+

flake.nix

@@ -50,6 +50,11 @@
             system,
             ...
           }:
+          let
+            toolchain = pkgs.rust-bin.nightly.latest.minimal;
+            craneLib = (crane.mkLib pkgs).overrideToolchain toolchain;
+            inherit (craneLib) buildPackage;
+          in
           {
             _module.args.pkgs = import inputs.nixpkgs {
               inherit system;
@@ -70,30 +75,26 @@
             };
 
             packages = rec {
-              default =
-                let
-                  toolchain = pkgs.rust-bin.nightly.latest.minimal;
-                  craneLib = (crane.mkLib pkgs).overrideToolchain toolchain;
-                  inherit (craneLib) buildPackage;
-                in
-                (buildPackage {
+              default = (
+                buildPackage {
                   src = craneLib.cleanCargoSource ./.;
                   nativeBuildInputs = [
                     pkgs.rustPlatform.bindgenHook
                   ];
                   meta.mainProgram = "vaultix";
-                });
+                }
+              );
               vaultix = default;
             };
 
             formatter = pkgs.nixfmt-rfc-style;
 
-            devShells.default = pkgs.mkShell {
+            devShells.default = craneLib.devShell {
               inputsFrom = [
                 pkgs.vaultix
               ];
 
-              RUST_SRC_PATH = "${pkgs.rustPlatform.rustLibSrc}";
+              # RUST_SRC_PATH = "${pkgs.rustPlatform.rustLibSrc}";
               buildInputs = with pkgs; [
                 just
                 nushell

src/cmd/check.rs

@@ -1,9 +1,10 @@
 use eyre::Result;
 use spdlog::error;
 
-use crate::profile::Profile;
-
-use super::stored_sec_path::{InStore, SecMap, SecPath};
+use crate::{
+    helper::stored::{InStore, SecMap, SecPath},
+    profile::Profile,
+};
 
 impl Profile {
     pub fn check(self) -> Result<()> {

src/cmd/deploy.rs

@@ -1,26 +1,25 @@
 use std::{
     collections::HashMap,
-    fs::{self, DirEntry, File, OpenOptions, Permissions, ReadDir},
-    io::{ErrorKind, Read, Write},
-    iter,
+    fs::{self, OpenOptions, Permissions, ReadDir},
+    io::{ErrorKind, Write},
     os::unix::fs::PermissionsExt,
-    path::{Path, PathBuf},
+    path::PathBuf,
     rc::Rc,
     str::FromStr,
 };
 
 use crate::{
-    cmd::stored_sec_path::{InStore, SecMap, SecPath},
     helper::{
         self,
         secret_buf::{HostEnc, SecBuf},
+        stored::{InStore, SecMap, SecPath},
     },
     profile::{self, HostKey, Profile},
 };
 
-use age::{x25519, Recipient};
+use age::Recipient;
 use eyre::{eyre, Context, Result};
-use spdlog::{debug, error, info, trace, warn};
+use spdlog::{debug, error, info, trace};
 use sys_mount::{Mount, MountFlags, SupportedFilesystems};
 
 impl HostKey {
@@ -64,7 +63,7 @@ impl Profile {
             .map_err(|_| eyre!("parse pubkey error"))?;
         Ok(Rc::new(host_pubkey) as Rc<dyn Recipient>)
     }
-    pub fn get_extra_recip(&self) -> Result<impl Iterator<Item = Box<dyn Recipient>>> {
+    pub fn _get_extra_recip(&self) -> Result<impl Iterator<Item = Box<dyn Recipient>>> {
         let extra_recips = self
             .settings
             .extra_recipients

src/cmd/mod.rs

@@ -1,11 +1,9 @@
-use std::{array::TryFromSliceError, fs, path::PathBuf};
+use std::{fs, path::PathBuf};
 
-use eyre::{eyre, Context};
+use eyre::Context;
 use spdlog::prelude::*;
 use {argh::FromArgs, std::fmt::Debug};
 
-mod stored_sec_path;
-
 mod check;
 mod deploy;
 // mod edit;
@@ -54,11 +52,7 @@ pub struct EditSubCmd {
 #[derive(FromArgs, PartialEq, Debug)]
 /// Decrypt and deploy cipher credentials
 #[argh(subcommand, name = "deploy")]
-pub struct DeploySubCmd {
-    #[argh(option, short = 's')]
-    /// per hostkey encrypted dir
-    storage: Option<String>,
-}
+pub struct DeploySubCmd {}
 
 #[derive(FromArgs, PartialEq, Debug)]
 /// Check secret status
@@ -88,12 +82,11 @@ impl Args {
                 info!("start re-encrypt secrets");
                 profile.renc(all, flake_root)
             }
-            SubCmd::Deploy(DeploySubCmd { ref storage }) => {
+            SubCmd::Deploy(DeploySubCmd {}) => {
                 info!("deploying secrets");
-                // todo!()
                 profile.deploy()
             }
-            SubCmd::Edit(_) => todo!(),
+            SubCmd::Edit(_) => todo!("you can directly use rage."),
             SubCmd::Check(_) => {
                 info!("start checking");
                 profile.check()?;

src/cmd/renc.rs

@@ -2,10 +2,8 @@ use eyre::{eyre, ContextCompat, Result};
 use spdlog::{debug, error, info, trace};
 use std::{collections::HashMap, fs, iter, path::PathBuf};
 
-use crate::{
-    cmd::stored_sec_path::{InCfg, InStore, SecMap, SecPath, SumPath},
-    profile::{MasterIdentity, Profile},
-};
+use crate::helper::stored::{SecMap, SumPath};
+use crate::profile::{MasterIdentity, Profile};
 use crate::{interop::add_to_store, profile};
 
 use crate::helper::parse_identity::ParsedIdentity;
@@ -60,6 +58,7 @@ impl Profile {
 
         // from secrets metadata, from real config store
         let data = SecMap::<SumPath>::from(
+            // TODO: beauty
             self.secrets.clone(),
             renc_path.clone(),
             self.settings.host_pubkey.clone(),

src/helper/mod.rs

@@ -3,3 +3,4 @@ pub mod parse_identity;
 pub mod parse_permission;
 pub mod secret_buf;
 pub mod set_owner_group;
+pub mod stored;

src/cmd/stored_sec_path.rs → src/helper/stored.rs

@@ -3,16 +3,13 @@ use std::{
     fmt,
     fs::{self, File},
     io::Read,
-    iter,
     path::{Path, PathBuf},
     rc::Rc,
-    str::FromStr,
 };
 
 use age::{Identity, Recipient};
 use eyre::Context;
-use nom::AsBytes;
-use spdlog::{debug, info, trace};
+use spdlog::trace;
 
 use crate::{
     helper::secret_buf::{AgeEnc, SecBuf},