configuration/secrets/keys.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

let
  # machines and their host key that are included in this configuration,
  # in this case, just one.
  machines = {
    specimen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuIJFXse7iSMaOoBdr/WGqbNBwWLQTpFw6R8ram89gB";
  };

  # users that can sign secrets, with all of their keys.
  admins = {
    mel = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDujTul5wWyGnidLnNuJDRze0Up29l2cDpyKdmvW2Ls"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEK96G1n31aJsZOrux3BKM0ztzi/SFAVHn0MsGkPDdqY"
    ];
    philip = [ ];
  };
in
{
  inherit machines admins;

  allAdminKeys = with builtins; concatLists (attrValues admins);
  allMachineKeys = builtins.attrValues machines;
}