modules: secrets: centralize agenix keys

If I intend on splitting the keys depending on which host needs to have access to it, I should have a singular spot to manage the keys.
2023-04-13 16:37:42 +00:00 · 2023-04-13 16:37:42 +00:00 · 34a3f9a0d6
commit 34a3f9a0d6
parent 68bf36c45c
4 changed files with 43 additions and 11 deletions
--- a/modules/secrets/secrets.nix
+++ b/modules/secrets/secrets.nix
@ -1,16 +1,7 @@
 let
-  # FIXME: read them from directories
-  ambroisie = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIVd6Oh08iUNb1vTULbxGpevnh++wxsWW9wqhaDryIq ambroisie@agenix";
-  users = [
-    ambroisie
-  ];
+  keys = import ../../keys;

-  porthos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICGzznQ3LSmBYHx6fXthgMDiTcU5i/Nvj020SbmhzAFb root@porthos";
-  machines = [
-    porthos
-  ];
-
-  all = users ++ machines;
+  inherit (keys) all;
 in
 {
  "acme/dns-key.age".publicKeys = all;