modules: secrets: centralize agenix keys

If I intend on splitting the keys depending on which host needs to have
access to it, I should have a singular spot to manage the keys.

keys/default.nix

@@ -0,0 +1,39 @@
+# Populate agenix keys from a central location
+let
+  inherit (builtins)
+    mapAttrs
+    readDir
+    readFile
+    stringLength
+    substring
+    ;
+
+  removeSuffix = suffix: str:
+    let
+      sufLen = stringLength suffix;
+      sLen = stringLength str;
+    in
+    if sufLen <= sLen && suffix == substring (sLen - sufLen) sufLen str then
+      substring 0 (sLen - sufLen) str
+    else
+      str;
+
+
+  readKeys = dir:
+    let
+      files = readDir dir;
+      readNoNewlines = f: removeSuffix "\n" (readFile f);
+      readKey = name: readNoNewlines (dir + "/${name}");
+    in
+    mapAttrs (n: _: readKey n) files;
+
+  hosts = readKeys ./hosts;
+  users = readKeys ./users;
+in
+{
+  inherit
+    hosts
+    users;
+
+  all = (builtins.attrValues hosts) ++ (builtins.attrValues users);
+}

keys/hosts/porthos

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICGzznQ3LSmBYHx6fXthgMDiTcU5i/Nvj020SbmhzAFb root@porthos

keys/users/ambroisie

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIVd6Oh08iUNb1vTULbxGpevnh++wxsWW9wqhaDryIq ambroisie@agenix

modules/secrets/secrets.nix

@@ -1,16 +1,7 @@
 let
-  # FIXME: read them from directories
-  ambroisie = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIVd6Oh08iUNb1vTULbxGpevnh++wxsWW9wqhaDryIq ambroisie@agenix";
-  users = [
-    ambroisie
-  ];
+  keys = import ../../keys;
 
-  porthos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICGzznQ3LSmBYHx6fXthgMDiTcU5i/Nvj020SbmhzAFb root@porthos";
-  machines = [
-    porthos
-  ];
-
-  all = users ++ machines;
+  inherit (keys) all;
 in
 {
   "acme/dns-key.age".publicKeys = all;