chore: Refactor meta to a module architecture

Get rid of the weird half nix half module stuff.

lib/keys/default.nix

@@ -0,0 +1,51 @@
+# SPDX-FileCopyrightText: 2024 Ryan Lahfa <ryan.lahfa@dgnum.eu>
+# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
+# SPDX-FileContributor: Maurice Debray <maurice.debray@dgnum.eu>
+#
+# SPDX-License-Identifier: EUPL-1.2
+
+{ meta, lib }:
+let
+  inherit (import ../nix-lib) setDefault unique;
+
+  getAttr = lib.flip builtins.getAttr;
+in
+rec {
+  _memberKeys = builtins.mapAttrs (_: v: v.sshKeys) meta.organization.members;
+  _builderKeys = builtins.mapAttrs (_: v: v.builderKeys) meta.organization.members;
+  _nodeKeys = builtins.mapAttrs (_: v: v.sshKeys) meta.nodes;
+
+  # Get keys of the users
+  getMemberKeys = name: builtins.concatLists (builtins.map (getAttr _memberKeys) name);
+
+  # Get builder keys of the users
+  getBuilderKeys = getAttr _builderKeys;
+
+  # Get keys of the ssh server
+  getNodeKeys = name: builtins.concatLists (builtins.map (getAttr _nodeKeys) name);
+
+  # List of keys for the root group
+  rootKeys = getMemberKeys meta.organization.groups.root;
+
+  # All admins for a node
+  getNodeAdmins =
+    node:
+    meta.organization.groups.root
+    ++ meta.nodes.${node}.admins
+    ++ (builtins.concatMap (g: meta.organization.groups.${g}) meta.nodes.${node}.adminGroups);
+
+  # All keys needed for secret encryption
+  getSecretKeys = node: unique (getMemberKeys (getNodeAdmins node) ++ getNodeKeys [ node ]);
+
+  # List of keys for all machines wide secrets
+  machineKeys = rootKeys ++ (getNodeKeys (builtins.attrNames meta.nodes));
+
+  mkSecrets = nodes: setDefault { publicKeys = unique (builtins.concatMap getSecretKeys nodes); };
+
+  machineKeysBySystem =
+    system:
+    rootKeys
+    ++ (getNodeKeys (
+      builtins.attrNames (lib.filterAttrs (_: v: v.nixpkgs.system == system) meta.nodes)
+    ));
+}