]> Git — Sourcephile - sourcephile-nix.git/blob - shell/gnupg.nix
losurdo: openvpn-calyx: cleanup
[sourcephile-nix.git] / shell / gnupg.nix
1 { inputs, lib, ... }:
2 {
3 gnupg.keys = {
4 "Julien Moutinho <julm@sourcephile.fr>" = {
5 uid = "Julien Moutinho <julm@sourcephile.fr>";
6 algo = "rsa4096";
7 expire = "3y";
8 usage = [ "cert" "sign" ];
9 passPath = "members/julm/gpg/password";
10 subKeys = [
11 { algo = "rsa4096"; expire = "3y"; usage = [ "sign" ]; }
12 { algo = "rsa4096"; expire = "3y"; usage = [ "encrypt" ]; }
13 { algo = "rsa4096"; expire = "3y"; usage = [ "auth" ]; }
14 ];
15 backupRecipients = [ "" ];
16 };
17 "Julien Moutinho <julm@mermet>" = {
18 uid = "Julien Moutinho <julm@mermet>";
19 algo = "rsa4096";
20 expire = "3y";
21 usage = [ "cert" "sign" ];
22 passPath = "members/julm/gpg/password";
23 subKeys = [
24 { algo = "rsa4096"; expire = "3y"; usage = [ "sign" ]; }
25 { algo = "rsa4096"; expire = "3y"; usage = [ "encrypt" ]; }
26 { algo = "rsa4096"; expire = "3y"; usage = [ "auth" ]; }
27 ];
28 backupRecipients = [ "" ];
29 };
30 } // lib.listToAttrs (
31 let domain = "sourcephile.fr"; in
32 builtins.map
33 (host: lib.nameValuePair "root@${host}.${domain}" {
34 uid = "root@${host}.${domain}";
35 algo = "rsa4096";
36 expire = "0";
37 usage = [ "cert" "sign" ];
38 passPath = "hosts/${host}/gnupg/root";
39 subKeys = [
40 { algo = "rsa4096"; expire = "0"; usage = [ "encrypt" ]; }
41 ];
42 backupRecipients = [ "" ];
43 })
44 (builtins.attrNames inputs.self.nixosConfigurations)
45 );
46 }