1 files changed, 25 insertions, 0 deletions

diff --git a/secrets/toSecrets.nix b/secrets/toSecrets.nix
new file mode 100644
index 0000000..3d495c6
--- /dev/null
+++ b/secrets/toSecrets.nix
@@ -0,0 +1,25 @@
+hosts: let
+  optional = attrset: val:
+    if attrset ? ${val}
+    then [attrset.${val}]
+    else [];
+
+  mkPubkeys = host: optional host "pubkey" ++ optional host "owner";
+
+  op = acc: host:
+    acc
+    // (
+      builtins.listToAttrs (
+        map (
+          file: {
+            name = "${host}/${file}";
+            value = {
+              publicKeys = mkPubkeys hosts.${host};
+            };
+          }
+        )
+        hosts.${host}.files
+      )
+    );
+in
+  builtins.foldl' op {} (builtins.attrNames hosts)