blob: d90b504e658b976ba1940276f29bd4d29acb984e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
let
soispha = "age1mshh4ynzhhzhff25tqwkg4j054g3xwrfznh98ycchludj9wjj48qn2uffn";
sils = "age1vuhaey7kd9l76y6f9weeqmde3s4kjw38869ju6u3027yece2r3rqssjxst";
server2HostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL1TUFoCTplkqTVbXQ6qDCyeo2h8+C0vjrIlKu6vmq5f";
server3HostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP3s4FjGx7LEVf/GE3WeCl8TmCtPt8gW1J0mp0fUJBNm";
publicKeys = {
"server2" = [
soispha
sils
server2HostKey
];
"server3" = [
soispha
sils
server3HostKey
];
};
lock = builtins.fromJSON (builtins.readFile ./flake.lock);
nixLib =
import (builtins.fetchTree lock.nodes.library.locked).outPath {};
inherit ((import (builtins.fetchTree lock.nodes.nixpkgs.locked).outPath {})) lib;
secrets = let
base = nixLib.mkByName {
useShards = false;
fileName = "secrets";
baseDirectory = ./hosts/by-name;
};
secrets = builtins.mapAttrs (name: value:
nixLib.mkByName {
relativePaths = true;
useShards = false;
fileRegex = "^.*\.age$";
baseDirectory = value;
})
base;
allSecretPaths = builtins.mapAttrs (serverName: secrets:
lib.lists.flatten (
lib.attrsets.mapAttrsToList
(service: fileNames: builtins.map (fileName: "./hosts/by-name/${serverName}/secrets/${service}/${fileName}") fileNames)
secrets
))
secrets;
in
# We should be able to merge with the `//` operator here because all attribute paths
# must be unique (they were files previously)
builtins.foldl' (acc: elem: acc // elem) {} (
builtins.attrValues (builtins.mapAttrs (serverName: secretPaths:
builtins.listToAttrs (
builtins.map
(secretPath: {
name = secretPath;
value.publicKeys = publicKeys."${serverName}";
})
secretPaths
))
allSecretPaths)
);
in
secrets
|
