about summary refs log blame commit diff stats
path: root/modules/system/secrets/update_secrets.sh
blob: 877d2892a3b0a38a31e633fd612857bbf64511a2 (plain) (tree)
1
2
3
4
5
6
7
8
9
10
11
12
                                                               
                       







                                                    
                                                                     






















                                                                                                              
#!/usr/bin/env nix
#! nix shell nixpkgs#age nixpkgs#jq nixpkgs#dash --command dash
# shellcheck shell=dash

cleanup() {
    [ "$key_file" ] && rm "$key_file"
}
trap cleanup EXIT

update_lf_cd_paths() {
    echo "Starting to update the lf/cd_paths file.."

    cd "$(git rev-parse --show-toplevel)/modules/system/secrets" || {
        echo "A secrets dir does not exist! (This is most likely a bug)"
        exit 1
    }

    key_file="$(mktemp)"

    nix eval -f ./secrets.nix --json | jq --raw-output '.["lf/cd_paths"].publicKeys | join("\n")' >"$key_file"

    # `lf-make-map` is provided by the dev shell
    {
        lf-make-map --quiet --depth 4 visualize ~/media ~/repos ~/school | sed 's|\(.*\)|# \1|'
        lf-make-map --quiet --depth 4 generate ~/media ~/repos ~/school
    } | age --recipients-file "$key_file" --encrypt --armor --output ./lf/cd_paths

    echo "Finished updating the lf/cd_paths file.."
}

main() {
    update_lf_cd_paths
}

main

# vim: ft=sh