Generic secrets for ssh keys.

nix/kubernetes/keys/package/bootstrap-script/package.nix

@@ -27,15 +27,19 @@ let
     echo "Bootstrap finished"
   '');
   manifests = (
-    lib.concatMapStringsSep "," lib.escapeShellArg [
+    lib.concatMapStringsSep "," lib.escapeShellArg (
+      [
         ./files/manifests/initial_clusterrole.yaml
         ./files/manifests/cilium.yaml
         ./files/manifests/coredns.yaml
         ./files/manifests/flux_namespace.yaml
         ./files/manifests/flux.yaml
         ./files/manifests/flux_instance.yaml
-      "${k8s.k8s-ssh-secrets.kubernetes-deploy-key}/kubernetes-deploy-key.yaml"
       ]
+      ++ (lib.attrsets.mapAttrsToList (
+        secret_name: secret_value: "${secret_value}/${secret_name}.yaml"
+      ) k8s.k8s-secrets-generic)
+    )
   );
   apply_manifests = "kubectl --kubeconfig=${k8s.client-configs.admin}/admin.kubeconfig apply --server-side --force-conflicts -f ${manifests}";
 in

nix/kubernetes/keys/package/k8s-keys/package.nix

@@ -13,6 +13,5 @@ symlinkJoin {
   ++ (builtins.attrValues k8s.client-configs)
   ++ (builtins.attrValues k8s.ssh-keys)
   ++ (builtins.attrValues k8s.pgp-keys)
-  ++ (builtins.attrValues k8s.k8s-ssh-secrets)
   ++ (builtins.attrValues k8s.k8s-secrets-generic);
 }

nix/kubernetes/keys/package/k8s-secret-generic/package.nix

@@ -43,8 +43,6 @@ stdenv.mkDerivation (finalAttrs: {
 
   unpackPhase = "true";
 
-  # lib.attrsets.mapAttrsToList
-
   installPhase = ''
     mkdir "$out"
     cp "${yaml_file}" "$out/${secret_name}.yaml"

nix/kubernetes/keys/package/k8s-secret-ssh/package.nix

@@ -1,39 +0,0 @@
-# unpackPhase
-# patchPhase
-# configurePhase
-# buildPhase
-# checkPhase
-# installPhase
-# fixupPhase
-# installCheckPhase
-# distPhase
-{
-  stdenv,
-  k8s,
-  kubectl,
-  secret_name,
-  secret_namespace,
-  ssh_key_name,
-  ...
-}:
-stdenv.mkDerivation (finalAttrs: {
-  name = "k8s-secret-ssh-${secret_name}";
-  nativeBuildInputs = [ kubectl ];
-  buildInputs = [ ];
-
-  unpackPhase = "true";
-
-  buildPhase = ''
-    kubectl create secret generic ${secret_name} \
-      --namespace ${secret_namespace} \
-      --from-file=identity=${k8s.ssh-keys."${ssh_key_name}"}/${ssh_key_name} \
-      --from-file=identity.pub=${k8s.ssh-keys."${ssh_key_name}"}/${ssh_key_name}.pub \
-      --dry-run=client -o yaml > ${secret_name}.yaml
-  '';
-  # --from-file=known_hosts=$(OUT)/known_hosts \
-
-  installPhase = ''
-    mkdir "$out"
-    cp "${secret_name}.yaml" $out/
-  '';
-})

nix/kubernetes/keys/scope.nix

@@ -114,21 +114,6 @@ makeScope newScope (
           };
         }
     );
-    k8s-ssh-secrets = (
-      builtins.mapAttrs
-        (
-          secret_name: secret_config:
-          (callPackage ./package/k8s-secret-ssh/package.nix (
-            additional_vars // { inherit secret_name; } // secret_config
-          ))
-        )
-        {
-          "kubernetes-deploy-key" = {
-            secret_namespace = "flux-system";
-            ssh_key_name = "flux_ssh_key";
-          };
-        }
-    );
     k8s-secrets-generic = (
       builtins.mapAttrs
         (
@@ -144,6 +129,13 @@ makeScope newScope (
               "sops.asc" = (builtins.readFile "${self.pgp-keys.flux_gpg}/flux_gpg_private_key.asc");
             };
           };
+          "kubernetes-deploy-key" = {
+            secret_namespace = "flux-system";
+            secret_values = {
+              "identity" = builtins.readFile "${self.ssh-keys.flux_ssh_key}/flux_ssh_key";
+              "identity.pub" = builtins.readFile "${self.ssh-keys.flux_ssh_key}/flux_ssh_key.pub";
+            };
+          };
         }
     );
     client-configs = (