diff --git a/src/cmd/mod.rs b/src/cmd/mod.rs index 82b3a56..5183b71 100644 --- a/src/cmd/mod.rs +++ b/src/cmd/mod.rs @@ -1,4 +1,4 @@ -use std::fs; +use std::{fs, path::PathBuf}; use spdlog::prelude::*; use {argh::FromArgs, std::fmt::Debug}; @@ -15,6 +15,9 @@ pub struct Args { #[argh(positional)] /// toml secret profile profile: String, + #[argh(option, short = 'f')] + /// toplevel of flake repository + flake_root: Option, } #[derive(FromArgs, PartialEq, Debug)] @@ -58,12 +61,19 @@ impl Args { toml::from_str(file.as_str())? }; + // Maybe clean first? + let flake_root = if let Some(f) = &self.flake_root { + PathBuf::from(f) + } else { + std::env::current_dir()? + }; + trace!("{:#?}", profile); match self.app { SubCmd::Renc(RencSubCmd { all }) => { info!("start re-encrypt secrets"); - profile.renc(all) + profile.renc(all, flake_root) } SubCmd::Edit(_) => todo!(), SubCmd::Check(_) => todo!(), diff --git a/src/cmd/renc.rs b/src/cmd/renc.rs index a4f7cac..1455e00 100644 --- a/src/cmd/renc.rs +++ b/src/cmd/renc.rs @@ -16,7 +16,7 @@ use crate::profile; use crate::profile::{MasterIdentity, Profile, Settings}; use sha2::{digest::Key, Digest, Sha256}; -const SEC_DIR: &str = "./secrets/"; +const SECRET_DIR: &str = "secrets"; struct RencSecretPath(PathBuf); @@ -163,7 +163,7 @@ impl Profile { Then encrypt with host public key separately, output to `./secrets/renced/$host` and add to nix store. */ - pub fn renc(self, _all: bool) -> Result<()> { + pub fn renc(self, _all: bool, flake_root: PathBuf) -> Result<()> { use age::ssh; let cipher_contents = self.get_cipher_contents(); let renced_secret_paths: Vec = self @@ -232,7 +232,8 @@ impl Profile { }; let renc_path = { - let mut p = PathBuf::from_str(SEC_DIR)?; + let mut p = flake_root; + p.push(SECRET_DIR); p.push("renced"); p.push(self.settings.host_identifier.clone()); p