Skip to content

Commit

Permalink
+
Browse files Browse the repository at this point in the history
=
  • Loading branch information
oluceps committed Sep 14, 2024
1 parent 96136b9 commit d1ed568
Show file tree
Hide file tree
Showing 6 changed files with 73 additions and 24 deletions.
22 changes: 21 additions & 1 deletion module/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,26 @@ let
'';
};

hostKeys = mkOption {
type = types.listOf (
types.submodule ({
options = {
path = mkOption {
type = types.path;
};
type = mkOption {
type = types.str;
};
};
})
);
default = config.services.openssh.hostKeys;
readOnly = true;
description = ''
`config.services.openssh.hostKeys`
'';
};

hostIdentifier = mkOption {
type = types.str;
default = config.networking.hostName;
Expand Down Expand Up @@ -307,7 +327,7 @@ in

config =
let
secretsMetadata = (pkgs.formats.toml { }).generate "secretsMetadata" cfg;
secretsMetadata = (pkgs.formats.toml { }).generate "secretsMetadata" (cfg);
in
mkIf sysusers {
test = secretsMetadata;
Expand Down
33 changes: 27 additions & 6 deletions src/cmd/deploy.rs
Original file line number Diff line number Diff line change
@@ -1,16 +1,37 @@
use std::path::{Path, PathBuf};
use std::{
collections::HashMap,
fs,
path::{Path, PathBuf},
};

use crate::profile::Profile;

use eyre::Result;
use spdlog::debug;

impl Profile {
pub fn deploy<P>(self, _flake_root: P, storage: P) -> Result<()>
where
P: AsRef<Path> + Into<PathBuf>,
{
let storage = storage.as_ref().to_path_buf();
pub fn deploy(self) -> Result<()> {
let storage_name_ctt_map: HashMap<String, Vec<u8>> = {
let mut map = HashMap::new();
// dir with host pub key encrypted material, prefix hash
let storage = PathBuf::from(&self.settings.storage_dir_store);
fs::read_dir(storage)?.for_each(|entry| {
let entry = entry.expect("enter store, must success");
let path = entry.path();
let name = entry.file_name().to_string_lossy().to_string();
debug!("record secret name from store: {}", name);
let content = fs::read(path).expect("reading store, must success");
map.insert(name, content);
});
map
};

// for entry in storage_ctt {
// let entry = entry?;
// let path = entry.path();

// debug!("found renced secret in store: {:?}", path);
// }

let secs_map = self.get_renced_paths().into_map();

Expand Down
6 changes: 3 additions & 3 deletions src/cmd/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -54,9 +54,9 @@ pub struct EditSubCmd {
/// Decrypt and deploy cipher credentials
#[argh(subcommand, name = "deploy")]
pub struct DeploySubCmd {
#[argh(positional, short = 's')]
#[argh(option, short = 's')]
/// per hostkey encrypted dir
storage: String,
storage: Option<String>,
}

#[derive(FromArgs, PartialEq, Debug)]
Expand Down Expand Up @@ -90,7 +90,7 @@ impl Args {
}
SubCmd::Deploy(DeploySubCmd { ref storage }) => {
info!("deploying secrets");
profile.deploy(flake_root, storage.into())
profile.deploy()
}
SubCmd::Edit(_) => todo!(),
SubCmd::Check(_) => todo!(),
Expand Down
6 changes: 6 additions & 0 deletions src/profile.rs
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ pub struct Settings {
pub host_identifier: String,
pub extraEncryption_pubkeys: Vec<String>,
pub host_pubkey: String,
pub host_keys: Vec<HostKey>,
pub storage_dir_relative: String,
pub storage_dir_store: String,
pub master_identities: Vec<MasterIdentity>,
Expand All @@ -39,3 +40,8 @@ pub struct MasterIdentity {
pub identity: String,
pub pubkey: String,
}
#[derive(Debug, Deserialize)]
pub struct HostKey {
pub path: String,
pub r#type: String,
}
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 IQ9o3A 1j6zR72FgIFGUEGEOvHeO+pTsZ7Iox3H6snqgJq+x1E
FchkY8twOKMxZMJ3DAesvoHH9DcXhJqbxVtv3wX6dHY
-> 0rK2B-grease vMnU!G>
5Cue4hEPUb9tZKSFgMFHfugjb/iSmh3rqKZq
--- 0O5Mym4j8aleEzngjFxVOV/+BK+mvlsZubUkRw2GAIU
��x,�J��b�Tmą��m�*�Pj�7�P�_�,N��7�{X�
-> ssh-ed25519 IQ9o3A d+olDO38ZReZ943zY8WbsYsgFztbLm4oQ+XDb07Hl0Y
IzwhDsLc2wxdSdjgsegVRpJmvPlmL/KFIUTPhjOEVkw
-> T-grease YndAs
5/INJef7aI3K8hLjQteyY5SSaI1nlSyECTu8bKeL1OnffkaT0sSOcPUowBD0XkJH
5Ajo67oVXFtd3IryRs+etcDLejt4uLpxw/vKyL/H/r6Ireh17gT751UObJwfqPAK
mRM
--- Kk3MRA82ysH1f6GGxsNiRJeVbVdncd9ioW113PS7eCo
?��R����L%|�J��k�D�3|`L0�H������V��”
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 IQ9o3A rlStBJD4I4IO5kBvoBm41jsniJ4RlYAKmhfUpuB7vyU
0ocdk0cqpzBNtgyvHyudv2kRduF/zexzpelhcf1q0i4
-> aloHYP-grease r|
N3zY2GFx0MkyyXXN9cb23CnOfOJ7SdllpqUFUa9r+Mr3KGZEjob4NvOjvdjmCWpx
+rGG3N4kR9P4i82+qfpZXeul4KtV3SWeDrFkNn5gBSP9rFLcfFu5N6UavKzu
--- 9XL5sJQW7P9nuKz+lxzYDyixFbVAEk6VavGnv+XR7Hg
P-$�J��)��3G ]-.VY��
�L�A /7+��^;���$=�ֵ
-> ssh-ed25519 IQ9o3A /fK+a1YKItRkkd4WKil476eX5A5CYhf7zwez/2owFQk
WiyBeL3Tovn7z0jy77CW9e53NyKg1niJ8WiZqBG1Rr8
-> --grease
N1X8Psrs1N+6BEJ3LsfarXQqApEepD0IS5N8c3mjY0hx0Jd6wPrgCw95o5UKW9vn
MobkL9cfpAOt2jtQlzCYfFtJdlQKk4idSlwMkO2BZL30IAx+VtICpfg/JNqGu9Vv
BO4
--- iYgSYgc6/WPLO5dOON56wvGX45L8H/DIqiUON1EMUXk
���$� ?r1.����K��زIU'�ä��E���4�9��T���Y�

0 comments on commit d1ed568

Please sign in to comment.