#!/usr/bin/env zsh export O4_FLAKES="$HOME/flakes" if command -v direnv &> /dev/null; then eval "$(direnv hook zsh)" fi o4-nixos-switch() { if [[ "$(uname)" == "Darwin" ]]; then darwin-rebuild switch --flake ~/flakes#$(hostname) else nixos-rebuild switch --use-remote-sudo --flake ~/flakes#$(hostname) fi } o4-home-switch() { home-manager switch --flake ~/flakes#$(whoami)@$(hostname) } o4-sops-update-file() { local src_file="$1" local yaml_file="$2" local age_key_file="$HOME/.config/sops/age/keys.txt" if [[ -z "$src_file" || -z "$yaml_file" ]]; then echo "用法: sops-update-file <原文件> " >&2 return 1 fi if [[ ! -f "$src_file" ]]; then echo "找不到原文件: $src_file" >&2 return 1 fi if [[ ! -f "$age_key_file" ]]; then echo "找不到 age 私钥: $age_key_file" >&2 return 1 fi local key_name="${yaml_file:t:r}" local age_pub age_pub="$(nix-shell -p age --run "age-keygen -y $age_key_file")" || return 1 local tmp tmp="$(mktemp /tmp/sops-update.XXXXXX.yaml)" || return 1 { echo "${key_name}: |" sed 's/^/ /' "$src_file" } > "$tmp" nix-shell -p sops --run "sops --encrypt --input-type yaml --output-type yaml --age $age_pub --config /dev/null $tmp" > "$yaml_file" local rc=$? rm -f "$tmp" return $rc } o4-sops-update-ssh-config () {( set -e local SSH_CONFIG=$HOME/.ssh/config local FLAKES=$O4_FLAKES $EDITOR $SSH_CONFIG o4-sops-update-file $SSH_CONFIG $FLAKES/secrets/ssh-config.yaml pushd $FLAKES if [[ -z "$(git status --porcelain)" ]]; then git add . git commit -m "[sops] update ssh config" fi popd )} O4_SOPS_MACHINE_KEY_DIR="/var/lib/sops-nix" O4_SOPS_MACHINE_KEY_FILE="$O4_SOPS_MACHINE_KEY_DIR/key.txt" o4-sops-machine-key-init () { # use sudo echo "require sudo" to get sudo sudo echo "require sudo" > /dev/null # check folder and file local key_dir="$O4_SOPS_MACHINE_KEY_DIR" local key_file="$O4_SOPS_MACHINE_KEY_FILE" sudo mkdir -p $key_dir if [[ -f "$key_file" ]]; then echo "key exists: $key_file" >&2 return 1 fi # keygen sudo install -d -m 0700 -o root -g root $key_dir sudo age-keygen -o $key_file sudo chmod 0400 $key_file sudo age-keygen -y $key_file # print pub key sudo grep "^# public key: " $key_file | cut -d ' ' -f 4 } o4-sops-machine-key-print-pubkey () { local key_file="$O4_SOPS_MACHINE_KEY_FILE" if [[ ! -f "$key_file" ]]; then echo "key file not found: $key_file" >&2 return 1 fi sudo grep "^# public key: " $key_file | cut -d ' ' -f 4 }