modules/by-name/se/secrets/update_secrets.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

#!/usr/bin/env nix
#! nix shell nixpkgs#age nixpkgs#jq nixpkgs#dash --command dash
# shellcheck shell=dash

cleanup() {
    [ "$key_file" ] && rm "$key_file"
}
trap cleanup EXIT

update_lf_cd_paths() {
    echo "Starting to update the lf/cd_paths.age file.."

    cd "$(git rev-parse --show-toplevel)/modules/system/secrets" || {
        echo "A secrets dir does not exist! (This is most likely a bug)"
        exit 1
    }

    key_file="$(mktemp)"

    nix eval -f ./secrets.nix --json | jq --raw-output '.["lf/cd_paths.age"].publicKeys | join("\n")' >"$key_file"

    # `lf-make-map` is provided by the dev shell
    {
        lf-make-map --quiet --depth 4 visualize ~/media ~/repos ~/school | sed 's|\(.*\)|# \1|'
        lf-make-map --quiet --depth 4 generate ~/media ~/repos ~/school
    } | age --recipients-file "$key_file" --encrypt --armor --output ./lf/cd_paths.age

    echo "Finished updating the lf/cd_paths.age file.."
}

main() {
    update_lf_cd_paths
}

main

# vim: ft=sh