-
Notifications
You must be signed in to change notification settings - Fork 0
/
justfile
117 lines (96 loc) · 3.49 KB
/
justfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
set shell := ["nu", "-c"]
alias c := check
alias b := build
alias d := deploy
alias de := decrypt
alias en := encrypt-new
alias chk:= check
alias ee := edit-sec
alias r := renc
alias s := search-history
yubikey-ident := './sec/age-yubikey-identity-7d5d5540.txt.pub'
host := `hostname`
me := `whoami`
loc := `pwd`
home := `$env.HOME`
default:
@just --choose
build-livecd:
nom build .#nixosConfigurations.livecd.config.system.build.isoImage --impure
build-cache:
nix shell -f '<nixpkgs>' nix-build-uncached -c nix-build-uncached ci.nix -A cacheOutputs
build-bootstrap:
nom build .#nixosConfigurations.bootstrap.config.system.build.diskoImages
test-bootstrap:
nix run github:nix-community/nixos-anywhere -- --flake .#bootstrap --vm-test
build-all-host:
#!/usr/bin/env nu
open hosts/sum.toml | $in.host.name
| par-each { || nix build $'.#nixosConfigurations.($in).config.system.build.toplevel' -L; }
renc:
nix run $'.#vaultix.app.(uname | $'($in.machine)-($in.kernel-name | str downcase)').renc'
build:
#!/usr/bin/env nu
use {{loc}}/util.nu
open hosts/sum.toml | $in.host.name
| reduce {|it, acc| $it + (char newline) + $acc }
| fzf
| util b $in
deploy *args:
#!/usr/bin/env nu
use {{loc}}/util.nu
util d {{ args }}
encrypt-new *args:
#!/usr/bin/env nu
const age_pub = "/run/vaultix/age"
let output_dir = ['./sec/' '{{ home }}/Sec/'] |
reduce {|it, acc| $it + (char newline) + $acc } | fzf
echo "input file name: "
let name = (input)
let tmp_path = (mktemp -t)
hx $tmp_path
rage -e $tmp_path -i $age_pub -i {{ yubikey-ident }} -o $'($output_dir)($name).age'
srm -C $tmp_path
encrypt-exist *args:
#!/usr/bin/env nu
let age_pub = "/run/vaultix/age"
let origin_file_to_enc = ['./sec' '{{ home }}/Sec']
| each {|| ls $in } | flatten | $in.name |
reduce {|it, acc| $it + (char newline) + $acc } |
fzf
rage -e $origin_file_to_enc -i $age_pub -i {{ yubikey-ident }} -o $'($origin_file_to_enc).age'
srm -C $origin_file_to_enc
edit-sec *args:
#!/usr/bin/env nu
let age_pub = "/run/vaultix/age"
let encrypted_file_tob_edit = ['./sec' '{{ home }}/Sec']
| each {|| ls $in } | flatten | $in.name |
reduce {|it, acc| $it + (char newline) + $acc } |
fzf
if (not ($encrypted_file_tob_edit | path exists)) { print -e "Not found"; exit }
nix run $'.#vaultix.app.(uname | $'($in.machine)-($in.kernel-name | str downcase)').edit' -- $encrypted_file_tob_edit
decrypt *args:
#!/usr/bin/env nu
use {{loc}}/util.nu
['./sec' '{{ home }}/Sec'] |
each {|| ls $in } | flatten | $in.name |
reduce {|it, acc| $it + (char newline) + $acc } | fzf | str trim | util de $in
check:
#!/usr/bin/env nu
use {{loc}}/util.nu
util chk
update:
nix flake update --commit-lock-file
overwrite-s3:
mc mirror --overwrite --remove {{ home }}/Sec/ r2/sec/Sec
mc mirror --overwrite --remove {{ loc }}/sec/ r2/sec/credentials
overwrite-local:
mc mirror --overwrite --remove r2/sec/Sec {{ home }}/Sec/
cleanthebucket:
#!/usr/bin/env nu
if ((input) == "yes") { srm -frC {{ home }}/Sec/* }
sudo btrfs sub del /persist/.snapshots/*
resign-all:
git filter-branch --commit-filter 'git commit-tree -S "$@";' -- --all
search-history *args:
git log -S {{ args }}