secrets: use module to evaluate

author: Seth Flynn <[email protected]> 2025-02-07 01:57:46 -0500
committer: Seth Flynn <[email protected]> 2025-02-07 22:52:00 -0500
commit: af5215082ef899f01180b6c350f22ce9243830d8 (patch)
tree: 44a12f34e6e1f501ecba8a05658b4407aaa46756 /secrets/agenix-configuration.nix
parent: 7baba7111bffbf3dafc41c66d7cc138526294f53 (diff)
1 files changed, 25 insertions, 0 deletions
diff --git a/secrets/agenix-configuration.nix b/secrets/agenix-configuration.nix
new file mode 100644
index 0000000..d093d4e
--- /dev/null
+++ b/secrets/agenix-configuration.nix
@@ -0,0 +1,25 @@
+{ config, lib, ... }:
+
+{
+  rootDirectory = ./.;
+
+  recipients = {
+    # Catch-all
+    default = [ config.recipients.getchoo ];
+
+    # Users
+    getchoo = "age1zyqu6zkvl0rmlejhm5auzmtflfy4pa0fzwm0nzy737fqrymr7crsqrvnhs";
+
+    # Machines
+    atlas = "age18eu3ya4ucd2yzdrpkpg7wrymrxewt8j3zj2p2rqgcjeruacp0dgqryp39z";
+    glados = "age1n7tyxx63wpgnmwkzn7dmkm62jxel840rk3ye3vsultrszsfrwuzsawdzhq";
+    glados-wsl = "age1ffqfq3azqfwxwtxnfuzzs0y566a7ydgxce4sqxjqzw8yexc2v4yqfr55vr";
+  };
+
+  secrets = lib.mapAttrsToList (hostname: pubkey: {
+    regex = "^${hostname}\/.*\.age$";
+    recipients = {
+      ${hostname} = pubkey;
+    };
+  }) { inherit (config.recipients) atlas glados glados-wsl; };
+}
author	Seth Flynn <[email protected]>	2025-02-07 01:57:46 -0500
committer	Seth Flynn <[email protected]>	2025-02-07 22:52:00 -0500
commit	af5215082ef899f01180b6c350f22ce9243830d8 (patch)
tree	44a12f34e6e1f501ecba8a05658b4407aaa46756 /secrets/agenix-configuration.nix
parent	7baba7111bffbf3dafc41c66d7cc138526294f53 (diff)