2024-12-12 14:41:43 +01:00
|
|
|
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
|
|
|
|
#
|
|
|
|
# SPDX-License-Identifier: EUPL-1.2
|
|
|
|
|
2024-10-09 17:04:30 +02:00
|
|
|
let
|
|
|
|
_sources = import ../npins;
|
|
|
|
|
2024-12-05 12:37:51 +01:00
|
|
|
meta = (import ../meta (import _sources.nixpkgs { }).lib).config;
|
2024-10-09 17:04:30 +02:00
|
|
|
|
|
|
|
getAttr = flip builtins.getAttr;
|
|
|
|
|
|
|
|
inherit (import ../lib/nix-lib) flip setDefault unique;
|
|
|
|
in
|
|
|
|
|
|
|
|
rec {
|
2024-12-05 12:37:51 +01:00
|
|
|
_keys =
|
|
|
|
builtins.mapAttrs (_: v: v.sshKeys) meta.organization.members
|
|
|
|
// builtins.mapAttrs (_: v: v.sshKeys) meta.organization.members;
|
2024-10-09 17:04:30 +02:00
|
|
|
|
2024-12-05 12:37:51 +01:00
|
|
|
_vpnKeys =
|
|
|
|
builtins.mapAttrs (_: v: v.vpnKeys) meta.organization.members
|
|
|
|
// builtins.mapAttrs (_: v: v.vpnKeys) meta.machines;
|
2024-10-09 17:04:30 +02:00
|
|
|
|
|
|
|
getKeys = ls: builtins.concatLists (builtins.map (getAttr _keys) ls);
|
|
|
|
|
2024-12-05 12:37:51 +01:00
|
|
|
getVpnKey = vpn: ls: getAttr (builtins.concatLists (builtins.map (getAttr _vpnKeys) ls)) vpn;
|
|
|
|
|
2024-10-09 17:04:30 +02:00
|
|
|
mkSecrets =
|
|
|
|
nodes: setDefault { publicKeys = unique (rootKeys ++ (builtins.concatMap getNodeKeys' nodes)); };
|
|
|
|
|
|
|
|
getNodeKeys' =
|
|
|
|
node:
|
|
|
|
let
|
|
|
|
names = builtins.foldl' (names: group: names ++ meta.organization.groups.${group}) (
|
|
|
|
meta.nodes.${node}.admins ++ [ node ]
|
|
|
|
) meta.nodes.${node}.adminGroups;
|
|
|
|
in
|
|
|
|
unique (getKeys names);
|
|
|
|
|
|
|
|
getNodeKeys = node: rootKeys ++ getNodeKeys' node;
|
|
|
|
|
|
|
|
# List of keys for the root group
|
|
|
|
rootKeys = getKeys meta.organization.groups.root;
|
|
|
|
|
|
|
|
# List of 'machine' keys
|
|
|
|
machineKeys = rootKeys ++ (getKeys (builtins.attrNames meta.nodes));
|
|
|
|
}
|