# SPDX-FileCopyrightText: 2024 Tom Hubrecht # # SPDX-License-Identifier: EUPL-1.2 let _sources = import ../npins; meta = (import ../meta (import _sources.nixpkgs { }).lib).config; getAttr = flip builtins.getAttr; inherit (import ../lib/nix-lib) flip setDefault unique; in rec { _keys = builtins.mapAttrs (_: v: v.sshKeys) meta.organization.members // builtins.mapAttrs (_: v: v.sshKeys) meta.organization.members; _vpnKeys = builtins.mapAttrs (_: v: v.vpnKeys) meta.organization.members // builtins.mapAttrs (_: v: v.vpnKeys) meta.machines; getKeys = ls: builtins.concatLists (builtins.map (getAttr _keys) ls); getVpnKey = vpn: ls: getAttr (builtins.concatLists (builtins.map (getAttr _vpnKeys) ls)) vpn; mkSecrets = nodes: setDefault { publicKeys = unique (rootKeys ++ (builtins.concatMap getNodeKeys' nodes)); }; getNodeKeys' = node: let names = builtins.foldl' (names: group: names ++ meta.organization.groups.${group}) ( meta.nodes.${node}.admins ++ [ node ] ) meta.nodes.${node}.adminGroups; in unique (getKeys names); getNodeKeys = node: rootKeys ++ getNodeKeys' node; # List of keys for the root group rootKeys = getKeys meta.organization.groups.root; # List of 'machine' keys machineKeys = rootKeys ++ (getKeys (builtins.attrNames meta.nodes)); }