Generic secrets for ssh keys.

2025-12-21 22:41:21 -05:00
parent 71d9f5672a
commit 063fcdbbab
5 changed files with 20 additions and 66 deletions
--- a/nix/kubernetes/keys/package/bootstrap-script/package.nix
+++ b/nix/kubernetes/keys/package/bootstrap-script/package.nix
@@ -27,15 +27,19 @@ let
    echo "Bootstrap finished"
  '');
  manifests = (
-    lib.concatMapStringsSep "," lib.escapeShellArg [
-      ./files/manifests/initial_clusterrole.yaml
-      ./files/manifests/cilium.yaml
-      ./files/manifests/coredns.yaml
-      ./files/manifests/flux_namespace.yaml
-      ./files/manifests/flux.yaml
-      ./files/manifests/flux_instance.yaml
-      "${k8s.k8s-ssh-secrets.kubernetes-deploy-key}/kubernetes-deploy-key.yaml"
-    ]
+    lib.concatMapStringsSep "," lib.escapeShellArg (
+      [
+        ./files/manifests/initial_clusterrole.yaml
+        ./files/manifests/cilium.yaml
+        ./files/manifests/coredns.yaml
+        ./files/manifests/flux_namespace.yaml
+        ./files/manifests/flux.yaml
+        ./files/manifests/flux_instance.yaml
+      ]
+      ++ (lib.attrsets.mapAttrsToList (
+        secret_name: secret_value: "${secret_value}/${secret_name}.yaml"
+      ) k8s.k8s-secrets-generic)
+    )
  );
  apply_manifests = "kubectl --kubeconfig=${k8s.client-configs.admin}/admin.kubeconfig apply --server-side --force-conflicts -f ${manifests}";
 in
--- a/nix/kubernetes/keys/package/k8s-keys/package.nix
+++ b/nix/kubernetes/keys/package/k8s-keys/package.nix
@@ -13,6 +13,5 @@ symlinkJoin {
  ++ (builtins.attrValues k8s.client-configs)
  ++ (builtins.attrValues k8s.ssh-keys)
  ++ (builtins.attrValues k8s.pgp-keys)
-  ++ (builtins.attrValues k8s.k8s-ssh-secrets)
  ++ (builtins.attrValues k8s.k8s-secrets-generic);
 }
--- a/nix/kubernetes/keys/package/k8s-secret-generic/package.nix
+++ b/nix/kubernetes/keys/package/k8s-secret-generic/package.nix
@@ -43,8 +43,6 @@ stdenv.mkDerivation (finalAttrs: {

  unpackPhase = "true";

-  # lib.attrsets.mapAttrsToList
-
  installPhase = ''
    mkdir "$out"
    cp "${yaml_file}" "$out/${secret_name}.yaml"
--- a/nix/kubernetes/keys/package/k8s-secret-ssh/package.nix
+++ b/nix/kubernetes/keys/package/k8s-secret-ssh/package.nix
@@ -1,39 +0,0 @@
-# unpackPhase
-# patchPhase
-# configurePhase
-# buildPhase
-# checkPhase
-# installPhase
-# fixupPhase
-# installCheckPhase
-# distPhase
-{
-  stdenv,
-  k8s,
-  kubectl,
-  secret_name,
-  secret_namespace,
-  ssh_key_name,
-  ...
-}:
-stdenv.mkDerivation (finalAttrs: {
-  name = "k8s-secret-ssh-${secret_name}";
-  nativeBuildInputs = [ kubectl ];
-  buildInputs = [ ];
-
-  unpackPhase = "true";
-
-  buildPhase = ''
-    kubectl create secret generic ${secret_name} \
-      --namespace ${secret_namespace} \
-      --from-file=identity=${k8s.ssh-keys."${ssh_key_name}"}/${ssh_key_name} \
-      --from-file=identity.pub=${k8s.ssh-keys."${ssh_key_name}"}/${ssh_key_name}.pub \
-      --dry-run=client -o yaml > ${secret_name}.yaml
-  '';
-  # --from-file=known_hosts=$(OUT)/known_hosts \
-
-  installPhase = ''
-    mkdir "$out"
-    cp "${secret_name}.yaml" $out/
-  '';
-})