feat(lib/keys): Add a function for nodeless secrets

2025-02-24 17:45:55 +01:00 · 2025-02-24 17:45:55 +01:00 · 6dc90315c5
commit 6dc90315c5
parent 8e39d6bc1a
2 changed files with 9 additions and 8 deletions
--- a/lib/keys/default.nix
+++ b/lib/keys/default.nix
@ -40,6 +40,8 @@ rec {

  mkSecrets = nodes: setDefault { publicKeys = unique (builtins.concatMap getSecretKeys nodes); };

+  mkRootSecrets = setDefault { publicKeys = unique rootKeys; };
+
  machineKeysBySystem =
    system:
    rootKeys
--- a/modules/nixos/dgn-backups/keys/secrets.nix
+++ b/modules/nixos/dgn-backups/keys/secrets.nix
@ -2,11 +2,10 @@
 #
 # SPDX-License-Identifier: EUPL-1.2

-(import ../../../../keys.nix).mkSecrets
-  [ ]
-  [
-    "compute01.key"
-    "storage01.key"
-    "web01.key"
-    "web03.key"
-  ]
+(import ../../../../keys.nix).mkRootSecrets [
+  "compute01.key"
+  "storage01.key"
+  "web01.key"
+  "web02.key"
+  "web03.key"
+]