chore: further refactor

meta.nix

@@ -1,5 +1,12 @@
-{
+let
+  ar_khas =
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfIRe1nH6vwjQTjqHNnkKAdr1VYqGEeQnqInmf3A6UN ar@khas";
+  ar_microlith =
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO6rEwERSm/Fj4KO4SxFIo0BUvi9YNyf8PSL1FteMcMt ar@microlith";
+in {
   hosts = builtins.mapAttrs (name: value:
     builtins.fromJSON (builtins.readFile (./nixos/. + "/${name}/meta.json")))
     (builtins.readDir ./nixos);
+
+  users.ar = [ ar_khas ar_microlith ];
 }

modules/ci-runners.nix

@@ -2,7 +2,7 @@
 
 let
   gitea-runner-directory = "/var/lib/gitea-runner";
-  secrets = import ../secrets.nix;
+  meta = import ../meta.nix;
 in {
   age.secrets = {
     gitea-runner-token.file =
@@ -56,6 +56,6 @@ in {
     protocol = "ssh";
     keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILeC/Nr7STpYEZ50p7X+XrFdeaIfib60tt2QN4Kvxscr"
-    ] ++ secrets.ar;
+    ] ++ meta.users.ar;
   };
 }

modules/common.nix

@@ -1,6 +1,6 @@
 { config, lib, pkgs, inputs, ... }:
 
-let secrets = import ../secrets.nix;
+let meta = import ../meta.nix;
 in {
   imports = with inputs; [
     nix-index-database.nixosModules.nix-index
@@ -52,13 +52,13 @@ in {
     ssh.knownHosts = builtins.mapAttrs (name: value: {
       inherit (value) publicKey;
       extraHostNames = [ value.targetHost ];
-    }) secrets.hosts;
+    }) meta.hosts;
     bash.enableCompletion = true;
     mosh.enable = true;
   };
 
   deployment.targetHost =
-    lib.mkDefault secrets.hosts.${config.networking.hostName}.targetHost;
+    lib.mkDefault meta.hosts.${config.networking.hostName}.targetHost;
 
   nix = {
     package = pkgs.nixUnstable;
@@ -127,7 +127,7 @@ in {
     nixos.enable = true;
   };
 
-  users.users.root.openssh.authorizedKeys.keys = secrets.ar;
+  users.users.root.openssh.authorizedKeys.keys = meta.users.ar;
 
   users.mutableUsers = false;
 
@@ -154,7 +154,7 @@ in {
       "networkmanager"
     ];
     hashedPassword = lib.mkDefault null;
-    openssh.authorizedKeys.keys = secrets.ar;
+    openssh.authorizedKeys.keys = meta.users.ar;
   };
 
   console.keyMap = "us";

secrets.nix

@@ -1,28 +1,24 @@
-let
-  ar_khas =
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfIRe1nH6vwjQTjqHNnkKAdr1VYqGEeQnqInmf3A6UN ar@khas";
-  ar_microlith =
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO6rEwERSm/Fj4KO4SxFIo0BUvi9YNyf8PSL1FteMcMt ar@microlith";
-  ar = [ ar_khas ar_microlith ];
-
-  inherit (import ./meta.nix) hosts;
+let meta = import ./meta.nix;
 in {
 
