Some procul secrets are set elsewhere now.

config/host-config/procul.nix

@@ -81,21 +81,17 @@ in {
   fudo = {
     hosts.procul.external-interfaces = [ "extif0" ];
 
-    secrets.host-secrets.procul = {
-      backplane-client-passwd = {
-        source-file = /state/secrets/backplane-client/procul.passwd;
-        target-file = "/srv/backplane/dns/client.passwd";
-        user = config.fudo.client.dns.user;
-      };
-
+    secrets.host-secrets.procul = let
+      secrets = config.fudo.secrets.file;
+    in {
       postgres-keytab = {
-        source-file = /state/secrets/kerberos/procul-postgres.keytab;
+        source-file = secrets.service-keytabs.procul.postgres;
         target-file = "/srv/postgres/secure/postgres.keytab";
         user = "root";
       };
 
       gitea-database-password = {
-        source-file = /state/secrets/gitea/procul-database.passwd;
+        source-file = secrets.service-passwords.procul.gitea;
         target-file = "/srv/gitea/secure/database.passwd";
         user = config.fudo.git.user;
       };
@@ -107,8 +103,6 @@ in {
       ipv6 = true;
       user = "fudo-client";
       external-interface = "extif0";
-      password-file =
-        config.fudo.secrets.host-secrets.procul.backplane-client-passwd.target-file;
     };
 
     auth.kdc = {