46 lines
1.2 KiB
Nix
46 lines
1.2 KiB
Nix
|
{ agenix ? true, lib ? import ../lib { } }:
|
||
|
let
|
||
|
masterKeys = [
|
||
|
"age1yubikey1qfnj0k4mkzrn8ef5llwh2sv6hd7ckr0qml3n9hzdpz9c59ypvryhyst87k0"
|
||
|
];
|
||
|
hosts = {
|
||
|
luna =
|
||
|
let
|
||
|
secrets = "luna";
|
||
|
in
|
||
|
{
|
||
|
root-pw = "${secrets}/root-hash-pw.age";
|
||
|
gitlab-runner-reg-config = "${secrets}/gitlab-runner-reg-config.age";
|
||
|
gitea-db-pass = "${secrets}/gitea-db-pass.age";
|
||
|
};
|
||
|
};
|
||
|
in
|
||
|
if agenix then
|
||
|
(builtins.listToAttrs
|
||
|
(builtins.concatMap
|
||
|
(host:
|
||
|
let
|
||
|
hostSecrets = (builtins.getAttr host hosts);
|
||
|
in
|
||
|
(builtins.map
|
||
|
(hostSecretName:
|
||
|
let
|
||
|
secret = (builtins.getAttr hostSecretName hostSecrets);
|
||
|
in
|
||
|
{
|
||
|
name = builtins.toString secret;
|
||
|
value = {
|
||
|
publicKeys = [ (import ./../hosts/${host}/pubkey.nix) ] ++ masterKeys;
|
||
|
};
|
||
|
})
|
||
|
(builtins.attrNames hostSecrets)))
|
||
|
(builtins.attrNames hosts)))
|
||
|
else
|
||
|
(builtins.mapAttrs
|
||
|
(host: secrets:
|
||
|
(lib.recursiveMerge (builtins.map
|
||
|
(secretName: {
|
||
|
age.secrets.${secretName}.file = ./${secrets.${secretName}};
|
||
|
})
|
||
|
(builtins.attrNames hosts.${host}))))
|
||
|
hosts)
|