diff options
| author | Mel <einebeere@gmail.com> | 2024-12-29 22:42:23 +0100 |
|---|---|---|
| committer | Mel <einebeere@gmail.com> | 2024-12-29 22:42:23 +0100 |
| commit | d86ce8ee66dce54c8eb36385149b0f9acfe244f6 (patch) | |
| tree | 981b529a921fa1570e4c154499f81fc9286d6c6a | |
| parent | 17b9ac8e3f73c787fb4a39677ccb59bbbf5860fa (diff) | |
| download | specimen-d86ce8ee66dce54c8eb36385149b0f9acfe244f6.tar.zst specimen-d86ce8ee66dce54c8eb36385149b0f9acfe244f6.zip | |
Add secrets directory and list all keys
Signed-off-by: Mel <einebeere@gmail.com>
| -rw-r--r-- | secrets/keys.nix | 22 | ||||
| -rw-r--r-- | secrets/secrets.nix | 6 |
2 files changed, 28 insertions, 0 deletions
diff --git a/secrets/keys.nix b/secrets/keys.nix new file mode 100644 index 0000000..6f3a57d --- /dev/null +++ b/secrets/keys.nix @@ -0,0 +1,22 @@ +let + # machines and their host key that are included in this configuration, + # in this case, just one. + machines = { + specimen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuIJFXse7iSMaOoBdr/WGqbNBwWLQTpFw6R8ram89gB"; + }; + + # users that can sign secrets, with all of their keys. + admins = { + mel = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDujTul5wWyGnidLnNuJDRze0Up29l2cDpyKdmvW2Ls" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEK96G1n31aJsZOrux3BKM0ztzi/SFAVHn0MsGkPDdqY" + ]; + philip = [ ]; + }; +in +{ + inherit machines admins; + + allAdminKeys = with builtins; concatLists (attrValues admins); + allMachineKeys = builtins.attrValues machines; +} diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 0000000..0428e3d --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,6 @@ +let + keys = import ./keys.nix; + + inherit (keys) machines allAdminKeys; +in +{ } |