about summary refs log tree commit diff stats
path: root/modules/by-name/se/secrets/update_secrets.sh
diff options
context:
space:
mode:
authorBenedikt Peetz <benedikt.peetz@b-peetz.de>2024-10-18 17:07:46 +0200
committerBenedikt Peetz <benedikt.peetz@b-peetz.de>2024-10-18 17:07:46 +0200
commitc52c7f314ccadcc2fcd91e28c8fd1b88f6d5ce0c (patch)
treee8b947710b467b32740598ff574982097836f66c /modules/by-name/se/secrets/update_secrets.sh
parentchore(pkgs/yt): 1.2.1 -> 1.3.0 (diff)
downloadnixos-config-c52c7f314ccadcc2fcd91e28c8fd1b88f6d5ce0c.zip
refactor(modules): Move all system modules to `by-name`
From now on all modules should be added to the new `by-name` directory.
This should help remove the (superficial and utterly useless)
distinction between `home-manager` and `NixOS` modules.
Diffstat (limited to 'modules/by-name/se/secrets/update_secrets.sh')
-rwxr-xr-xmodules/by-name/se/secrets/update_secrets.sh37
1 files changed, 37 insertions, 0 deletions
diff --git a/modules/by-name/se/secrets/update_secrets.sh b/modules/by-name/se/secrets/update_secrets.sh
new file mode 100755
index 00000000..f1c27d77
--- /dev/null
+++ b/modules/by-name/se/secrets/update_secrets.sh
@@ -0,0 +1,37 @@
+#!/usr/bin/env nix
+#! nix shell nixpkgs#age nixpkgs#jq nixpkgs#dash --command dash
+# shellcheck shell=dash
+
+cleanup() {
+    [ "$key_file" ] && rm "$key_file"
+}
+trap cleanup EXIT
+
+update_lf_cd_paths() {
+    echo "Starting to update the lf/cd_paths.age file.."
+
+    cd "$(git rev-parse --show-toplevel)/modules/system/secrets" || {
+        echo "A secrets dir does not exist! (This is most likely a bug)"
+        exit 1
+    }
+
+    key_file="$(mktemp)"
+
+    nix eval -f ./secrets.nix --json | jq --raw-output '.["lf/cd_paths.age"].publicKeys | join("\n")' >"$key_file"
+
+    # `lf-make-map` is provided by the dev shell
+    {
+        lf-make-map --quiet --depth 4 visualize ~/media ~/repos ~/school | sed 's|\(.*\)|# \1|'
+        lf-make-map --quiet --depth 4 generate ~/media ~/repos ~/school
+    } | age --recipients-file "$key_file" --encrypt --armor --output ./lf/cd_paths.age
+
+    echo "Finished updating the lf/cd_paths.age file.."
+}
+
+main() {
+    update_lf_cd_paths
+}
+
+main
+
+# vim: ft=sh