NixOS/secrets/secrets.nix

let
  root-dir = builtins.toString ./.;
  lib = import ../lib;
  master-keys = [
    "age1yubikey1qfnj0k4mkzrn8ef5llwh2sv6hd7ckr0qml3n9hzdpz9c59ypvryhyst87k0"
  ];
  hosts = {
    luna =
      let
        secrets = "${root-dir}/luna";
      in
      [
        "${secrets}/gitlab-runner-reg-config.age"
        "${secrets}/root-hash-pw.age"
      ];
  };
in
(builtins.listToAttrs
  (builtins.concatMap
    (host:
      (builtins.map
        (secret: {
          name = builtins.toString secret;
          value = {
            publicKeys = [ (import ./../hosts/${host}/pubkey.nix) ] ++ master-keys;
          };
        })
        (builtins.getAttr host hosts)))
    (builtins.attrNames hosts)))
feat: add agenix for secrets management 2023-10-29 22:38:56 -05:00			`let`
refactor(luna): massively overhaul luna to better handle opt-in state Now uses BTRFS rollbacks instead of tmpfs 2023-12-07 09:05:24 -06:00			`root-dir = builtins.toString ./.;`
			`lib = import ../lib;`
			`master-keys = [`
			`"age1yubikey1qfnj0k4mkzrn8ef5llwh2sv6hd7ckr0qml3n9hzdpz9c59ypvryhyst87k0"`
			`];`
			`hosts = {`
			`luna =`
			`let`
			`secrets = "${root-dir}/luna";`
			`in`
			`[`
			`"${secrets}/gitlab-runner-reg-config.age"`
			`"${secrets}/root-hash-pw.age"`
feat: add agenix for secrets management 2023-10-29 22:38:56 -05:00			`];`
			`};`
			`in`
refactor(luna): massively overhaul luna to better handle opt-in state Now uses BTRFS rollbacks instead of tmpfs 2023-12-07 09:05:24 -06:00			`(builtins.listToAttrs`
			`(builtins.concatMap`
			`(host:`
			`(builtins.map`
			`(secret: {`
			`name = builtins.toString secret;`
			`value = {`
			`publicKeys = [ (import ./../hosts/${host}/pubkey.nix) ] ++ master-keys;`
			`};`
			`})`
			`(builtins.getAttr host hosts)))`
			`(builtins.attrNames hosts)))`