2024-12-11 13:26:38 +01:00
|
|
|
let
|
|
|
|
pkgs = import <nixpkgs> { system = builtins.currentSystem; };
|
2024-12-12 10:39:49 +01:00
|
|
|
inherit (builtins) attrValues;
|
2024-12-11 13:26:38 +01:00
|
|
|
inherit (pkgs.lib.attrsets) concatMapAttrs;
|
|
|
|
|
2024-12-12 10:39:49 +01:00
|
|
|
keys = import ../keys;
|
|
|
|
contributors = attrValues keys.contributors;
|
2024-12-11 13:26:38 +01:00
|
|
|
in
|
2024-12-12 10:39:49 +01:00
|
|
|
|
2024-12-11 13:26:38 +01:00
|
|
|
concatMapAttrs
|
2024-12-12 10:39:49 +01:00
|
|
|
(name: systems: {
|
|
|
|
"${name}.age".publicKeys = contributors ++ systems;
|
2024-12-11 13:26:38 +01:00
|
|
|
})
|
|
|
|
|
2024-12-12 10:39:49 +01:00
|
|
|
(
|
|
|
|
with keys.systems;
|
|
|
|
|
|
|
|
##############################################################################
|
|
|
|
## File name <-> system host keys mapping
|
|
|
|
##
|
|
|
|
## This attribute set defines precisely which secrets exist and which systems
|
|
|
|
## are able to decrypt them.
|
|
|
|
|
|
|
|
{
|
|
|
|
forgejo-database-password = [ vm02116 ];
|
|
|
|
forgejo-email-password = [ vm02116 ];
|
|
|
|
forgejo-runner-token = [
|
|
|
|
vm02179
|
|
|
|
vm02186
|
|
|
|
];
|
|
|
|
}
|
|
|
|
)
|