2023-11-14 22:53:04 +00:00
|
|
|
let
|
|
|
|
pkgs = import <nixpkgs> { };
|
|
|
|
lib = pkgs.lib;
|
2024-01-08 20:46:40 +00:00
|
|
|
|
|
|
|
publicKeyURLs = [
|
|
|
|
"https://github.com/pizzapim.keys"
|
|
|
|
"https://github.com/pizzaniels.keys"
|
|
|
|
];
|
|
|
|
|
|
|
|
encryptedFileNames = [
|
|
|
|
"database_passwords.env.age"
|
|
|
|
"borg_passphrase.age"
|
2024-04-13 14:06:35 +00:00
|
|
|
"borgbase.pem.age"
|
2024-04-15 21:28:23 +00:00
|
|
|
"k3s-server-token.age"
|
2024-05-09 15:03:13 +00:00
|
|
|
"k3s-ca/server-ca.key.age"
|
|
|
|
"k3s-ca/client-ca.key.age"
|
|
|
|
"k3s-ca/request-header-ca.key.age"
|
|
|
|
"k3s-ca/etcd/peer-ca.key.age"
|
|
|
|
"k3s-ca/etcd/server-ca.key.age"
|
|
|
|
"k3s-ca/service.key.age"
|
2024-01-08 20:46:40 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
machinePublicKeys = [
|
2024-04-13 13:43:01 +00:00
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIJUSH2IQg8Y/CCcej7J6oe4co++6HlDo1MYDCR3gV3a jefke"
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZ1OGe8jLyc+72SFUnW4FOKbpqHs7Mym85ESBN4HWV7 atlas"
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL5lZjsqS6C50WO8p08TY7Fg8rqQH04EkpDTxCRGtR7a lewis"
|
2024-01-08 20:46:40 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
fetchPublicKeys = url:
|
|
|
|
let
|
|
|
|
publicKeysFile = builtins.fetchurl { inherit url; };
|
|
|
|
publicKeysFileContents = lib.strings.fileContents publicKeysFile;
|
|
|
|
in
|
|
|
|
lib.strings.splitString "\n" publicKeysFileContents;
|
|
|
|
|
|
|
|
adminPublicKeys = lib.flatten (builtins.map fetchPublicKeys publicKeyURLs);
|
|
|
|
|
|
|
|
allPublicKeys = lib.flatten [ machinePublicKeys adminPublicKeys ];
|
|
|
|
|
|
|
|
publicKeysForEncryptedFileName = encryptedFileName:
|
|
|
|
{ "${encryptedFileName}".publicKeys = allPublicKeys; };
|
2023-12-25 18:22:22 +00:00
|
|
|
in
|
2024-01-08 20:46:40 +00:00
|
|
|
lib.attrsets.mergeAttrsList (builtins.map publicKeysForEncryptedFileName encryptedFileNames)
|