+

milieuim · Sep 14, 2024 · 1b8344c · 1b8344c
1 parent a72aa2a
commit 1b8344c
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 90 deletions.
diff --git a/flake.lock b/flake.lock
diff --git a/src/cmd/mod.rs b/src/cmd/mod.rs
@@ -26,6 +26,7 @@ enum SubCmd {
     Renc(RencSubCmd),
     Edit(EditSubCmd),
     Check(CheckSubCmd),
+    Deploy(DeploySubCmd),
 }
 
 #[derive(FromArgs, PartialEq, Debug)]
@@ -46,6 +47,15 @@ pub struct EditSubCmd {
     file: String,
 }
 
+#[derive(FromArgs, PartialEq, Debug)]
+/// Decrypt and deploy cipher credentials
+#[argh(subcommand, name = "deploy")]
+pub struct DeploySubCmd {
+    #[argh(positional, short = 's')]
+    /// per hostkey encrypted dir
+    storage: String,
+}
+
 #[derive(FromArgs, PartialEq, Debug)]
 /// Check secret status
 #[argh(subcommand, name = "check")]
@@ -75,6 +85,7 @@ impl Args {
                 info!("start re-encrypt secrets");
                 profile.renc(all, flake_root)
             }
+            SubCmd::Deploy(_) => todo!(),
             SubCmd::Edit(_) => todo!(),
             SubCmd::Check(_) => todo!(),
         }

diff --git a/src/cmd/renc.rs b/src/cmd/renc.rs
@@ -1,6 +1,6 @@
 use age::{encrypted, x25519};
 use eyre::{eyre, ContextCompat, Result};
-use spdlog::{debug, info, trace};
+use spdlog::{debug, error, info, trace};
 use std::{
     collections::{HashMap, HashSet},
     ffi::OsStr,
@@ -12,8 +12,8 @@ use std::{
     str::FromStr,
 };
 
-use crate::profile;
 use crate::profile::{MasterIdentity, Profile, Settings};
+use crate::{interop::add_to_store, profile};
 use sha2::{digest::Key, Digest, Sha256};
 
 const SECRET_DIR: &str = "secrets";
@@ -36,6 +36,7 @@ impl RencSecretPath {
         debug!("public key hash: {}", pubkey_hash);
 
         let profile::Secret { file, name, .. } = secret;
+        // TODO: here the storage_dir_path jiziwa no use
         let secret_file_path = {
             hasher.update(file);
             let secret_file_string_hash = format!("{:x}", hasher.clone().finalize());
@@ -50,6 +51,7 @@ impl RencSecretPath {
             debug!("identity hash: {}", ident_hash);
 
             let mut storage_dir_path = PathBuf::from(storage_dir_suffix);
+            info!("storage dir path prefix: {:?}", storage_dir_path);
             storage_dir_path.push(format!("{}-{}.age", ident_hash, name));
             storage_dir_path
         };
@@ -252,6 +254,11 @@ impl Profile {
                     let _ = fd.write_all(&i.1[..]);
                 }
             }
+            let o = add_to_store(renc_path)?;
+            if !o.status.success() {
+                error!("Command executed with failing error code");
+            }
+            info!("path added to store: {}", String::from_utf8(o.stdout)?);
         };
 
         Ok(())

diff --git a/src/interop/mod.rs b/src/interop/mod.rs
@@ -1 +1,15 @@
+use std::{
+    path::Path,
+    process::{Command, Output},
+};
 
+use eyre::{eyre, Context, Result};
+
+pub fn add_to_store<P: AsRef<Path>>(p: P) -> Result<Output> {
+    Command::new("nix")
+        .arg("store")
+        .arg("add-path")
+        .arg(p.as_ref())
+        .output()
+        .map_err(|i| eyre!("nix cmd run failed {}", i))
+}