接入 sops 管理 SSH 配置与私钥

home/modules/zsh/.zsh.d/nix.zsh

@@ -0,0 +1,38 @@
+#!/usr/bin/env zsh
+
+sops-update-file() {
+  local src_file="$1"
+  local yaml_file="$2"
+  local age_key_file="$HOME/.config/sops/age/keys.txt"
+
+  if [[ -z "$src_file" || -z "$yaml_file" ]]; then
+    echo "用法: sops-update-file <原文件> <yaml文件>" >&2
+    return 1
+  fi
+
+  if [[ ! -f "$src_file" ]]; then
+    echo "找不到原文件: $src_file" >&2
+    return 1
+  fi
+
+  if [[ ! -f "$age_key_file" ]]; then
+    echo "找不到 age 私钥: $age_key_file" >&2
+    return 1
+  fi
+
+  local key_name="${yaml_file:t:r}"
+  local age_pub
+  age_pub="$(nix-shell -p age --run "age-keygen -y $age_key_file")" || return 1
+
+  local tmp
+  tmp="$(mktemp /tmp/sops-update.XXXXXX.yaml)" || return 1
+  {
+    echo "${key_name}: |"
+    sed 's/^/  /' "$src_file"
+  } > "$tmp"
+
+  nix-shell -p sops --run "sops --encrypt --input-type yaml --output-type yaml --age $age_pub --config /dev/null $tmp" > "$yaml_file"
+  local rc=$?
+  rm -f "$tmp"
+  return $rc
+}

home/modules/zsh/.zshrc

@@ -12,6 +12,7 @@ source "$ZSHD/pdf.zsh"
 source "$ZSHD/completion.zsh"
 source "$ZSHD/modern-utils.zsh"
 source "$ZSHD/develop.zsh"
+source "$ZSHD/nix.zsh"
 
 # allow using # at begin
 setopt interactivecomments