Rodrigo Arias Mallo
0a5f9b55f5
The agenix tools needs to read the secrets from a standalone file, but we also need the same information for the SSH keys.
14 lines
337 B
Nix
14 lines
337 B
Nix
let
|
|
keys = import ../keys.nix;
|
|
adminsKeys = builtins.attrValues keys.admins;
|
|
hut = [ keys.hosts.hut ] ++ adminsKeys;
|
|
# Only expose ceph keys to safe nodes and admins
|
|
ceph = keys.hostGroup.safe ++ adminsKeys;
|
|
in
|
|
{
|
|
"ovni-token.age".publicKeys = hut;
|
|
"nosv-token.age".publicKeys = hut;
|
|
|
|
"ceph-user.age".publicKeys = ceph;
|
|
}
|