Fediversity/secrets/secrets.nix

35 lines
941 B
Nix
Raw Normal View History

2024-12-11 13:26:38 +01:00
let
inherit (builtins) attrValues foldl' mapAttrs;
## `mergeAttrs` and `concatMapAttrs` are in `lib.trivial` and `lib.attrsets`,
## but we would rather avoid a dependency in nixpkgs for this file.
mergeAttrs = x: y: x // y;
concatMapAttrs = f: v: foldl' mergeAttrs { } (attrValues (mapAttrs f v));
2024-12-11 13:26:38 +01:00
keys = import ../keys;
contributors = attrValues keys.contributors;
2024-12-11 13:26:38 +01:00
in
2024-12-11 13:26:38 +01:00
concatMapAttrs
(name: systems: {
"${name}.age".publicKeys = contributors ++ systems;
2024-12-11 13:26:38 +01:00
})
(
with keys.systems;
##############################################################################
## File name <-> system host keys mapping
##
## This attribute set defines precisely which secrets exist and which systems
## are able to decrypt them.
{
forgejo-database-password = [ vm02116 ];
forgejo-email-password = [ vm02116 ];
forgejo-runner-token = [
vm02179
vm02186
];
}
)