feat(infra): Internalize nix-lib, and make keys management simpler

2024-10-09 17:04:30 +02:00 · 2024-10-09 17:04:30 +02:00 · 6c4099d369
commit 6c4099d369
parent 53c865a335
45 changed files with 762 additions and 182 deletions
--- a/modules/dgn-backups/default.nix
+++ b/modules/dgn-backups/default.nix
@ -1,6 +1,7 @@
 {
  config,
  lib,
+  dgn-keys,
  name,
  ...
 }:
@ -103,15 +104,12 @@ in
        access = [
          {
            repo = "default";
-            keys = lib.extra.getAllKeys (
-              # Nodes allowed to create backups
-              builtins.map (host: "machines/${host}") [
-                "compute01"
-                "storage01"
-                "vault01"
-                "web01"
-              ]
-            );
+            keys = dgn-keys.getKeys [
+              "compute01"
+              "storage01"
+              "vault01"
+              "web01"
+            ];
            allowed = [ "put" ];
          }
        ];
@ -121,8 +119,7 @@ in
    };

    programs.ssh.knownHosts =
-      lib.extra.mapFuse
-        (host: { "${host}.dgnum".publicKey = builtins.head (lib.extra.getKeys "machines/${host}"); })
+      lib.extra.mapFuse (host: { "${host}.dgnum".publicKey = builtins.head dgn-keys._keys.${host}; })
        [
          "compute01"
          "geo01"