talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Generic secrets for ssh keys.

Browse Source
This commit is contained in:
Tom Alexander
2025-12-21 22:41:21 -05:00
parent 6642cedadf
commit fb327e5c76
5 changed files with 20 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
nix/kubernetes/keys/scope.nix
View File

@@ -114,21 +114,6 @@ makeScope newScope (
};
}
);
k8s-ssh-secrets = (
builtins.mapAttrs
(
secret_name: secret_config:
(callPackage ./package/k8s-secret-ssh/package.nix (
additional_vars // { inherit secret_name; } // secret_config
))
)
{
"kubernetes-deploy-key" = {
secret_namespace = "flux-system";
ssh_key_name = "flux_ssh_key";
};
}
);
k8s-secrets-generic = (
builtins.mapAttrs
(
@@ -144,6 +129,13 @@ makeScope newScope (
"sops.asc" = (builtins.readFile "${self.pgp-keys.flux_gpg}/flux_gpg_private_key.asc");
};
};
"kubernetes-deploy-key" = {
secret_namespace = "flux-system";
secret_values = {
"identity" = builtins.readFile "${self.ssh-keys.flux_ssh_key}/flux_ssh_key";
"identity.pub" = builtins.readFile "${self.ssh-keys.flux_ssh_key}/flux_ssh_key.pub";
};
};
}
);
client-configs = (