secrets: refactor

secrets/secrets.nix

@@ -1,16 +1,12 @@
 let
-  adisbladis = builtins.readFile ../users/keys/adisbladis;
+  users = map (name: builtins.readFile ../users/keys/${name}) userNames;
-  mic92 = builtins.readFile ../users/keys/mic92;
-  ryantm = builtins.readFile ../users/keys/ryantm;
-  zimbatm = builtins.readFile ../users/keys/zimbatm;
-  zowoq = builtins.readFile ../users/keys/zowoq;
 
-  users = [
+  userNames = [
-    adisbladis
+    "adisbladis"
-    mic92
+    "mic92"
-    ryantm
+    "ryantm"
-    zimbatm
+    "zimbatm"
-    zowoq
+    "zowoq"
   ];
 
   inherit ((import ../modules/shared/known-hosts.nix).programs.ssh) knownHosts;
@@ -19,24 +15,32 @@ let
   build03 = knownHosts.build03.publicKey;
   build04 = knownHosts.build04.publicKey;
   darwin02 = knownHosts.darwin02.publicKey;
-in
+
-{
+  secrets = {
-  "hercules-binary-caches.age".publicKeys = users ++ [
+    hercules-binary-caches = [
       build03
       build04
       darwin02
     ];
-  "hercules-cluster-join-token.age".publicKeys = users ++ [
+    hercules-cluster-join-token = [
       build03
       build04
       darwin02
     ];
-  "hercules-secrets.age".publicKeys = users ++ [
+    # hercules-secrets are only needed on linux
+    hercules-secrets = [
       build03
       build04
-  ]; # hercules-secrets are only needed on linux
+    ];
-  "hetzner-borgbackup-ssh.age".publicKeys = users ++ [
+    hetzner-borgbackup-ssh = [
       build02
       build03
     ];
-}
+  };
+in
+builtins.listToAttrs (
+  map (secretName: {
+    name = "${secretName}.age";
+    value.publicKeys = secrets."${secretName}" ++ users;
+  }) (builtins.attrNames secrets)
+)