change pub key management again, centralize users, start to modularize lenovo conf

author: andromeda <andromeda@lenovo> 2025-12-31 02:28:00 +0100
committer: andromeda <andromeda@lenovo> 2025-12-31 02:28:00 +0100
commit: 4b8882d82dcc8667d2b1276d65e43d081c5fa868 (patch)
tree: e83b7e4734e05c5f7d72ccb3c6228448f5fad420 /secrets.nix
parent: 42a93f042e2c821939fa6aa4ac8945997d5b5099 (diff)
1 files changed, 22 insertions, 0 deletions
diff --git a/secrets.nix b/secrets.nix
new file mode 100644
index 0000000..2e435a5
--- /dev/null
+++ b/secrets.nix
@@ -0,0 +1,22 @@
+{lib, ...}: {
+  config = {
+    age.secrets = {
+      secret0.file = ./secrets/secret0.age;
+      secret1.file = ./secrets/secret1.age;
+      secret2.file = ./secrets/secret2.age;
+    };
+    pub-keys = {
+      ssh = {
+        andromeda = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJy2VD362wUcu0lKj2d6OIU8dbAna0Lu/NaAYIj8gdIA andromeda@lenovo";
+        lenovo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHG4eqsLTq2os2mxfwhys3BpVnowcJrqt2CbRFzN2pJb root@lenovo";
+      };
+    };
+  };
+  options = {
+    pub-keys.ssh = lib.mkOption {
+      type = lib.types.attrsOf lib.types.str;
+      default = {};
+      description = "set of public keys as `name = key`";
+    };
+  };
+}
author	andromeda <andromeda@lenovo>	2025-12-31 02:28:00 +0100
committer	andromeda <andromeda@lenovo>	2025-12-31 02:28:00 +0100
commit	4b8882d82dcc8667d2b1276d65e43d081c5fa868 (patch)
tree	e83b7e4734e05c5f7d72ccb3c6228448f5fad420 /secrets.nix
parent	42a93f042e2c821939fa6aa4ac8945997d5b5099 (diff)