Fediversity/secrets/secrets.nix

33 lines
780 B
Nix
Raw Normal View History

2024-12-11 13:26:38 +01:00
let
pkgs = import <nixpkgs> { system = builtins.currentSystem; };
inherit (builtins) attrValues;
2024-12-11 13:26:38 +01:00
inherit (pkgs.lib.attrsets) concatMapAttrs;
keys = import ../keys;
contributors = attrValues keys.contributors;
2024-12-11 13:26:38 +01:00
in
2024-12-11 13:26:38 +01:00
concatMapAttrs
(name: systems: {
"${name}.age".publicKeys = contributors ++ systems;
2024-12-11 13:26:38 +01:00
})
(
with keys.systems;
##############################################################################
## File name <-> system host keys mapping
##
## This attribute set defines precisely which secrets exist and which systems
## are able to decrypt them.
{
forgejo-database-password = [ vm02116 ];
forgejo-email-password = [ vm02116 ];
forgejo-runner-token = [
vm02179
vm02186
];
}
)