change pub key management again, centralize users, start to modularize lenovo conf

2025-12-31 02:28:00 +01:00
parent 42a93f042e
commit 4b8882d82d
9 changed files with 114 additions and 82 deletions
--- a/secrets.nix
+++ b/secrets.nix
@@ -0,0 +1,22 @@
+{lib, ...}: {
+  config = {
+    age.secrets = {
+      secret0.file = ./secrets/secret0.age;
+      secret1.file = ./secrets/secret1.age;
+      secret2.file = ./secrets/secret2.age;
+    };
+    pub-keys = {
+      ssh = {
+        andromeda = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJy2VD362wUcu0lKj2d6OIU8dbAna0Lu/NaAYIj8gdIA andromeda@lenovo";
+        lenovo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHG4eqsLTq2os2mxfwhys3BpVnowcJrqt2CbRFzN2pJb root@lenovo";
+      };
+    };
+  };
+  options = {
+    pub-keys.ssh = lib.mkOption {
+      type = lib.types.attrsOf lib.types.str;
+      default = {};
+      description = "set of public keys as `name = key`";
+    };
+  };
+}