forked from the-distro/infra
fix(secrets): lists of lists are wrong, prepend the globals
Otherwise, I won't be in the list. This adds the active infra core members of Lix as well. Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
This commit is contained in:
parent
9ad7e7b139
commit
192ba49f7c
10
secrets.nix
10
secrets.nix
|
@ -2,9 +2,11 @@ let
|
||||||
keys = import common/ssh-keys.nix;
|
keys = import common/ssh-keys.nix;
|
||||||
|
|
||||||
commonKeys = {
|
commonKeys = {
|
||||||
global = [ keys.users.raito ];
|
# WARNING: `keys.users.*` are *lists*, so you need concatenate them, don't put them into lists!
|
||||||
lix = [ keys.users.jade ];
|
# Otherwise, agenix will be confused!
|
||||||
floral = [ keys.users.delroth ];
|
global = keys.users.raito;
|
||||||
|
lix = keys.users.hexchen ++ keys.users.jade;
|
||||||
|
floral = keys.users.delroth;
|
||||||
};
|
};
|
||||||
|
|
||||||
secrets = with keys; {
|
secrets = with keys; {
|
||||||
|
@ -58,7 +60,7 @@ let
|
||||||
mkSecretListFor = tenant:
|
mkSecretListFor = tenant:
|
||||||
map (secretName: {
|
map (secretName: {
|
||||||
name = "secrets/${tenant}/${secretName}.age";
|
name = "secrets/${tenant}/${secretName}.age";
|
||||||
value.publicKeys = secrets.${tenant}."${secretName}" ++ commonKeys.${tenant};
|
value.publicKeys = secrets.${tenant}."${secretName}" ++ commonKeys.global ++ commonKeys.${tenant};
|
||||||
}) (builtins.attrNames secrets.${tenant});
|
}) (builtins.attrNames secrets.${tenant});
|
||||||
in
|
in
|
||||||
builtins.listToAttrs (
|
builtins.listToAttrs (
|
||||||
|
|
Loading…
Reference in a new issue