Created this prototype and have been testing it. It copies the design of the charon SSH keys. It roughly replaces the approach of a two-phased deployment; generating various files on a local filesytem and then pulling it into the nixops deployment. Instead, it will locally generate (i’m thinking of ways to do remote generation) the requested resources, bundle them into the statefile, and expose it as a resource for inclusion into “send-keys” or “etc” or wherever. I’ve found this useful for creating various keypairs such that the public side is available to send to other machines.
Looking for any thoughts, reviews, suggestions.