initial migration

.just/vars.just

@@ -1,38 +1,39 @@
 set unstable := true
 set quiet := true
 
-base_path := justfile_directory() + "/systems/x86_64-linux"
+machine_base_path := justfile_directory() + "/../machines"
+secret_base_path := justfile_directory() + "/../systems/x86_64-linux"
 
 _default:
     just --list vars
 
 [doc('List all vars of {machine}')]
 list machine:
-    sops decrypt {{ base_path }}/{{ machine }}/secrets.yml
+    sops decrypt {{ secret_base_path }}/{{ machine }}/secrets.yml
 
 [doc('Edit all vars of {machine} in your editor')]
 edit machine:
-    sops edit {{ base_path }}/{{ machine }}/secrets.yml
+    sops edit {{ secret_base_path }}/{{ machine }}/secrets.yml
 
 [doc('Set var {value} by {key} for {machine}')]
 @set machine key value:
-    sops set {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" "\"$(echo '{{ value }}' | sed 's/\"/\\\"/g')\""
+    sops set {{ secret_base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" "\"$(echo '{{ value }}' | sed 's/\"/\\\"/g')\""
 
-    git add {{ base_path }}/{{ machine }}/secrets.yml
-    git commit -m 'chore(secrets): set secret "{{ key }}" for machine "{{ machine }}"' -- {{ base_path }}/{{ machine }}/secrets.yml > /dev/null
+    git add {{ secret_base_path }}/{{ machine }}/secrets.yml
+    git commit -m 'chore(secrets): set secret "{{ key }}" for machine "{{ machine }}"' -- {{ secret_base_path }}/{{ machine }}/secrets.yml > /dev/null
 
     echo "Done"
 
 [doc('Get var by {key} from {machine}')]
 get machine key:
-    sops decrypt {{ base_path }}/{{ machine }}/secrets.yml | yq ".$(echo "{{ key }}" | sed -E 's/\//./g') // \"\""
+    sops decrypt {{ secret_base_path }}/{{ machine }}/secrets.yml | yq ".$(echo "{{ key }}" | sed -E 's/\//./g') // \"\""
 
 [doc('Remove var by {key} for {machine}')]
 remove machine key:
-    sops unset {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')"
+    sops unset {{ secret_base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')"
 
-    git add {{ base_path }}/{{ machine }}/secrets.yml
-    git commit -m 'chore(secrets): removed secret "{{ key }}" from machine "{{ machine }}"' -- {{ base_path }}/{{ machine }}/secrets.yml > /dev/null
+    git add {{ secret_base_path }}/{{ machine }}/secrets.yml
+    git commit -m 'chore(secrets): removed secret "{{ key }}" from machine "{{ machine }}"' -- {{ secret_base_path }}/{{ machine }}/secrets.yml > /dev/null
 
     echo "Done"
 
@@ -59,7 +60,7 @@ _rotate machine key:
 check:
     cd ..
 
-    for machine in $(ls {{ base_path }}); do
+    for machine in $(ls {{ machine_base_path }}); do
          just vars _check "$machine"
     done
 
@@ -70,14 +71,14 @@ _check machine:
     # we can skip this folder as we are
     # missing the files used to compare
     # the defined vs the configured secrets
-    if [ ! -f "{{ base_path }}/{{ machine }}/default.nix" ]; then
+    if [ ! -f "{{ machine_base_path }}/{{ machine }}/default.nix" ]; then
         printf "\r• %-8sskipped\n" "{{ machine }}"
         exit 0
     fi
 
     exec 3< <(jq -nr \
         --rawfile defined <(nix eval --json ..#nixosConfigurations.{{ machine }}.config.sops.secrets 2>/dev/null) \
-        --rawfile configured <([ -f "{{ base_path }}/{{ machine }}/secrets.yml" ] && sops decrypt {{ base_path }}/{{ machine }}/secrets.yml | yq '.' || echo "{}") \
+        --rawfile configured <([ -f "{{ secret_base_path }}/{{ machine }}/secrets.yml" ] && sops decrypt {{ secret_base_path }}/{{ machine }}/secrets.yml | yq '.' || echo "{}") \
         '
             [ $configured | fromjson | paths(scalars) | join("/") ] as $conf
             | $defined