add inventory and move keys

2025-10-30 15:44:44 +08:00
parent 163d844af3
commit 2dd8d861d9
3 changed files with 28 additions and 17 deletions
--- a/inventory.nix
+++ b/inventory.nix
@@ -0,0 +1,22 @@
+{
+  nodes = {
+    nut-gc2 = {
+      hostname = "nut-gc2";
+      zerotierIp = "10.222.0.87";
+      sshHostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN2WBYhGKSXSYWwISsY1osfliVSS9J+W6uHBid5i2qey root@nut-gc2";
+    };
+
+    penguin = {
+      hostname = "penguin";
+      zerotierIp = "10.222.0.249";
+      sshHostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0NLOa9NNz7r3QODU0Oe/a5m+PFzcpM20aLwf+0wojT root@penguin";
+    };
+  };
+
+  # User SSH public keys (named) for authorization and agenix recipients.
+  userKeys = {
+    yadunut = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXOpmWsAnl2RtOuJJMRUx+iJTwf2RWJ1iS3FqXJFzFG yadunut";
+    "penguin-yadunut" =
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEg5wsPLOZvU6lT8cMUsStQqalh/Hw5u104QhOYPS8E yadunut@penguin";
+  };
+}
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -7,9 +7,8 @@
  mkUser =
    attrs:
    let
-      sshKeys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXOpmWsAnl2RtOuJJMRUx+iJTwf2RWJ1iS3FqXJFzFG"
-      ];
+      inv = import ../inventory.nix;
+      sshKeys = builtins.attrValues inv.userKeys;
    in
    {
      openssh.authorizedKeys.keys = sshKeys;
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,19 +1,9 @@
 let
-  mbp-yadunut = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXOpmWsAnl2RtOuJJMRUx+iJTwf2RWJ1iS3FqXJFzFG yadunut";
-  penguin-yadunut = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEg5wsPLOZvU6lT8cMUsStQqalh/Hw5u104QhOYPS8E yadunut@penguin";
-  users = [
-    mbp-yadunut
-    penguin-yadunut
-  ];
-
-  penguin-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0NLOa9NNz7r3QODU0Oe/a5m+PFzcpM20aLwf+0wojT root@penguin";
-  gc2-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN2WBYhGKSXSYWwISsY1osfliVSS9J+W6uHBid5i2qey root@nut-gc2";
-  systems = [
-    penguin-host
-    gc2-host
-  ];
+  inv = import ../inventory.nix;
+  users = builtins.attrValues inv.userKeys;
+  systems = builtins.map (n: n.sshHostKey) (builtins.attrValues inv.nodes);
 in
 {
  "k3s.age".publicKeys = users ++ systems;
-  "btrbk-keyfile.age".publicKeys = systems ++ [ mbp-yadunut ];
+  "btrbk-keyfile.age".publicKeys = systems ++ [ inv.userKeys.yadunut ];
 }