lab-infra/keys/default.nix
2024-12-13 12:06:49 +01:00

48 lines
1.7 KiB
Nix

let
_sources = import ../npins;
meta = import ../meta (import _sources.nixpkgs { }).lib;
getAttr = flip builtins.getAttr;
inherit (import ../lib/nix-lib) flip setDefault unique;
in
rec {
# WARNING: When updating this list, make sure that the nodes and members are alphabetically sorted
# If not, you will face an angry maintainer
_keys = (import "${_sources.infrastructure}/keys")._keys // {
krz01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP4o65gWOgNrxbSd3kiQIGZUM+YD6kuZOQtblvzUGsfB" ];
router02 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5t0InDV9nTLEqXrenqMJZAjkCAmfzHk6LLLHme3k3j" ];
roam01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKXjzVxYs5v5+7N0tyqpBQERXKjXwTZUqVGkdye4S1LP" ];
status01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAQFCsn/8c46O7JLx0QYdbZsXnS+NYtsgUNHPd2Toksj" ];
};
_vpnKeys =
builtins.mapAttrs (_: v: v.vpnKeys) meta.organization.members
// builtins.mapAttrs (_: v: v.vpnKeys) meta.network;
getKeys = ls: builtins.concatLists (builtins.map (getAttr _keys) ls);
getVpnKey = vpn: name: _vpnKeys.${name}.${vpn};
mkSecrets =
nodes: setDefault { publicKeys = unique (rootKeys ++ (builtins.concatMap getNodeKeys' nodes)); };
getNodeKeys' =
node:
let
names = builtins.foldl' (names: group: names ++ meta.organization.groups.${group}) (
meta.nodes.${node}.admins ++ [ node ]
) meta.nodes.${node}.adminGroups;
in
unique (getKeys names);
getNodeKeys = node: rootKeys ++ getNodeKeys' node;
# List of keys for the root group
rootKeys = getKeys meta.organization.groups.root;
# List of 'machine' keys
machineKeys = rootKeys ++ (getKeys (builtins.attrNames meta.nodes));
}