nixos-config/modules/pubkeys.nix

# SPDX-FileCopyrightText: 2020-2024 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later

{ config, lib, ... }:
let
  cfg = config.sbruder.pubkeys;
in
{
  options.sbruder.pubkeys = {
    keys = lib.mkOption {
      type = lib.types.attrsOf lib.types.str;
      description = "Known public keys that can be used in the configuration";
      default = {
        "alpha" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE1KsR0pgwLfhbP/BDeyb7CLnIqbWiaS52QKUOYLtioH"; # Nitrokey 3
        "beta" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtp4pbIVjjXN7J277+pm5EyzIQVD5aHpoi45J1PNVCL"; # Nitrokey 3
        "backup" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfsufQIdFzWK1B1uelCzt8XJaoublRPn1gjZvumSEr+"; # Offline backup key
      };
    };
    trustedNames = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      description = "Names of trusted public keys, used to generate <literal>sbruder.pubkeys.trustedKeys</literal>";
      default = [
        "alpha"
        "beta"
        "backup"
      ];
    };
    trustedKeys = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      description = "Trusted public keys, automatically generated from <literal>sbruder.pubkeys.trustedNames</literal>";
      default = map
        (name: cfg.keys."${name}")
        cfg.trustedNames;
    };
  };
}
Use Nitrokey as PGP smartcard 2024-01-21 20:58:25 +01:00			`# SPDX-FileCopyrightText: 2020-2024 Simon Bruder <simon@sbruder.de>`
Relicense This applies the REUSE specification to the repository, so the licensing information can be tracked for every file individually. 2024-01-06 01:19:35 +01:00			`#`
			`# SPDX-License-Identifier: AGPL-3.0-or-later`

Refactor pubkey configuration 2020-12-05 16:42:49 +01:00			`{ config, lib, ... }:`
			`let`
			`cfg = config.sbruder.pubkeys;`
			`in`
Initial commit 2020-08-22 17:44:39 +02:00			`{`
Refactor pubkey configuration 2020-12-05 16:42:49 +01:00			`options.sbruder.pubkeys = {`
			`keys = lib.mkOption {`
			`type = lib.types.attrsOf lib.types.str;`
			`description = "Known public keys that can be used in the configuration";`
			`default = {`
Use Nitrokey as PGP smartcard 2024-01-21 20:58:25 +01:00			`"alpha" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE1KsR0pgwLfhbP/BDeyb7CLnIqbWiaS52QKUOYLtioH"; # Nitrokey 3`
			`"beta" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtp4pbIVjjXN7J277+pm5EyzIQVD5aHpoi45J1PNVCL"; # Nitrokey 3`
			`"backup" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfsufQIdFzWK1B1uelCzt8XJaoublRPn1gjZvumSEr+"; # Offline backup key`
Refactor pubkey configuration 2020-12-05 16:42:49 +01:00			`};`
			`};`
			`trustedNames = lib.mkOption {`
			`type = lib.types.listOf lib.types.str;`
			`description = "Names of trusted public keys, used to generate <literal>sbruder.pubkeys.trustedKeys</literal>";`
			`default = [`
Use Nitrokey as PGP smartcard 2024-01-21 20:58:25 +01:00			`"alpha"`
			`"beta"`
			`"backup"`
Refactor pubkey configuration 2020-12-05 16:42:49 +01:00			`];`
			`};`
			`trustedKeys = lib.mkOption {`
			`type = lib.types.listOf lib.types.str;`
			`description = "Trusted public keys, automatically generated from <literal>sbruder.pubkeys.trustedNames</literal>";`
Replace builtins with lib where possible 2021-02-27 19:55:12 +01:00			`default = map`
Refactor pubkey configuration 2020-12-05 16:42:49 +01:00			`(name: cfg.keys."${name}")`
			`cfg.trustedNames;`
			`};`
			`};`
Initial commit 2020-08-22 17:44:39 +02:00			`}`