deployment: create (deployment keys) module

* deployment/keys.scm: define a module. * deployment/keys.scm: define variables mcdowell-guix and rakan-guix. * deployment/systems/mcdowell.scm (guix-offload-rakan): use the new key definition at rakan-guix. * deployment/systems/rakan.scm (guix-offload-authorizations): use the new key definitions at mcdowell-guix. * keys/guix/mcdowell-signing-key.pub: remove the file. * keys/guix/rakan-signing-key.pub: remove the file.
author: Marek Paśnikowski <marek@marekpasnikowski.pl> 2025-11-13 12:57:56 +0100
committer: Marek Paśnikowski <marek@marekpasnikowski.pl> 2025-11-13 13:08:17 +0100
commit: c988e6764e98c554ab71ea177d0483f7bfb4d8fe (patch)
tree: a89204fd6aa8ba27e61b203bf2a88e93677091a1
parent: 2524787473460db40a95df1ce11f06c6f42fcd13 (diff)
5 files changed, 29 insertions, 23 deletions
diff --git a/deployment/keys.scm b/deployment/keys.scm
new file mode 100644
index 0000000..ec67b00
--- /dev/null
+++ b/deployment/keys.scm
@@ -0,0 +1,19 @@
+;;; SPDX-License-Identifier: GPL-3.0-or-later
+;;; SPDX-FileCopyrightText: 2025 Marek Paśnikowski <marek@marekpasnikowski.pl>
+
+(define-module (deployment keys)
+  #:use-module (guix gexp))
+
+(define-public mcdowell-guix
+  (mixed-text-file "mcdowell-signing-key.pub"
+                   "(public-key\n"
+                   "  (ecc\n"
+                   "    (curve Ed25519)\n"
+                   "      (q #FDA720ED167E05AB735182D887A450DCD534A85F2697DE421E49CA043FC01E4D#)))"))
+
+(define-public rakan-guix
+  (mixed-text-file "rakan-signing-key.pub"
+                   "(public-key\n"
+                   "  (ecc\n"
+                   "    (curve Ed25519)\n"
+                   "      (q #FDA720ED167E05AB735182D887A450DCD534A85F2697DE421E49CA043FC01E4D#)))"))
diff --git a/deployment/keys/guix/mcdowell-signing-key.pub b/deployment/keys/guix/mcdowell-signing-key.pub
deleted file mode 100644
index 358fdc0..0000000
--- a/deployment/keys/guix/mcdowell-signing-key.pub
+++ /dev/null
@@ -1,6 +0,0 @@
-(public-key 
- (ecc 
-  (curve Ed25519)
-  (q #FDA720ED167E05AB735182D887A450DCD534A85F2697DE421E49CA043FC01E4D#)
-  )
- )
diff --git a/deployment/keys/guix/rakan-signing-key.pub b/deployment/keys/guix/rakan-signing-key.pub
deleted file mode 100644
index 358fdc0..0000000
--- a/deployment/keys/guix/rakan-signing-key.pub
+++ /dev/null
@@ -1,6 +0,0 @@
-(public-key 
- (ecc 
-  (curve Ed25519)
-  (q #FDA720ED167E05AB735182D887A450DCD534A85F2697DE421E49CA043FC01E4D#)
-  )
- )
diff --git a/deployment/systems/mcdowell.scm b/deployment/systems/mcdowell.scm
index c238f48..7a5cc02 100644
--- a/deployment/systems/mcdowell.scm
+++ b/deployment/systems/mcdowell.scm
@@ -2,6 +2,8 @@
 ;;; SPDX-FileCopyrightText: 2024-2025 Marek Paśnikowski <marek@marekpasnikowski.pl>
 
 (define-module (deployment systems mcdowell)
+  #:use-module ( (deployment keys)
+                 #:prefix deployment:keys:)
   #:use-module ( (gnu packages package-management)
                  #:prefix gnu:packages:package-management:)
   #:use-module ( (gnu services)
@@ -75,11 +77,9 @@
     (private-key "/home/marek/.ssh/id_ed25519")))
 
 (define guix-offload-rakan
-  (let
-    ( (l-signing-key   (local-file "../keys/guix/rakan-signing-key.pub")))
-    (gnu:services:base:guix-extension
-      (authorized-keys (list l-signing-key))
-      (build-machines  (list rakan-machine)))))
+  (gnu:services:base:guix-extension
+    (authorized-keys (list deployment:keys:rakan-guix))
+    (build-machines  (list rakan-machine))))
 
 (define system
   (let*
diff --git a/deployment/systems/rakan.scm b/deployment/systems/rakan.scm
index c952472..0f03d65 100644
--- a/deployment/systems/rakan.scm
+++ b/deployment/systems/rakan.scm
@@ -2,6 +2,8 @@
 ;;; SPDX-FileCopyrightText: 2024-2025 Marek Paśnikowski <marek@marekpasnikowski.pl>
 
 (define-module (deployment systems rakan)
+  #:use-module ( (deployment keys)
+                 #:prefix deployment:keys:)
   #:use-module ( (gnu services)
                  #:prefix gnu:services:)
   #:use-module ( (gnu services base)
@@ -31,8 +33,7 @@
   #:use-module ( (sovereign systems)
                  #:prefix sovereign:systems:)
   #:use-module ( (users id1000)
-                 #:prefix users:id1000:)
-  #:use-module (guix gexp))
+                 #:prefix users:id1000:))
 
 (define system-name
   "rakan")
@@ -62,10 +63,8 @@
       (target   l-target))))
 
 (define guix-offload-authorizations
-  (let
-    ( (l-mcdowell-key (local-file "../keys/guix/mcdowell-signing-key.pub")))
-    (gnu:services:base:guix-extension
-      (authorized-keys (list l-mcdowell-key)))))
+  (gnu:services:base:guix-extension
+    (authorized-keys (list deployment:keys:mcdowell-guix))))
 
 (define guix-publish-configuration
   (gnu:services:base:guix-publish-configuration
author	Marek Paśnikowski <marek@marekpasnikowski.pl>	2025-11-13 12:57:56 +0100
committer	Marek Paśnikowski <marek@marekpasnikowski.pl>	2025-11-13 13:08:17 +0100
commit	c988e6764e98c554ab71ea177d0483f7bfb4d8fe (patch)
tree	a89204fd6aa8ba27e61b203bf2a88e93677091a1
parent	2524787473460db40a95df1ce11f06c6f42fcd13 (diff)