfDSqAr0PbYSg/FbHo+B6rxXBPkVxczgW93E
+--- qGC9Dxmqtgm92IqNd3azWYEtkMEwwWRNsuXow6oZjlE
+›ìX)1±s™tr(fæÕPµ,Û‚7›8Öƒ™	ŠVøÍÖ”·1õ1&%ŒÃ(–¶Fë-úˆD"(–‚7ów=›äéþîßxmÙžãväS
\ No newline at end of file
diff --git a/secrets/grafana-secret.age b/secrets/grafana-secret.age
index 82343a8..b661c2a 100644
--- a/secrets/grafana-secret.age
+++ b/secrets/grafana-secret.age
@@ -1,7 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 uKftJg cnnRyonyuZyrP5zVUo6+Bfj1VhZYB35xJJJWGGo/KVc
-jVeECdwP9YjFQbdoeC/kKZEnrhoLwjy3XWgY6jtt31A
--> ssh-ed25519 Ziw7aw Y0P2mFanbPUHD4qm46f8wX/ALlZBaGM9XSaee/q+Tmo
-+df1wxiglBajeC/IPCVl77MS6DtqFdyu9nz1HN7CmHM
---- pr7sOZ/mI4XaXt/MRT0ToIetQHSPUV4+wkigpd6UhYI
-oÀÛÓôU‰u—lwî)ê6Ö*%’”=þ™:$—Ÿ»[icŒ‰Š@g<+/Î9¢ò//n)6"I~Tœø8%nÀdÞI„aæÅG
\ No newline at end of file
+-> ssh-ed25519 uKftJg 6TMM/HxgvFAlsOOJuEhoKfnN5CcjEvck9BKUXTNQsjk
+Y0G/GK6+t5jFK+cPqovD/oxs1ZLRAprstr27pZ6mb0c
+-> ssh-ed25519 Ziw7aw TQWn+XR8FHTv2+ol4id6hcL3C+Jk92jsB2hHFacoD3o
+fr+xO4DvOHLSPn05u6JZi++wBABw0z9WqghdwJ62pz0
+--- PS3uOR8IZPAUoS8XA5WsBcCsLEfTxwS+vW6eHdZy3Fo
+£È¯Ê”¼1È/Ûœ%®öÆr–¹Ë)+í°Ãý0ÚWg¯?hÌJÍYãåÄœ¢Û®öçiÝŒ%[ê=–æyÔd·à˜w§€¦õ,xS
\ No newline at end of file
diff --git a/secrets/matrix-macaroon.age b/secrets/matrix-macaroon.age
index db86bd0..a72bc68 100644
Binary files a/secrets/matrix-macaroon.age and b/secrets/matrix-macaroon.age differ
diff --git a/secrets/mymx-webhook.age b/secrets/mymx-webhook.age
index 779460d..13a07b6 100644
--- a/secrets/mymx-webhook.age
+++ b/secrets/mymx-webhook.age
@@ -1,8 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 uKftJg odmqiQoMit+Hd/clSrfuszRodIE1F8TYqkBlF53t8R8
-BDtfg89wMlSy/qggeUNmDpHgvxq9IZzZq0512OeRXVM
--> ssh-ed25519 Ziw7aw sf0Bg7dYa9/juDnRN7J98Kr1dYr9LCldjf5mWxH36jE
-no2kHSXfVPiC3t0Lyz+enlAkVco/6fiNTO2luNhwH+U
---- qOuHzmSrOs3h1txQm/Xug7qmCo21EE1QwJudeCfr7yA
-^ˆµ.ã”¦Q
-ã‹kâá5¿}È›àíÌLòý$ñgˆÁ¦ØlÿaoÄ>Õê2ÃùÕîNÃŒˆŸi—BäïŽ·…8c'’¸¦­ñ
\ No newline at end of file
+-> ssh-ed25519 uKftJg EC9vi+nqoSqUHET3/4fWoiuW9vTZo5XOB1dc+Fe36U0
+FYKWAiLaAbotst3AuOulpgqAg+JHUqD3uWWLk7hxrH8
+-> ssh-ed25519 Ziw7aw naV+WKfldJhOnIzz13Q9zKSK+z+oRhiVfeEYuG+dtS0
+/GLmF3ws0aUsSVTAv9zzzD+8Cp/IkMlHWFzv1CbgSiM
+--- PdqmGwHvR/R0tqf46e1ZJl/QIzB1qadFtNyONpoQl30
+wnÿ4Âò@ŠýÐÞD~Ír³×Ë*þj·®!„-*½ûv})0–±ú´÷ÞÏÉFÛ7)®}rá/>Häè/3åS$	}ÅÙµìû«@¯Ð
\ No newline at end of file
diff --git a/secrets/ntfy-admin-hash.age b/secrets/ntfy-admin-hash.age
index 65e7885..701609c 100644
--- a/secrets/ntfy-admin-hash.age
+++ b/secrets/ntfy-admin-hash.age
@@ -1,8 +1,8 @@
 age-encryption.org/v1
--> ssh-ed25519 uKftJg /7GJLSD/uiWfbwND9yBqqVdp+K3d9PjBx7jnZ5QbZhY
-1hCmQKXosEHtzL43H/i9vKfcN4RnhqKlpH2za4Ba4Ys
--> ssh-ed25519 Ziw7aw 3RFUPE4hO518GvAOKe8blRdQeDourskVtPDTZr2/7HM
