Add generation for in-repo secrets.

nix/kubernetes/keys/flake.nix

@@ -23,6 +23,7 @@
           deploy_script = pkgs.k8s.deploy_script;
           default = pkgs.k8s.all_keys;
           bootstrap_script = pkgs.k8s.bootstrap_script;
+          mrmanager_repo_secrets = pkgs.k8s.mrmanager_repo_secrets;
         }
       );
       overlays.default = (

nix/kubernetes/keys/package/k8s-keys/package.nix

@@ -10,12 +10,17 @@ let
     cp ${k8s.deploy_script} $out/deploy_script
     cp ${k8s.bootstrap_script} $out/bootstrap_script
   '';
+  mrmanager_repo_secrets = runCommand "mrmanager_repo_secrets" { } ''
+    mkdir $out
+    cp -r ${k8s.mrmanager_repo_secrets} $out/mrmanager_repo_secrets
+  '';
 in
 symlinkJoin {
   name = "k8s-keys";
   paths = [
     scripts
     k8s.encryption_config
+    mrmanager_repo_secrets
   ]
   ++ (builtins.attrValues k8s.ca)
   ++ (builtins.attrValues k8s.keys)

nix/kubernetes/keys/package/mrmanager-repo-secrets/package.nix

@@ -0,0 +1,26 @@
+{
+  k8s,
+  runCommand,
+  symlinkJoin,
+  ...
+}:
+let
+  scripts = runCommand "scripts" { } ''
+    mkdir $out
+    cp ${k8s.deploy_script} $out/deploy_script
+    cp ${k8s.bootstrap_script} $out/bootstrap_script
+  '';
+in
+symlinkJoin {
+  name = "k8s-keys";
+  paths = [
+    scripts
+    k8s.encryption_config
+  ]
+  ++ (builtins.attrValues k8s.ca)
+  ++ (builtins.attrValues k8s.keys)
+  ++ (builtins.attrValues k8s.client-configs)
+  ++ (builtins.attrValues k8s.ssh-keys)
+  ++ (builtins.attrValues k8s.pgp-keys)
+  ++ (builtins.attrValues k8s.k8s-secrets-generic);
+}

nix/kubernetes/keys/scope.nix

@@ -373,5 +373,6 @@ makeScope newScope (
     all_keys = (callPackage ./package/k8s-keys/package.nix additional_vars);
     deploy_script = (callPackage ./package/deploy-script/package.nix additional_vars);
     bootstrap_script = (callPackage ./package/bootstrap-script/package.nix additional_vars);
+    mrmanager_repo_secrets = (callPackage ./package/mrmanager-repo-secrets/package.nix additional_vars);
   }
 )