12{3 nixpkgs,4 hostNames,5}:6with nixpkgs.lib; rec {7 hostsToAttrs = f:8 listToAttrs (9 map (name: {10 inherit name;11 value = f name;12 })13 hostNames14 );15 hostsCartesian = remove null (16 unique (17 crossLists18 (19 a: b:20 if a == b21 then null22 else hostsPair a b23 ) [hostNames hostNames]24 )25 );26 hostsPair = this: other: let27 sorted = sort (a: b: a < b) [this other];28 in {29 a = elemAt sorted 0;30 b = elemAt sorted 1;31 };32 hostPairName = this: other:33 if this < other34 then "${this}-${other}"35 else "${other}-${this}";3637 38 39 mkFleetDefault = mkOverride 999;40 41 mkFleetGeneratorDefault = mkOverride 1001;4243 mkPassword = {size ? 32}: {44 coreutils,45 mkSecretGenerator,46 ...47 }:48 mkSecretGenerator {49 script = ''50 mkdir $out51 gh generate password -o $out/secret --size ${toString size}52 '';53 };5455 mkEd25519 = {56 noEmbedPublic ? false,57 encoding ? null,58 }: {mkSecretGenerator, ...}:59 mkSecretGenerator {60 script = ''61 mkdir $out62 gh generate ed25519 -p $out/public -s $out/secret \63 ${lib.optionalString noEmbedPublic "--no-embed-public"} \64 ${lib.optionalString (encoding != null) "--encoding=${encoding}"}65 '';66 };6768 mkGarage = {}: mkEd25519 {noEmbedPublic = true;};6970 mkX25519 = {encoding ? null}: {mkSecretGenerator, ...}:71 mkSecretGenerator {72 script = ''73 mkdir $out74 gh generate x25519 -p $out/public -s $out/secret \75 ${lib.optionalString (encoding != null) "--encoding=${encoding}"}76 '';77 };7879 mkWireguard = {}: mkX25519 {encoding = "base64";};8081 mkRsa = {size ? 4096}: {82 openssl,83 mkSecretGenerator,84 ...85 }:86 mkSecretGenerator {87 script = ''88 mkdir $out8990 ${openssl}/bin/openssl genrsa -out rsa_private.key ${toString size}91 ${openssl}/bin/openssl rsa -in rsa_private.key -pubout -out rsa_public.key9293 cat rsa_private.key | gh private -o $out/secret94 cat rsa_public.key | gh public -o $out/public95 '';96 };97}