40 lines
1.2 KiB
Nix
40 lines
1.2 KiB
Nix
|
let
|
||
|
|
_sources = import ../npins;
|
||
|
|
|
||
|
|
meta = import ../meta (import _sources.nixpkgs { }).lib;
|
||
|
|
|
||
|
|
getAttr = flip builtins.getAttr;
|
||
|
|
|
||
|
|
inherit (import ../lib/nix-lib) flip setDefault unique;
|
||
|
|
in
|
||
|
|
|
||
|
|
rec {
|
||
|
|
# WARNING: When updating this list, make sure that the nodes and members are alphabetically sorted
|
||
|
|
# If not, you will face an angry maintainer
|
||
|
|
_keys = (import "${_sources.infrastructure}/keys")._keys // {
|
||
|
|
krz01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP4o65gWOgNrxbSd3kiQIGZUM+YD6kuZOQtblvzUGsfB" ];
|
||
|
|
};
|
||
|
|
|
||
|
|
getKeys = ls: builtins.concatLists (builtins.map (getAttr _keys) ls);
|
||
|
|
|
||
|
|
mkSecrets =
|
||
|
|
nodes: setDefault { publicKeys = unique (rootKeys ++ (builtins.concatMap getNodeKeys' nodes)); };
|
||
|
|
|
||
|
|
getNodeKeys' =
|
||
|
|
node:
|
||
|
|
let
|
||
|
|
names = builtins.foldl' (names: group: names ++ meta.organization.groups.${group}) (
|
||
|
|
meta.nodes.${node}.admins ++ [ node ]
|
||
|
|
) meta.nodes.${node}.adminGroups;
|
||
|
|
in
|
||
|
|
unique (getKeys names);
|
||
|
|
|
||
|
|
getNodeKeys = node: rootKeys ++ getNodeKeys' node;
|
||
|
|
|
||
|
|
# List of keys for the root group
|
||
|
|
rootKeys = getKeys meta.organization.groups.root;
|
||
|
|
|
||
|
|
# List of 'machine' keys
|
||
|
|
machineKeys = rootKeys ++ (getKeys (builtins.attrNames meta.nodes));
|
||
|
|
}
|