2024-04-19 22:27:46 -05:00
|
|
|
{
|
2024-05-03 14:35:00 -05:00
|
|
|
agenix ? false,
|
2024-08-25 00:28:11 -05:00
|
|
|
clib ? import ../clib { },
|
2024-04-19 22:27:46 -05:00
|
|
|
}:
|
2024-03-14 03:37:02 -05:00
|
|
|
let
|
2024-05-03 14:35:00 -05:00
|
|
|
masterKeys = [
|
2024-03-14 03:37:02 -05:00
|
|
|
"age1yubikey1qfnj0k4mkzrn8ef5llwh2sv6hd7ckr0qml3n9hzdpz9c59ypvryhyst87k0"
|
|
|
|
"age1ur2lr3z6d2eftgxcalc6s5x9840ew9x43upl9k23wg0ugacrn5as4zl6sj"
|
|
|
|
];
|
2024-05-03 14:35:00 -05:00
|
|
|
hosts = {
|
|
|
|
luna =
|
|
|
|
let
|
|
|
|
secrets = "hosts/luna";
|
|
|
|
in
|
|
|
|
{
|
|
|
|
users-root-pw = "${secrets}/users-root-pw.age";
|
|
|
|
users-price-pw = "${secrets}/users-price-pw.age";
|
|
|
|
gitea-db-pass = "${secrets}/gitea-db-pass.age";
|
|
|
|
gitea-runner-token = "${secrets}/gitea-runner-token.age";
|
2024-05-13 17:15:50 -05:00
|
|
|
gh-ts-autotag-runner-token = "${secrets}/gh-ts-autotag-runner-token.age";
|
2024-05-03 14:35:00 -05:00
|
|
|
};
|
|
|
|
orion =
|
|
|
|
let
|
|
|
|
secrets = "hosts/orion";
|
|
|
|
in
|
|
|
|
{
|
|
|
|
users-root-pw = "${secrets}/users-root-pw.age";
|
|
|
|
users-price-pw = "${secrets}/users-price-pw.age";
|
|
|
|
};
|
|
|
|
};
|
2024-04-19 22:27:46 -05:00
|
|
|
in
|
|
|
|
if agenix then
|
|
|
|
(builtins.listToAttrs (
|
2024-05-03 14:35:00 -05:00
|
|
|
builtins.concatMap (
|
|
|
|
host:
|
|
|
|
let
|
|
|
|
hostSecrets = (builtins.getAttr host hosts);
|
|
|
|
in
|
|
|
|
(builtins.map (
|
|
|
|
hostSecretName:
|
|
|
|
let
|
|
|
|
secret = (builtins.getAttr hostSecretName hostSecrets);
|
|
|
|
in
|
|
|
|
{
|
|
|
|
name = builtins.toString secret;
|
|
|
|
value = {
|
|
|
|
publicKeys = [ (import ./../hosts/${host}/pubkey.nix) ] ++ masterKeys;
|
|
|
|
};
|
|
|
|
}
|
|
|
|
) (builtins.attrNames hostSecrets))
|
|
|
|
) (builtins.attrNames hosts)
|
2024-04-19 22:27:46 -05:00
|
|
|
))
|
2024-03-14 03:37:02 -05:00
|
|
|
else
|
2024-05-03 14:35:00 -05:00
|
|
|
(builtins.mapAttrs (
|
|
|
|
host: secrets:
|
2024-08-25 00:28:11 -05:00
|
|
|
(clib.recursiveMerge (
|
2024-05-03 14:35:00 -05:00
|
|
|
builtins.map (secretName: { age.secrets.${secretName}.file = ./${secrets.${secretName}}; }) (
|
|
|
|
builtins.attrNames hosts.${host}
|
|
|
|
)
|
|
|
|
))
|
|
|
|
) hosts)
|