infrastructure/lib/keys/default.nix

# SPDX-FileCopyrightText: 2024 Ryan Lahfa <ryan.lahfa@dgnum.eu>
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
# SPDX-FileContributor: Maurice Debray <maurice.debray@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2

{ meta, lib }:
let
  inherit (lib.extra) setDefault unique;

  getAttr = lib.flip builtins.getAttr;
in
rec {
  _memberKeys = builtins.mapAttrs (_: v: v.sshKeys) meta.organization.members;
  _nodeKeys = builtins.mapAttrs (_: v: v.sshKeys) meta.nodes;

  # Get keys of the users
  getMemberKeys = name: builtins.concatLists (builtins.map (getAttr _memberKeys) name);

  # Get keys of the ssh server
  getNodeKeys = name: builtins.concatLists (builtins.map (getAttr _nodeKeys) name);

  # List of keys for the root group
  rootKeys = getMemberKeys meta.organization.groups.root;

  # All keys that can access a node
  getNodeKeys' =
    node:
    let
      names = meta.nodes.${node}.admins;
    in
    unique (getMemberKeys names ++ getNodeKeys [ node ]);

  # List of keys for all machines wide secrets
  machineKeys = rootKeys ++ (getNodeKeys (builtins.attrNames meta.nodes));

  mkSecrets = nodes: setDefault { publicKeys = unique (builtins.concatMap getNodeKeys' nodes); };

  machineKeysBySystem =
    system:
    rootKeys
    ++ (getNodeKeys (
      builtins.attrNames (lib.filterAttrs (_: v: v.nixpkgs.system == system) meta.nodes)
    ));
}