108 lines
2.5 KiB
Bash
108 lines
2.5 KiB
Bash
#!/usr/bin/env zsh
|
|
|
|
export O4_FLAKES="$HOME/flakes"
|
|
|
|
if command -v direnv &> /dev/null; then
|
|
eval "$(direnv hook zsh)"
|
|
fi
|
|
|
|
o4-nixos-switch() {
|
|
if [[ "$(uname)" == "Darwin" ]]; then
|
|
darwin-rebuild switch --flake ~/flakes#$(hostname)
|
|
else
|
|
nixos-rebuild switch --use-remote-sudo --flake ~/flakes#$(hostname)
|
|
fi
|
|
}
|
|
|
|
o4-home-switch() {
|
|
home-manager switch --flake ~/flakes#$(whoami)@$(hostname)
|
|
}
|
|
|
|
o4-sops-update-file() {
|
|
local src_file="$1"
|
|
local yaml_file="$2"
|
|
local age_key_file="$HOME/.config/sops/age/keys.txt"
|
|
|
|
if [[ -z "$src_file" || -z "$yaml_file" ]]; then
|
|
echo "用法: sops-update-file <原文件> <yaml文件>" >&2
|
|
return 1
|
|
fi
|
|
|
|
if [[ ! -f "$src_file" ]]; then
|
|
echo "找不到原文件: $src_file" >&2
|
|
return 1
|
|
fi
|
|
|
|
if [[ ! -f "$age_key_file" ]]; then
|
|
echo "找不到 age 私钥: $age_key_file" >&2
|
|
return 1
|
|
fi
|
|
|
|
local key_name="${yaml_file:t:r}"
|
|
local age_pub
|
|
age_pub="$(nix-shell -p age --run "age-keygen -y $age_key_file")" || return 1
|
|
|
|
local tmp
|
|
tmp="$(mktemp /tmp/sops-update.XXXXXX.yaml)" || return 1
|
|
{
|
|
echo "${key_name}: |"
|
|
sed 's/^/ /' "$src_file"
|
|
} > "$tmp"
|
|
|
|
nix-shell -p sops --run "sops --encrypt --input-type yaml --output-type yaml --age $age_pub --config /dev/null $tmp" > "$yaml_file"
|
|
local rc=$?
|
|
rm -f "$tmp"
|
|
return $rc
|
|
}
|
|
|
|
o4-sops-update-ssh-config () {( set -e
|
|
local SSH_CONFIG=$HOME/.ssh/config
|
|
local FLAKES=$O4_FLAKES
|
|
|
|
$EDITOR $SSH_CONFIG
|
|
o4-sops-update-file $SSH_CONFIG $FLAKES/secrets/ssh-config.yaml
|
|
pushd $FLAKES
|
|
if [[ -z "$(git status --porcelain)" ]]; then
|
|
git add .
|
|
git commit -m "[sops] update ssh config"
|
|
fi
|
|
popd
|
|
)}
|
|
|
|
O4_SOPS_MACHINE_KEY_DIR="/var/lib/sops-nix"
|
|
O4_SOPS_MACHINE_KEY_FILE="$O4_SOPS_MACHINE_KEY_DIR/key.txt"
|
|
|
|
o4-sops-machine-key-init () {
|
|
# use sudo echo "require sudo" to get sudo
|
|
sudo echo "require sudo" > /dev/null
|
|
|
|
# check folder and file
|
|
local key_dir="$O4_SOPS_MACHINE_KEY_DIR"
|
|
local key_file="$O4_SOPS_MACHINE_KEY_FILE"
|
|
sudo mkdir -p $key_dir
|
|
if [[ -f "$key_file" ]]; then
|
|
echo "key exists: $key_file" >&2
|
|
return 1
|
|
fi
|
|
|
|
# keygen
|
|
sudo install -d -m 0700 -o root -g root $key_dir
|
|
sudo age-keygen -o $key_file
|
|
sudo chmod 0400 $key_file
|
|
sudo age-keygen -y $key_file
|
|
|
|
# print pub key
|
|
sudo grep "^# public key: " $key_file | cut -d ' ' -f 4
|
|
}
|
|
|
|
o4-sops-machine-key-print-pubkey () {
|
|
local key_file="$O4_SOPS_MACHINE_KEY_FILE"
|
|
if [[ ! -f "$key_file" ]]; then
|
|
echo "key file not found: $key_file" >&2
|
|
return 1
|
|
fi
|
|
|
|
sudo grep "^# public key: " $key_file | cut -d ' ' -f 4
|
|
}
|
|
|