diff options
Diffstat (limited to 'modules/by-name/se/secrets/update_secrets.sh')
| -rwxr-xr-x | modules/by-name/se/secrets/update_secrets.sh | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/modules/by-name/se/secrets/update_secrets.sh b/modules/by-name/se/secrets/update_secrets.sh new file mode 100755 index 00000000..f1c27d77 --- /dev/null +++ b/modules/by-name/se/secrets/update_secrets.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env nix +#! nix shell nixpkgs#age nixpkgs#jq nixpkgs#dash --command dash +# shellcheck shell=dash + +cleanup() { + [ "$key_file" ] && rm "$key_file" +} +trap cleanup EXIT + +update_lf_cd_paths() { + echo "Starting to update the lf/cd_paths.age file.." + + cd "$(git rev-parse --show-toplevel)/modules/system/secrets" || { + echo "A secrets dir does not exist! (This is most likely a bug)" + exit 1 + } + + key_file="$(mktemp)" + + nix eval -f ./secrets.nix --json | jq --raw-output '.["lf/cd_paths.age"].publicKeys | join("\n")' >"$key_file" + + # `lf-make-map` is provided by the dev shell + { + lf-make-map --quiet --depth 4 visualize ~/media ~/repos ~/school | sed 's|\(.*\)|# \1|' + lf-make-map --quiet --depth 4 generate ~/media ~/repos ~/school + } | age --recipients-file "$key_file" --encrypt --armor --output ./lf/cd_paths.age + + echo "Finished updating the lf/cd_paths.age file.." +} + +main() { + update_lf_cd_paths +} + +main + +# vim: ft=sh |