From d86ce8ee66dce54c8eb36385149b0f9acfe244f6 Mon Sep 17 00:00:00 2001
From: Mel <einebeere@gmail.com>
Date: Sun, 29 Dec 2024 22:42:23 +0100
Subject: Add secrets directory and list all keys

Signed-off-by: Mel <einebeere@gmail.com>
---
 secrets/keys.nix | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 secrets/keys.nix

(limited to 'secrets/keys.nix')

diff --git a/secrets/keys.nix b/secrets/keys.nix
new file mode 100644
index 0000000..6f3a57d
--- /dev/null
+++ b/secrets/keys.nix
@@ -0,0 +1,22 @@
+let
+  # machines and their host key that are included in this configuration,
+  # in this case, just one.
+  machines = {
+    specimen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuIJFXse7iSMaOoBdr/WGqbNBwWLQTpFw6R8ram89gB";
+  };
+
+  # users that can sign secrets, with all of their keys.
+  admins = {
+    mel = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDujTul5wWyGnidLnNuJDRze0Up29l2cDpyKdmvW2Ls"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEK96G1n31aJsZOrux3BKM0ztzi/SFAVHn0MsGkPDdqY"
+    ];
+    philip = [ ];
+  };
+in
+{
+  inherit machines admins;
+
+  allAdminKeys = with builtins; concatLists (attrValues admins);
+  allMachineKeys = builtins.attrValues machines;
+}
-- 
cgit 1.4.1