configuration/secrets/keys.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

let
  credentials = import ../credentials.nix;

  # machines and their host key that are included in this configuration,
  # in this case, just one.
  machines = {
    specimen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+DSTXhSm/ev71JvGg1i8qaMiJng/b++3wAbaTCwenf";
  };

  # users that can sign secrets, with all of their keys.
  admins = builtins.mapAttrs (n: u: u.keys) credentials;
in
{
  inherit machines admins;

  allAdminKeys = with builtins; concatLists (attrValues admins);
  allMachineKeys = builtins.attrValues machines;
}