-4NqNkdP3heZwbSpcEKdDUB5oxhA6ejyfvbVeH5X95rI
---- xei/y3zeGI2PBxQlSEClf+rwNoGu7B3Fxan5wtjjRVY
-Úc6>å8òß³©#”¨1ÙÏXl$¾h}ð‚kÁ:¼d„öjªÄt
-dûtÅ³Ùøàç¥‡ÇFhùr¯0ïˆµW?»ÐêþÃÝ€IãÎˆôØ)Ewy
\ No newline at end of file
+-> ssh-ed25519 uKftJg Cccnzwl3XTJOW5+IuxDAsiI0L8Fy8JhJnpdERg9qgXU
+vgvQdUbmwRna+gLjGsmsheGGeG2KIxsWoDw4XAVSjEA
+-> ssh-ed25519 Ziw7aw vMnvy4HgMvhwALtUI14DmX6LbQiLXROINbJPlVfoW0g
+FGxDYfiejy2a5W9eZKww1YgQ3mQFTj/mORwBwTsEW80
+--- lThDR400zmmiBqnNmi2QKp2l3z3wCZ0jAxqIROLWn74
+?¿3JÃ€4zýrˆK
+œk×Ï[ˆ€Àå“5D/Ò×DTX+lü©frjÐ³„±½v©Î€›ñ³,ø…¤•#ê“z*}*Q°Ç¤Jèœ´åÆ¡ŽX1<JÑ¿n
\ No newline at end of file
diff --git a/secrets/searx-env.age b/secrets/searx-env.age
index 451aa48..5231de5 100644
--- a/secrets/searx-env.age
+++ b/secrets/searx-env.age
@@ -1,7 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 uKftJg fCoIf0PBF2yEyxTVyQ6TIpYLflTi0o8qvAGDEu9RuEw
-Oii/YTr2eypugz2uvYHsVJNBGLuvdAk7ClnM+1QGyo0
--> ssh-ed25519 Ziw7aw BqlFb0QPKLVQq6fRpnriiksmCJet6niIdAVNLIwS3gQ
-OHcA1QRQfdTFCo4sNbMhdQy97MB3TX4S7WtcHefQvNc
---- jH9GM569IxkI0CM4xkIBC3KQRHaO5JIp+e89abfuNtQ
-AáO™QŠá ÕÁQA…³µÝƒ67ÖÁÈ¶”¯ÝêYªÀïÛNŸfêJ#œSs	çãZõÛàÌ™–|^;K\jÍVù!œs“gu?|
\ No newline at end of file
+-> ssh-ed25519 uKftJg s5orwA5GrqKWguh/hIhdJGyUP+Vx7iGqoQKuEO48DiY
+K+CrOTAFATdTsax+GwQBjJkni4IYDnfPdsVop8eMkKs
+-> ssh-ed25519 Ziw7aw 27Zr3vWFaQNfeTxJmNajNkigC5RUcwgz6Qs7183fUTM
+Bmj69hGO8tIZUJG5tiXqZHy+Ft6T5J2iJAYIxyYxZj8
+--- rC5PWCFkjuuPrSWRImrY7IzODjxevS30MFSXdV5qpG4
+#N¥R!F”²3{
+!šŠ6Ï1bF?ùœÇ¯ßg!o}$…iR‚½ƒ5øÞ×
+¶ûçjÈõýMÿgÕqµÝÈS,­_r:ªqf‘
\ No newline at end of file
diff --git a/secrets/stalwart-admin.age b/secrets/stalwart-admin.age
index 28c9480..2c123f4 100644
--- a/secrets/stalwart-admin.age
+++ b/secrets/stalwart-admin.age
@@ -1,7 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 uKftJg Xzdrr1er1AK3AjxaTw5XP+GicbeQ+Ym/64ALuvW9mx4
-nNmJkCIQRlIRiHpQHfGZYbHGMk5C8EWqz4ewjMjA9O4
--> ssh-ed25519 Ziw7aw 2vmbeaH1tIoOR+Ao3b0M1Lur4+3USj3jkpYAi+fB6AM
-qhNaZ1DaX4zbYqTsWB3sE9PRGWCm48r2+YBuzBz9gO4
---- WGMdCifHq9HHGKhJa5WI/amy8vatpzb+vEn4uMAMy/g
-²ðNÁyógXá¾–“W4…œqÞï©Ê’ÕxyãQÆI6·W(`Ú/É-yŽÚg§³‘¥>B7áD-Óà»@6ñxIN‚”š³É'Ñý¸
\ No newline at end of file
+-> ssh-ed25519 uKftJg E7BMWjT2cbnomhydZCaRs5EMKoDGyU9O+NAvKHjflzs
+8yl7y2iXNrBuCyT05sOatAHiJhizUSFgFJt0NlMZ9pY
+-> ssh-ed25519 Ziw7aw PTAzjpRIfFk86q3docaVsh4CbXjDiCNJR2Of8YAYSBQ
+5WLY3czA6TKBJyTMwGVxSR7kuIVxBDMaKZ41VYgGhN8
+--- DHfY8BOaO+vb2MYxX/3XbgAIlwilFEPLRGUlZGJh1g0
+÷ª{ƒç-L^Ââì8ÎÊ;ÈÇÓÇ‰O
+¥7„LyššaÕ]Ú€Ž,ôÒjE½\ñm \¾
+:"yX<Þ	7XÈµãVÕ•lM
\ No newline at end of file
diff --git a/secrets/tailscale-key.age b/secrets/tailscale-key.age
index 9606ec0..0fbd734 100644
Binary files a/secrets/tailscale-key.age and b/secrets/tailscale-key.age differ