sane-scripts: port sane-secrets-* to nix-shell
This commit is contained in:
parent
af4cfc29b1
commit
c8d5411462
|
@ -35,7 +35,6 @@ let
|
||||||
inetutils
|
inetutils
|
||||||
iwd
|
iwd
|
||||||
jq
|
jq
|
||||||
oath-toolkit
|
|
||||||
openssh
|
openssh
|
||||||
openssl
|
openssl
|
||||||
nix-shell-scripts.ip-check
|
nix-shell-scripts.ip-check
|
||||||
|
@ -77,7 +76,6 @@ let
|
||||||
"cannot:${gocryptfs}/bin/gocryptfs"
|
"cannot:${gocryptfs}/bin/gocryptfs"
|
||||||
"cannot:${ifuse}/bin/ifuse"
|
"cannot:${ifuse}/bin/ifuse"
|
||||||
"cannot:${iwd}/bin/iwctl"
|
"cannot:${iwd}/bin/iwctl"
|
||||||
"cannot:${oath-toolkit}/bin/oathtool"
|
|
||||||
"cannot:${openssh}/bin/ssh-keygen"
|
"cannot:${openssh}/bin/ssh-keygen"
|
||||||
"cannot:${rmlint}/bin/rmlint"
|
"cannot:${rmlint}/bin/rmlint"
|
||||||
"cannot:${rsync}/bin/rsync"
|
"cannot:${rsync}/bin/rsync"
|
||||||
|
@ -238,6 +236,21 @@ let
|
||||||
pname = "sane-reclaim-boot-space";
|
pname = "sane-reclaim-boot-space";
|
||||||
src = ./src;
|
src = ./src;
|
||||||
};
|
};
|
||||||
|
secrets-dump = static-nix-shell.mkBash {
|
||||||
|
pname = "sane-secrets-dump";
|
||||||
|
src = ./src;
|
||||||
|
pkgs = [ "gnugrep" "sops" "oath-toolkit" ];
|
||||||
|
};
|
||||||
|
secrets-unlock = static-nix-shell.mkBash {
|
||||||
|
pname = "sane-secrets-unlock";
|
||||||
|
src = ./src;
|
||||||
|
pkgs = [ "coreutils-full" "openssh" "ssh-to-age" ];
|
||||||
|
};
|
||||||
|
secrets-update-keys = static-nix-shell.mkBash {
|
||||||
|
pname = "sane-secrets-update-keys";
|
||||||
|
src = ./src;
|
||||||
|
pkgs = [ "coreutils-full" "findutils" "sops" ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
symlinkJoin {
|
symlinkJoin {
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env nix-shell
|
||||||
|
#!nix-shell -i bash -p gnugrep -p oath-toolkit -p sops
|
||||||
# use: `sane-dump-secret /path/to/accounts/website.yaml`
|
# use: `sane-dump-secret /path/to/accounts/website.yaml`
|
||||||
# dumps relevant information about the account, include a OTP code if present
|
# dumps relevant information about the account, include a OTP code if present
|
||||||
secrets=$(sops -d --output-type dotenv $1)
|
secrets=$(sops -d --output-type dotenv $1)
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env nix-shell
|
||||||
|
#!nix-shell -i bash -p coreutils-full -p openssh -p ssh-to-age
|
||||||
# unlocks the SOPS store (i.e. populate a SOPS key from the user's SSH key)
|
# unlocks the SOPS store (i.e. populate a SOPS key from the user's SSH key)
|
||||||
set -ex
|
set -ex
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env nix-shell
|
||||||
|
#!nix-shell -i bash -p coreutils-full -p findutils -p sops
|
||||||
# after modifying .sops.yaml, run this to re-encode all secrets to the new keys
|
# after modifying .sops.yaml, run this to re-encode all secrets to the new keys
|
||||||
# pass the base directory (under which *everything* is a secret) as argument
|
# pass the base directory (under which *everything* is a secret) as argument
|
||||||
for i in $(find "$1" -print)
|
for i in $(find "$1" -print)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user