# SPDX-FileCopyrightText: 2020-2024 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later

{ config, lib, ... }:
let
  cfg = config.sbruder.pubkeys;
in
{
  options.sbruder.pubkeys = {
    keys = lib.mkOption {
      type = lib.types.attrsOf lib.types.str;
      description = "Known public keys that can be used in the configuration";
      default = {
        "alpha" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE1KsR0pgwLfhbP/BDeyb7CLnIqbWiaS52QKUOYLtioH"; # Nitrokey 3
        "beta" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtp4pbIVjjXN7J277+pm5EyzIQVD5aHpoi45J1PNVCL"; # Nitrokey 3
        "backup" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfsufQIdFzWK1B1uelCzt8XJaoublRPn1gjZvumSEr+"; # Offline backup key
      };
    };
    trustedNames = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      description = "Names of trusted public keys, used to generate <literal>sbruder.pubkeys.trustedKeys</literal>";
      default = [
        "alpha"
        "beta"
        "backup"
      ];
    };
    trustedKeys = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      description = "Trusted public keys, automatically generated from <literal>sbruder.pubkeys.trustedNames</literal>";
      default = map
        (name: cfg.keys."${name}")
        cfg.trustedNames;
    };
  };
}