infrastructure/keys/default.nix

48 lines
1.3 KiB
Nix
Raw Normal View History

# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
let
_sources = import ../npins;
2024-12-05 12:37:51 +01:00
meta = (import ../meta (import _sources.nixpkgs { }).lib).config;
getAttr = flip builtins.getAttr;
inherit (import ../lib/nix-lib) flip setDefault unique;
in
rec {
2024-12-05 12:37:51 +01:00
_keys =
builtins.mapAttrs (_: v: v.sshKeys) meta.organization.members
// builtins.mapAttrs (_: v: v.sshKeys) meta.organization.members;
2024-12-05 12:37:51 +01:00
_vpnKeys =
builtins.mapAttrs (_: v: v.vpnKeys) meta.organization.members
// builtins.mapAttrs (_: v: v.vpnKeys) meta.machines;
getKeys = ls: builtins.concatLists (builtins.map (getAttr _keys) ls);
2024-12-05 12:37:51 +01:00
getVpnKey = vpn: ls: getAttr (builtins.concatLists (builtins.map (getAttr _vpnKeys) ls)) vpn;
mkSecrets =
nodes: setDefault { publicKeys = unique (rootKeys ++ (builtins.concatMap getNodeKeys' nodes)); };
getNodeKeys' =
node:
let
names = builtins.foldl' (names: group: names ++ meta.organization.groups.${group}) (
meta.nodes.${node}.admins ++ [ node ]
) meta.nodes.${node}.adminGroups;
in
unique (getKeys names);
getNodeKeys = node: rootKeys ++ getNodeKeys' node;
# List of keys for the root group
rootKeys = getKeys meta.organization.groups.root;
# List of 'machine' keys
machineKeys = rootKeys ++ (getKeys (builtins.attrNames meta.nodes));
}