chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

start on poor man's clan vars
Some checks failed
Test action / kaas (push) Failing after 1s
Details

Browse source
This commit is contained in:
Chris Kruining 2026-02-24 15:55:08 +01:00
parent 6fde383844
commit f3e5854120
No known key found for this signature in database
GPG key ID: EB894A3560CCCAD2
1 changed files with 31 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

33
.just/vars.just
View file

@ -4,15 +4,17 @@ set quiet := true
base_path := invocation_directory() / "systems/x86_64-linux"
_default:
just --list
just --list vars
[doc('list all vars of the target machine')]
[doc('List all vars of {machine}')]
list machine:
sops decrypt {{ base_path }}/{{ machine }}/secrets.yml
[doc('Edit all vars of {machine} in your editor')]
edit machine:
sops edit {{ base_path }}/{{ machine }}/secrets.yml
[doc('Set var {value} by {key} for {machine}')]
@set machine key value:
sops set {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" "\"$(echo '{{ value }}' | sed 's/\"/\\\"/g')\""
@ -21,9 +23,11 @@ edit machine:
echo "Done"
[doc('Get var value by {key} of {machine}')]
get machine key:
sops decrypt {{ base_path }}/{{ machine }}/secrets.yml | yq ".$(echo "{{ key }}" | sed -E 's/\//./g')"
[doc('Remove var by {key} for {machine}')]
remove machine key:
sops unset {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')"
@ -31,3 +35,28 @@ remove machine key:
git commit -m 'chore(secrets): removed secret "{{ key }}" from machine "{{ machine }}"' -- {{ base_path }}/{{ machine }}/secrets.yml > /dev/null
echo "Done"
[script]
check:
for machine in $(ls {{ base_path }}); do
[ -f "{{ base_path }}/$machine/secrets.yml" ] || continue
[ -f "{{ base_path }}/$machine/default.nix" ] || continue
echo "Processing $machine"
mapfile -t missing < <(jq -nr \
--rawfile defined <(nix eval --json --apply 'builtins.attrNames' ..#nixosConfigurations.$machine.config.sops.secrets 2>/dev/null) \
--rawfile configured <(sops decrypt {{ base_path }}/$machine/secrets.yml | yq '.') \
'
$defined | fromjson as $def
| $configured
| fromjson
| paths(scalars)
| join("/")
| select(. | IN($def[]) | not)
')
if (( ${#missing[@]} > 0 )); then
printf 'missing the following %d secret(s):\n%s\n\n' "${#missing[@]}" "$(printf -- '- %s\n' "${missing[@]}")"
fi
done