From 6dc90315c5f5a48ded29793646d76c03abfe7113 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Mon, 24 Feb 2025 17:45:55 +0100
Subject: [PATCH] feat(lib/keys): Add a function for nodeless secrets

---
 lib/keys/default.nix                       |  2 ++
 modules/nixos/dgn-backups/keys/secrets.nix | 15 +++++++--------
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/lib/keys/default.nix b/lib/keys/default.nix
index 992da9b..d18907f 100644
--- a/lib/keys/default.nix
+++ b/lib/keys/default.nix
@@ -40,6 +40,8 @@ rec {
 
   mkSecrets = nodes: setDefault { publicKeys = unique (builtins.concatMap getSecretKeys nodes); };
 
+  mkRootSecrets = setDefault { publicKeys = unique rootKeys; };
+
   machineKeysBySystem =
     system:
     rootKeys
diff --git a/modules/nixos/dgn-backups/keys/secrets.nix b/modules/nixos/dgn-backups/keys/secrets.nix
index be205c4..ecddf23 100644
--- a/modules/nixos/dgn-backups/keys/secrets.nix
+++ b/modules/nixos/dgn-backups/keys/secrets.nix
@@ -2,11 +2,10 @@
 #
 # SPDX-License-Identifier: EUPL-1.2
 
-(import ../../../../keys.nix).mkSecrets
-  [ ]
-  [
-    "compute01.key"
-    "storage01.key"
-    "web01.key"
-    "web03.key"
-  ]
+(import ../../../../keys.nix).mkRootSecrets [
+  "compute01.key"
+  "storage01.key"
+  "web01.key"
+  "web02.key"
+  "web03.key"
+]