secrets: refactor

This commit is contained in:
zowoq 2024-08-10 18:18:40 +10:00
parent a06d843d5c
commit 5be8586b31

View file

@ -1,16 +1,12 @@
let let
adisbladis = builtins.readFile ../users/keys/adisbladis; users = map (name: builtins.readFile ../users/keys/${name}) userNames;
mic92 = builtins.readFile ../users/keys/mic92;
ryantm = builtins.readFile ../users/keys/ryantm;
zimbatm = builtins.readFile ../users/keys/zimbatm;
zowoq = builtins.readFile ../users/keys/zowoq;
users = [ userNames = [
adisbladis "adisbladis"
mic92 "mic92"
ryantm "ryantm"
zimbatm "zimbatm"
zowoq "zowoq"
]; ];
inherit ((import ../modules/shared/known-hosts.nix).programs.ssh) knownHosts; inherit ((import ../modules/shared/known-hosts.nix).programs.ssh) knownHosts;
@ -19,24 +15,32 @@ let
build03 = knownHosts.build03.publicKey; build03 = knownHosts.build03.publicKey;
build04 = knownHosts.build04.publicKey; build04 = knownHosts.build04.publicKey;
darwin02 = knownHosts.darwin02.publicKey; darwin02 = knownHosts.darwin02.publicKey;
in
{ secrets = {
"hercules-binary-caches.age".publicKeys = users ++ [ hercules-binary-caches = [
build03 build03
build04 build04
darwin02 darwin02
]; ];
"hercules-cluster-join-token.age".publicKeys = users ++ [ hercules-cluster-join-token = [
build03 build03
build04 build04
darwin02 darwin02
]; ];
"hercules-secrets.age".publicKeys = users ++ [ # hercules-secrets are only needed on linux
hercules-secrets = [
build03 build03
build04 build04
]; # hercules-secrets are only needed on linux ];
"hetzner-borgbackup-ssh.age".publicKeys = users ++ [ hetzner-borgbackup-ssh = [
build02 build02
build03 build03
]; ];
} };
in
builtins.listToAttrs (
map (secretName: {
name = "${secretName}.age";
value.publicKeys = secrets."${secretName}" ++ users;
}) (builtins.attrNames secrets)
)