nixfiles/secrets.nix

let
  self = getFlake (toString ./.);
  inherit (self) lib;

  inherit (builtins) mapAttrs attrValues readFile getFlake;
  inherit (lib) optional flatten zipAttrsWith nameValuePair mapAttrs';

  secretPath = p: "secrets/${p}.age";

  defaultKeys = [
    (readFile .keys/dev.pub)
  ];
  secretKeys =
    zipAttrsWith
      (_: keys: flatten (keys ++ defaultKeys))
      (map
        (c: let cfg = c.config.my.secrets; in mapAttrs'
          (f: _: nameValuePair
            (secretPath f)
            (optional (cfg.key != null) cfg.key))
          cfg.files)
        (attrValues self.nixosConfigurations));
in
mapAttrs (_: keys: { publicKeys = keys; }) secretKeys
Add secret support 2022-02-22 00:59:57 +00:00			`let`
			`self = getFlake (toString ./.);`
			`inherit (self) lib;`

			`inherit (builtins) mapAttrs attrValues readFile getFlake;`
			`inherit (lib) optional flatten zipAttrsWith nameValuePair mapAttrs';`

			`secretPath = p: "secrets/${p}.age";`

			`defaultKeys = [`
			`(readFile .keys/dev.pub)`
			`];`
			`secretKeys =`
			`zipAttrsWith`
			`(_: keys: flatten (keys ++ defaultKeys))`
			`(map`
			`(c: let cfg = c.config.my.secrets; in mapAttrs'`
			`(f: _: nameValuePair`
			`(secretPath f)`
			`(optional (cfg.key != null) cfg.key))`
			`cfg.files)`
			`(attrValues self.nixosConfigurations));`
			`in`
			`mapAttrs (_: keys: { publicKeys = keys; }) secretKeys`