NixOS/secrets/secrets.nix

let
  root-dir = builtins.toString ./.;
  lib = import ../lib;
  master-keys = [
    "age1yubikey1qfnj0k4mkzrn8ef5llwh2sv6hd7ckr0qml3n9hzdpz9c59ypvryhyst87k0"
  ];
  hosts = {
    luna =
      let
        secrets = "${root-dir}/luna";
      in
      [
        "${secrets}/gitlab-runner-reg-config.age"
        "${secrets}/root-hash-pw.age"
      ];
  };
in
(builtins.listToAttrs
  (builtins.concatMap
    (host:
      (builtins.map
        (secret: {
          name = builtins.toString secret;
          value = {
            publicKeys = [ (import ./../hosts/${host}/pubkey.nix) ] ++ master-keys;
          };
        })
        (builtins.getAttr host hosts)))
    (builtins.attrNames hosts)))