From 2dd8d861d992742292b94e3db0b526834b747541 Mon Sep 17 00:00:00 2001
From: Yadunand Prem <yadunand@yadunut.com>
Date: Thu, 30 Oct 2025 15:44:44 +0800
Subject: [PATCH] add inventory and move keys

---
 inventory.nix       | 22 ++++++++++++++++++++++
 lib/default.nix     |  5 ++---
 secrets/secrets.nix | 18 ++++--------------
 3 files changed, 28 insertions(+), 17 deletions(-)
 create mode 100644 inventory.nix

diff --git a/inventory.nix b/inventory.nix
new file mode 100644
index 0000000..a87d850
--- /dev/null
+++ b/inventory.nix
@@ -0,0 +1,22 @@
+{
+  nodes = {
+    nut-gc2 = {
+      hostname = "nut-gc2";
+      zerotierIp = "10.222.0.87";
+      sshHostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN2WBYhGKSXSYWwISsY1osfliVSS9J+W6uHBid5i2qey root@nut-gc2";
+    };
+
+    penguin = {
+      hostname = "penguin";
+      zerotierIp = "10.222.0.249";
+      sshHostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0NLOa9NNz7r3QODU0Oe/a5m+PFzcpM20aLwf+0wojT root@penguin";
+    };
+  };
+
+  # User SSH public keys (named) for authorization and agenix recipients.
+  userKeys = {
+    yadunut = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXOpmWsAnl2RtOuJJMRUx+iJTwf2RWJ1iS3FqXJFzFG yadunut";
+    "penguin-yadunut" =
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEg5wsPLOZvU6lT8cMUsStQqalh/Hw5u104QhOYPS8E yadunut@penguin";
+  };
+}
diff --git a/lib/default.nix b/lib/default.nix
index 7b080cd..8e5051d 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -7,9 +7,8 @@
   mkUser =
     attrs:
     let
-      sshKeys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXOpmWsAnl2RtOuJJMRUx+iJTwf2RWJ1iS3FqXJFzFG"
-      ];
+      inv = import ../inventory.nix;
+      sshKeys = builtins.attrValues inv.userKeys;
     in
     {
       openssh.authorizedKeys.keys = sshKeys;
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 3eb76fd..0e829f3 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,19 +1,9 @@
 let
-  mbp-yadunut = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXOpmWsAnl2RtOuJJMRUx+iJTwf2RWJ1iS3FqXJFzFG yadunut";
-  penguin-yadunut = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEg5wsPLOZvU6lT8cMUsStQqalh/Hw5u104QhOYPS8E yadunut@penguin";
-  users = [
-    mbp-yadunut
-    penguin-yadunut
-  ];
-
-  penguin-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0NLOa9NNz7r3QODU0Oe/a5m+PFzcpM20aLwf+0wojT root@penguin";
-  gc2-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN2WBYhGKSXSYWwISsY1osfliVSS9J+W6uHBid5i2qey root@nut-gc2";
-  systems = [
-    penguin-host
-    gc2-host
-  ];
+  inv = import ../inventory.nix;
+  users = builtins.attrValues inv.userKeys;
+  systems = builtins.map (n: n.sshHostKey) (builtins.attrValues inv.nodes);
 in
 {
   "k3s.age".publicKeys = users ++ systems;
-  "btrbk-keyfile.age".publicKeys = systems ++ [ mbp-yadunut ];
+  "btrbk-keyfile.age".publicKeys = systems ++ [ inv.userKeys.yadunut ];
 }