-  "secrets/secureboot-key.age".publicKeys = ar ++ (with hosts; [
+  "secrets/secureboot-key.age".publicKeys = meta.users.ar ++ (with meta.hosts; [
     khas.publicKey
     microlith.publicKey
     zorigami.publicKey
     scylla.publicKey
   ]);
-  "secrets/secureboot-cert.age".publicKeys = ar ++ (with hosts; [
-    khas.publicKey
-    microlith.publicKey
-    zorigami.publicKey
-    scylla.publicKey
-  ]);
-  "secrets/khas-ar.age".publicKeys = ar ++ [ hosts.khas.publicKey ];
-  "secrets/microlith-ar.age".publicKeys = ar ++ [ hosts.microlith.publicKey ];
-  "secrets/nix-store.age".publicKeys = ar ++ (with hosts; [
+  "secrets/secureboot-cert.age".publicKeys = meta.users.ar
+    ++ (with meta.hosts; [
+      khas.publicKey
+      microlith.publicKey
+      zorigami.publicKey
+      scylla.publicKey
+    ]);
+  "secrets/khas-ar.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.khas.publicKey ];
+  "secrets/microlith-ar.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.microlith.publicKey ];
+  "secrets/nix-store.age".publicKeys = meta.users.ar ++ (with meta.hosts; [
     zorigami.publicKey
     scylla.publicKey
     stereolith.publicKey
@@ -30,55 +26,64 @@ in {
     microlith.publicKey
     akamanto.publicKey
   ]);
-  "secrets/wg/nibylandia_scylla.age".publicKeys = ar
-    ++ [ hosts.scylla.publicKey ];
-  "secrets/wg/dn42_w1kl4s_scylla.age".publicKeys = ar
-    ++ [ hosts.scylla.publicKey ];
-  "secrets/lan/nibylandia-ddns-kea.age".publicKeys = ar
-    ++ [ hosts.scylla.publicKey ];
-  "secrets/lan/nibylandia-ddns-bind.age".publicKeys = ar
-    ++ [ hosts.scylla.publicKey ];
-  "secrets/notbotEnvironment.age".publicKeys = ar
-    ++ [ hosts.zorigami.publicKey ];
-  "secrets/nextCloudAdmin.age".publicKeys = ar ++ [ hosts.zorigami.publicKey ];
-  "secrets/nextCloudExporter.age".publicKeys = ar
-    ++ [ hosts.zorigami.publicKey ];
-  "secrets/norkclubMinecraftRestic.age".publicKeys = ar
-    ++ [ hosts.zorigami.publicKey ];
-  "secrets/cassAuth.age".publicKeys = ar ++ [ hosts.zorigami.publicKey ];
-  "secrets/miniflux.age".publicKeys = ar ++ [ hosts.zorigami.publicKey ];
-  "secrets/stuffAuth.age".publicKeys = ar ++ [ hosts.stereolith.publicKey ];
-  "secrets/wg/nibylandia_zorigami.age".publicKeys = ar
-    ++ [ hosts.zorigami.publicKey ];
-  "secrets/mail/ar.age".publicKeys = ar ++ [ hosts.zorigami.publicKey ];
-  "secrets/mail/apo.age".publicKeys = ar ++ [ hosts.zorigami.publicKey ];
-  "secrets/mail/amie.age".publicKeys = ar ++ [ hosts.zorigami.publicKey ];
-  "secrets/mail/mastodon.age".publicKeys = ar ++ [ hosts.zorigami.publicKey ];
-  "secrets/mail/mastodonPlain.age".publicKeys = ar
-    ++ [ hosts.zorigami.publicKey ];
-  "secrets/mail/madargon.age".publicKeys = ar ++ [ hosts.zorigami.publicKey ];
-  "secrets/mail/enki.age".publicKeys = ar ++ [ hosts.zorigami.publicKey ];
-  "secrets/mail/matrix.age".publicKeys = ar ++ [ hosts.zorigami.publicKey ];
-  "secrets/mail/vaultwarden.age".publicKeys = ar
-    ++ [ hosts.zorigami.publicKey ];
-  "secrets/mail/vaultwardenPlain.age".publicKeys = ar
-    ++ [ hosts.zorigami.publicKey ];
-  "secrets/mail/keycloak.age".publicKeys = ar ++ [ hosts.zorigami.publicKey ];
-  "secrets/mail/keycloakPlain.age".publicKeys = ar
-    ++ [ hosts.zorigami.publicKey ];
-  "secrets/keycloakDatabase.age".publicKeys = ar
-    ++ [ hosts.zorigami.publicKey ];
-  "secrets/synapseExtraConfig.age".publicKeys = ar
-    ++ [ hosts.zorigami.publicKey ];
-  "secrets/gitea-runner-token-zorigami.age".publicKeys = ar
-    ++ [ hosts.zorigami.publicKey ];
-  "secrets/gitea-runner-token-scylla.age".publicKeys = ar
-    ++ [ hosts.scylla.publicKey ];
-  "secrets/ci-secrets.age".publicKeys = ar ++ (with hosts; [
+  "secrets/wg/nibylandia_scylla.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.scylla.publicKey ];
+  "secrets/wg/dn42_w1kl4s_scylla.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.scylla.publicKey ];
+  "secrets/lan/nibylandia-ddns-kea.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.scylla.publicKey ];
+  "secrets/lan/nibylandia-ddns-bind.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.scylla.publicKey ];
+  "secrets/notbotEnvironment.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.zorigami.publicKey ];
+  "secrets/nextCloudAdmin.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.zorigami.publicKey ];
+  "secrets/nextCloudExporter.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.zorigami.publicKey ];
+  "secrets/norkclubMinecraftRestic.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.zorigami.publicKey ];
+  "secrets/cassAuth.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.zorigami.publicKey ];
+  "secrets/miniflux.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.zorigami.publicKey ];
+  "secrets/stuffAuth.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.stereolith.publicKey ];
+  "secrets/wg/nibylandia_zorigami.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.zorigami.publicKey ];
+  "secrets/mail/ar.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.zorigami.publicKey ];
+  "secrets/mail/apo.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.zorigami.publicKey ];
+  "secrets/mail/amie.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.zorigami.publicKey ];
+  "secrets/mail/mastodon.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.zorigami.publicKey ];
+  "secrets/mail/mastodonPlain.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.zorigami.publicKey ];
+  "secrets/mail/madargon.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.zorigami.publicKey ];
+  "secrets/mail/enki.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.zorigami.publicKey ];
+  "secrets/mail/matrix.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.zorigami.publicKey ];
+  "secrets/mail/vaultwarden.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.zorigami.publicKey ];
+  "secrets/mail/vaultwardenPlain.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.zorigami.publicKey ];
+  "secrets/mail/keycloak.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.zorigami.publicKey ];
+  "secrets/mail/keycloakPlain.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.zorigami.publicKey ];
+  "secrets/keycloakDatabase.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.zorigami.publicKey ];
+  "secrets/synapseExtraConfig.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.zorigami.publicKey ];
+  "secrets/gitea-runner-token-zorigami.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.zorigami.publicKey ];
+  "secrets/gitea-runner-token-scylla.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.scylla.publicKey ];
+  "secrets/ci-secrets.age".publicKeys = meta.users.ar ++ (with meta.hosts; [
     scylla.publicKey
     zorigami.publicKey
   ]); # TODO: we're not getting ssh keys for the generated disk image, so we need to embed it at disk image build time
-
-  inherit ar;
-  inherit hosts;
 }