Generate ssh keys for flux bootstrap.

nix/kubernetes/keys/package/k8s-keys/package.nix

@@ -10,5 +10,6 @@ symlinkJoin {
     k8s.encryption_config
   ]
   ++ (builtins.attrValues k8s.keys)
-  ++ (builtins.attrValues k8s.client-configs);
+  ++ (builtins.attrValues k8s.client-configs)
+  ++ (builtins.attrValues k8s.ssh-keys);
 }

nix/kubernetes/keys/package/ssh-key/package.nix

@@ -0,0 +1,33 @@
+# unpackPhase
+# patchPhase
+# configurePhase
+# buildPhase
+# checkPhase
+# installPhase
+# fixupPhase
+# installCheckPhase
+# distPhase
+{
+  lib,
+  stdenv,
+  k8s,
+  openssh,
+  key_name,
+  ...
+}:
+stdenv.mkDerivation (finalAttrs: {
+  name = "ssh-key-${key_name}";
+  nativeBuildInputs = [ openssh ];
+  buildInputs = [ ];
+
+  unpackPhase = "true";
+
+  buildPhase = ''
+    ssh-keygen -t ed25519 -f ${key_name} -N ""
+  '';
+
+  installPhase = ''
+    mkdir "$out"
+    cp "${key_name}" "${key_name}.pub" $out/
+  '';
+})

nix/kubernetes/keys/scope.nix

@@ -96,6 +96,11 @@ makeScope newScope (
         "service-accounts"
       ] (key_name: (callPackage ./package/tls-key/package.nix (additional_vars // { inherit key_name; })))
     );
+    ssh-keys = (
+      lib.genAttrs [
+        "flux_ssh_key"
+      ] (key_name: (callPackage ./package/ssh-key/package.nix (additional_vars // { inherit key_name; })))
+    );
     client-configs = (
       builtins.mapAttrs
         (