Correction secrets.nix

2025-06-25 17:37:21 +02:00 · 2025-06-25 17:37:21 +02:00 · 02ab2c3aec
parent 6081457da2
commit 02ab2c3aec
1 changed files with 16 additions and 16 deletions
--- a/secrets.nix
+++ b/secrets.nix
@ -62,7 +62,7 @@ let
  # Secrets

  commonSecrets = (listFilesRelative ./secrets/common) ++ [
-    "./secrets/restic/client_env"
+    "./secrets/restic/client_env.age"
  ];

  acmeSecrets = listFilesRelative ./secrets/acme;
@ -74,21 +74,21 @@ in
 # Secrets pour ACME
 // (genAttrs acmeSecrets acme)
 # Secrets pour restic
-// builtins.foldl' (
-  acc: name:
-  acc
-  // (
+// attrsets.foldlAttrs (
+  outacc: host: key:
  let
-      key = hosts.${name};
+    secrets = listFilesRelative (path.append ./secrets/restic host);
  in
-    genAttrs
-      [
-        "./secrets/restic/${name}/base-repo"
-        "./secrets/restic/${name}/base-password"
-      ]
-      [ key ]
-  )
-) { } (lists.remove "thot" hostnames)
+  outacc
+  // builtins.foldl' (
+    acc: secret:
+    acc
+    // {
+      "${secret}".publicKeys = [ key ] ++ nounous;
+    }
+  ) { } secrets
+) { } (lib.filterAttrs (host: _: host != "thot" && host != "cephiroth") hosts)
+# Secrets spécifiques à chaque VM
 // attrsets.foldlAttrs (
  outacc: host: key:
  let