kiara/Fediversity
1
0
Fork 0
forked from fediversity/fediversity
Code Pull requests Activity
Fediversity/secrets/secrets.nix
Kiara Grouwstra 66ceb66382 add deployment pipeline (#452) 
part of #177

Reviewed-on: Fediversity/Fediversity#452
Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io>
Co-authored-by: Kiara Grouwstra <kiara@procolix.eu>
Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>
2025-07-10 16:45:46 +02:00

37 lines
1.1 KiB
Nix
Raw Blame History

let
inherit (builtins) attrValues foldl' mapAttrs;
## `mergeAttrs` and `concatMapAttrs` are in `lib.trivial` and `lib.attrsets`,
## but we would rather avoid a dependency in nixpkgs for this file.
mergeAttrs = x: y: x // y;
concatMapAttrs = f: v: foldl' mergeAttrs { } (attrValues (mapAttrs f v));
keys = import ../keys;
contributors = attrValues keys.contributors;
cd = [ keys.cd ];
in
concatMapAttrs
(name: systems: {
"${name}.age".publicKeys = contributors ++ systems ++ cd;
})
(
with keys.systems;
##############################################################################
## File name <-> system host keys mapping
##
## This attribute set defines precisely which secrets exist and which systems
## are able to decrypt them.
{
forgejo-database-password = [ vm02116 ];
forgejo-email-password = [ vm02116 ];
forgejo-runner-token = [ forgejo-ci ];
panel-secret-key = [ fedi201 ];
panel-ssh-key = [ fedi201 ];
wiki-basicauth-htpasswd = [ vm02187 ];
wiki-password = [ vm02187 ];
wiki-smtp-password = [ vm02187 ];
}
)
View git blame Copy permalink