diff options
Diffstat (limited to 'secrets/agenix-configuration.nix')
| -rw-r--r-- | secrets/agenix-configuration.nix | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/secrets/agenix-configuration.nix b/secrets/agenix-configuration.nix index d093d4e..e77bd29 100644 --- a/secrets/agenix-configuration.nix +++ b/secrets/agenix-configuration.nix @@ -1,5 +1,16 @@ { config, lib, ... }: +let + toAgeRegex = directory: "^${directory}\/.*\.age$"; + + secretsForSystemRecipient = hostname: pubkey: { + regex = toAgeRegex hostname; + recipients = { + ${hostname} = pubkey; + }; + }; +in + { rootDirectory = ./.; @@ -10,16 +21,19 @@ # Users getchoo = "age1zyqu6zkvl0rmlejhm5auzmtflfy4pa0fzwm0nzy737fqrymr7crsqrvnhs"; - # Machines + # Systems atlas = "age18eu3ya4ucd2yzdrpkpg7wrymrxewt8j3zj2p2rqgcjeruacp0dgqryp39z"; glados = "age1n7tyxx63wpgnmwkzn7dmkm62jxel840rk3ye3vsultrszsfrwuzsawdzhq"; glados-wsl = "age1ffqfq3azqfwxwtxnfuzzs0y566a7ydgxce4sqxjqzw8yexc2v4yqfr55vr"; }; - secrets = lib.mapAttrsToList (hostname: pubkey: { - regex = "^${hostname}\/.*\.age$"; - recipients = { - ${hostname} = pubkey; - }; - }) { inherit (config.recipients) atlas glados glados-wsl; }; + secrets = + [ + { + regex = toAgeRegex "personal"; + recipients = { inherit (config.recipients) glados glados-wsl; }; + } + ] + # Map system recipients to secrets in their subdirectory (i.e., `atlas` imports `atlas/*.age`) + ++ lib.mapAttrsToList secretsForSystemRecipient { inherit (config.recipients) atlas; }; } |