jungle/secrets/secrets.nix

let
  keys = import ../keys.nix;
  adminsKeys = builtins.attrValues keys.admins;
  hut = [ keys.hosts.hut ] ++ adminsKeys;
  # Only expose ceph keys to safe nodes and admins
  ceph = keys.hostGroup.safe ++ adminsKeys;
in
{
  "ovni-token.age".publicKeys = hut;
  "nosv-token.age".publicKeys = hut;

  "ceph-user.age".publicKeys = ceph;
}
Reorganize secrets and ssh keys The agenix tools needs to read the secrets from a standalone file, but we also need the same information for the SSH keys. 2023-09-04 21:36:31 +02:00			`let`
			`keys = import ../keys.nix;`
			`adminsKeys = builtins.attrValues keys.admins;`
			`hut = [ keys.hosts.hut ] ++ adminsKeys;`
			`# Only expose ceph keys to safe nodes and admins`
			`ceph = keys.hostGroup.safe ++ adminsKeys;`
			`in`
			`{`
			`"ovni-token.age".publicKeys = hut;`
			`"nosv-token.age".publicKeys = hut;`

			`"ceph-user.age".publicKeys = ceph;`
			`}`