From 58bffb026392d08edb52d05f17c7069bfd63deba Mon Sep 17 00:00:00 2001
From: catvayor <catvayor@katvayor.net>
Date: Fri, 24 Jan 2025 16:31:20 +0100
Subject: [PATCH] feat(meta/checks): check only for required ssh keys

---
 meta/options.nix | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/meta/options.nix b/meta/options.nix
index adfe420..539be1d 100644
--- a/meta/options.nix
+++ b/meta/options.nix
@@ -8,11 +8,14 @@
 
 let
   inherit (lib)
+    concatLists
+    mapAttrsToList
     mkEnableOption
     mkDefault
     mkIf
     mkOption
     optionalAttrs
+    unique
     ;
 
   inherit (lib.types)
@@ -382,6 +385,12 @@ in
       groupsExists = nameExists groups;
 
       extract = name: builtins.mapAttrs (_: builtins.getAttr name);
+
+      nodeAdmins =
+        _:
+        { admins, adminGroups, ... }:
+        (builtins.foldl' (members: group: members ++ org.groups.${group})) admins adminGroups;
+      all-admins = unique (org.groups.root ++ concatLists (mapAttrsToList nodeAdmins config.nodes));
     in
     {
       assertions = builtins.concatLists [
@@ -419,7 +428,7 @@ in
         (builtins.map (name: {
           assertion = ((import ../keys)._keys.${name} or [ ]) != [ ];
           message = "No ssh keys found for ${name}.";
-        }) members)
+        }) all-admins)
       ];
     };
 }