feat(sops): finally somewhat properly set up with sops

2025-10-23 14:47:53 +02:00 · 2025-10-23 14:47:53 +02:00 · e9fef516ec
commit e9fef516ec
parent 40da937ee0
6 changed files with 58 additions and 43 deletions
--- a/.just/machine.just
+++ b/.just/machine.just
@ -0,0 +1,9 @@
+@_default: list
+
+[doc('List machines')]
+@list:
+  ls -1 ../systems/x86_64-linux/
+
+[doc('Update the target machine')]
+update machine:
+  nixos-rebuild switch --use-remote-sudo --target-host {{ machine }} --flake .#{{ machine }}
--- a/.just/vars.just
+++ b/.just/vars.just
@ -0,0 +1,28 @@
+base_path := invocation_directory() / "systems/x86_64-linux"
+sops := "nix shell nixpkgs#sops --command sops"
+
+@_default:
+  just --list
+
+[doc('list all vars of the target machine')]
+list machine:
+  {{ sops }} decrypt {{ base_path }}/{{ machine }}/secrets.yml
+  
+@edit machine:
+  {{ sops }} edit {{ base_path }}/{{ machine }}/secrets.yml
+  
+@set machine key value:
+  {{ sops }} set {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" \"{{ value }}\"
+
+  git add {{ base_path }}/{{ machine }}/secrets.yml
+  git commit -m 'ops(secrets): set secret "{{ key }}" for machine "{{ machine}}"' -- {{ base_path }}/{{ machine }}/secrets.yml
+
+  echo "Done"
+  
+@remove machine key:
+  {{ sops }} unset {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')"
+
+  git add {{ base_path }}/{{ machine }}/secrets.yml
+  git commit -m 'ops(secrets): removed secret "{{ key }}" from machine "{{ machine}}"' -- {{ base_path }}/{{ machine }}/secrets.yml
+
+  echo "Done"