secrets: refactor

This commit is contained in:
zowoq 2024-08-10 18:18:40 +10:00
parent a06d843d5c
commit 5be8586b31

View file

@ -1,16 +1,12 @@
let let
adisbladis = builtins.readFile ../users/keys/adisbladis; users = map (name: builtins.readFile ../users/keys/${name}) userNames;
mic92 = builtins.readFile ../users/keys/mic92;
ryantm = builtins.readFile ../users/keys/ryantm;
zimbatm = builtins.readFile ../users/keys/zimbatm;
zowoq = builtins.readFile ../users/keys/zowoq;
users = [ userNames = [
adisbladis "adisbladis"
mic92 "mic92"
ryantm "ryantm"
zimbatm "zimbatm"
zowoq "zowoq"
]; ];
inherit ((import ../modules/shared/known-hosts.nix).programs.ssh) knownHosts; inherit ((import ../modules/shared/known-hosts.nix).programs.ssh) knownHosts;
@ -19,24 +15,32 @@ let
build03 = knownHosts.build03.publicKey; build03 = knownHosts.build03.publicKey;
build04 = knownHosts.build04.publicKey; build04 = knownHosts.build04.publicKey;
darwin02 = knownHosts.darwin02.publicKey; darwin02 = knownHosts.darwin02.publicKey;
secrets = {
hercules-binary-caches = [
build03
build04
darwin02
];
hercules-cluster-join-token = [
build03
build04
darwin02
];
# hercules-secrets are only needed on linux
hercules-secrets = [
build03
build04
];
hetzner-borgbackup-ssh = [
build02
build03
];
};
in in
{ builtins.listToAttrs (
"hercules-binary-caches.age".publicKeys = users ++ [ map (secretName: {
build03 name = "${secretName}.age";
build04 value.publicKeys = secrets."${secretName}" ++ users;
darwin02 }) (builtins.attrNames secrets)
]; )
"hercules-cluster-join-token.age".publicKeys = users ++ [
build03
build04
darwin02
];
"hercules-secrets.age".publicKeys = users ++ [
build03
build04
]; # hercules-secrets are only needed on linux
"hetzner-borgbackup-ssh.age".publicKeys = users ++ [
build02
build03
];
}