2024-12-11 13:26:38 +01:00
|
|
|
let
|
2024-12-12 11:05:11 +01:00
|
|
|
inherit (builtins) attrValues foldl' mapAttrs;
|
|
|
|
## `mergeAttrs` and `concatMapAttrs` are in `lib.trivial` and `lib.attrsets`,
|
|
|
|
## but we would rather avoid a dependency in nixpkgs for this file.
|
|
|
|
mergeAttrs = x: y: x // y;
|
|
|
|
concatMapAttrs = f: v: foldl' mergeAttrs { } (attrValues (mapAttrs f v));
|
2024-12-11 13:26:38 +01:00
|
|
|
|
2024-12-12 10:39:49 +01:00
|
|
|
keys = import ../keys;
|
|
|
|
contributors = attrValues keys.contributors;
|
2024-12-11 13:26:38 +01:00
|
|
|
in
|
2024-12-12 10:39:49 +01:00
|
|
|
|
2024-12-11 13:26:38 +01:00
|
|
|
concatMapAttrs
|
2024-12-12 10:39:49 +01:00
|
|
|
(name: systems: {
|
|
|
|
"${name}.age".publicKeys = contributors ++ systems;
|
2024-12-11 13:26:38 +01:00
|
|
|
})
|
|
|
|
|
2024-12-12 10:39:49 +01:00
|
|
|
(
|
|
|
|
with keys.systems;
|
|
|
|
|
|
|
|
##############################################################################
|
|
|
|
## File name <-> system host keys mapping
|
|
|
|
##
|
|
|
|
## This attribute set defines precisely which secrets exist and which systems
|
|
|
|
## are able to decrypt them.
|
|
|
|
|
|
|
|
{
|
|
|
|
forgejo-database-password = [ vm02116 ];
|
|
|
|
forgejo-email-password = [ vm02116 ];
|
|
|
|
forgejo-runner-token = [
|
|
|
|
vm02179
|
|
|
|
vm02186
|
|
|
|
];
|
2024-11-22 17:40:26 +01:00
|
|
|
wiki-basicauth-htpasswd = [ vm02187 ];
|
|
|
|
wiki-password = [ vm02187 ];
|
|
|
|
wiki-smtp-password = [ vm02187 ];
|
2024-12-12 10:39:49 +01:00
|
|
|
}
|
|
|
|
)
|