secrets: refactor

secrets/secrets.nix

@@ -1,16 +1,12 @@
 let
-  adisbladis = builtins.readFile ../users/keys/adisbladis;
+  users = map (name: builtins.readFile ../users/keys/${name}) userNames;
-  mic92 = builtins.readFile ../users/keys/mic92;
-  ryantm = builtins.readFile ../users/keys/ryantm;
-  zimbatm = builtins.readFile ../users/keys/zimbatm;
-  zowoq = builtins.readFile ../users/keys/zowoq;
 
-  users = [
+  userNames = [
-    adisbladis
+    "adisbladis"
-    mic92
+    "mic92"
-    ryantm
+    "ryantm"
-    zimbatm
+    "zimbatm"
-    zowoq
+    "zowoq"
   ];
 
   inherit ((import ../modules/shared/known-hosts.nix).programs.ssh) knownHosts;
@@ -19,24 +15,32 @@ let
   build03 = knownHosts.build03.publicKey;
   build04 = knownHosts.build04.publicKey;
   darwin02 = knownHosts.darwin02.publicKey;
+
+  secrets = {
+    hercules-binary-caches = [
+      build03
+      build04
+      darwin02
+    ];
+    hercules-cluster-join-token = [
+      build03
+      build04
+      darwin02
+    ];
+    # hercules-secrets are only needed on linux
+    hercules-secrets = [
+      build03
+      build04
+    ];
+    hetzner-borgbackup-ssh = [
+      build02
+      build03
+    ];
+  };
 in
-{
+builtins.listToAttrs (
-  "hercules-binary-caches.age".publicKeys = users ++ [
+  map (secretName: {
-    build03
+    name = "${secretName}.age";
-    build04
+    value.publicKeys = secrets."${secretName}" ++ users;
-    darwin02
+  }) (builtins.attrNames secrets)
-  ];
+)
-  "hercules-cluster-join-token.age".publicKeys = users ++ [
-    build03
-    build04
-    darwin02
-  ];
-  "hercules-secrets.age".publicKeys = users ++ [
-    build03
-    build04
-  ]; # hercules-secrets are only needed on linux
-  "hetzner-borgbackup-ssh.age".publicKeys = users ++ [
-    build02
-    build03
-  ];
-}