let _sources = import ../npins; meta = import ../meta (import _sources.nixpkgs { }).lib; getAttr = flip builtins.getAttr; inherit (import ../lib/nix-lib) flip setDefault unique; in rec { # WARNING: When updating this list, make sure that the nodes and members are alphabetically sorted # If not, you will face an angry maintainer _keys = (import "${_sources.infrastructure}/keys")._keys // { krz01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP4o65gWOgNrxbSd3kiQIGZUM+YD6kuZOQtblvzUGsfB" ]; }; getKeys = ls: builtins.concatLists (builtins.map (getAttr _keys) ls); mkSecrets = nodes: setDefault { publicKeys = unique (rootKeys ++ (builtins.concatMap getNodeKeys' nodes)); }; getNodeKeys' = node: let names = builtins.foldl' (names: group: names ++ meta.organization.groups.${group}) ( meta.nodes.${node}.admins ++ [ node ] ) meta.nodes.${node}.adminGroups; in unique (getKeys names); getNodeKeys = node: rootKeys ++ getNodeKeys' node; # List of keys for the root group rootKeys = getKeys meta.organization.groups.root; # List of 'machine' keys machineKeys = rootKeys ++ (getKeys (builtins.attrNames meta.nodes)); }