Rotate operator secrets into agenix and deepen caches

secrets/secrets.nix

@@ -3,6 +3,7 @@ let
   agent = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEN0+tRJy7Y2DW0uGYHb86N2t02WyU5lDNX6FaxBF/G8 agent@burrow.net";
   forge = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAlkGo4lwpwIIZ0J01KjTuJuf/U/wGgy4/aKwPIUzutL root@burrow-forge";
 
+  operatorSecrets = [ contact agent ];
   forgeAutomation = [ contact agent forge ];
 in {
   "secrets/forgejo/admin-password.age".publicKeys = forgeAutomation;
@@ -10,4 +11,9 @@ in {
   "secrets/forgejo/nsc-token.age".publicKeys = forgeAutomation;
   "secrets/forgejo/nsc-dispatcher-config.age".publicKeys = forgeAutomation;
   "secrets/forgejo/nsc-autoscaler-config.age".publicKeys = forgeAutomation;
+  "secrets/cloudflare/api-token.age".publicKeys = operatorSecrets;
+  "secrets/hetzner/api-token.age".publicKeys = operatorSecrets;
+  "secrets/forwardemail/api-token.age".publicKeys = operatorSecrets;
+  "secrets/forwardemail/hetzner-s3-user.age".publicKeys = operatorSecrets;
+  "secrets/forwardemail/hetzner-s3-secret.age".publicKeys = operatorSecrets;
 }