infrastructure/machines/core-services-01/secrets/secrets.nix

let
  pkgs = import <nixpkgs> {};
  lib = pkgs.lib;
  readPubkeys = user: builtins.filter (k: k != "") (lib.splitString "\n" (builtins.readFile (../pubkeys + "/${user}.keys")));
  superadmins = (readPubkeys "raito") ++ (readPubkeys "gdd");
  core-services-01 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILrnZxP4OUGDzd1uykMghzFNLH0Fg42hH+0qxif6O6oU";
  systems = [ core-services-01 ];
in
  {
    "keycloakDatabasePasswordFile.age".publicKeys = superadmins ++ systems;
    "oauth2ProxyKeyFile.age".publicKeys = superadmins ++ systems;
  }