let inherit (builtins) attrValues foldl' mapAttrs; ## `mergeAttrs` and `concatMapAttrs` are in `lib.trivial` and `lib.attrsets`, ## but we would rather avoid a dependency in nixpkgs for this file. mergeAttrs = x: y: x // y; concatMapAttrs = f: v: foldl' mergeAttrs { } (attrValues (mapAttrs f v)); keys = import ../keys; contributors = attrValues keys.contributors; in concatMapAttrs (name: systems: { "${name}.age".publicKeys = contributors ++ systems; }) ( with keys.systems; ############################################################################## ## File name <-> system host keys mapping ## ## This attribute set defines precisely which secrets exist and which systems ## are able to decrypt them. { forgejo-database-password = [ vm02116 ]; forgejo-email-password = [ vm02116 ]; forgejo-runner-token = [ vm02179 vm02186 ]; wiki-basicauth-htpasswd = [ vm02187 ]; wiki-password = [ vm02187 ]; wiki-smtp-password = [ vm02187 ]; } )