diff --git a/module/default.nix b/module/default.nix
index a957c82..e9b59c4 100644
--- a/module/default.nix
+++ b/module/default.nix
@@ -55,6 +55,26 @@ let
'';
};
+ hostKeys = mkOption {
+ type = types.listOf (
+ types.submodule ({
+ options = {
+ path = mkOption {
+ type = types.path;
+ };
+ type = mkOption {
+ type = types.str;
+ };
+ };
+ })
+ );
+ default = config.services.openssh.hostKeys;
+ readOnly = true;
+ description = ''
+ `config.services.openssh.hostKeys`
+ '';
+ };
+
hostIdentifier = mkOption {
type = types.str;
default = config.networking.hostName;
@@ -307,7 +327,7 @@ in
config =
let
- secretsMetadata = (pkgs.formats.toml { }).generate "secretsMetadata" cfg;
+ secretsMetadata = (pkgs.formats.toml { }).generate "secretsMetadata" (cfg);
in
mkIf sysusers {
test = secretsMetadata;
diff --git a/src/cmd/deploy.rs b/src/cmd/deploy.rs
index 5127711..26014aa 100644
--- a/src/cmd/deploy.rs
+++ b/src/cmd/deploy.rs
@@ -1,4 +1,8 @@
-use std::path::{Path, PathBuf};
+use std::{
+ collections::HashMap,
+ fs,
+ path::{Path, PathBuf},
+};
use crate::profile::Profile;
@@ -6,11 +10,28 @@ use eyre::Result;
use spdlog::debug;
impl Profile {
- pub fn deploy
(self, _flake_root: P, storage: P) -> Result<()>
- where
- P: AsRef + Into,
- {
- let storage = storage.as_ref().to_path_buf();
+ pub fn deploy(self) -> Result<()> {
+ let storage_name_ctt_map: HashMap> = {
+ let mut map = HashMap::new();
+ // dir with host pub key encrypted material, prefix hash
+ let storage = PathBuf::from(&self.settings.storage_dir_store);
+ fs::read_dir(storage)?.for_each(|entry| {
+ let entry = entry.expect("enter store, must success");
+ let path = entry.path();
+ let name = entry.file_name().to_string_lossy().to_string();
+ debug!("record secret name from store: {}", name);
+ let content = fs::read(path).expect("reading store, must success");
+ map.insert(name, content);
+ });
+ map
+ };
+
+ // for entry in storage_ctt {
+ // let entry = entry?;
+ // let path = entry.path();
+
+ // debug!("found renced secret in store: {:?}", path);
+ // }
let secs_map = self.get_renced_paths().into_map();
diff --git a/src/cmd/mod.rs b/src/cmd/mod.rs
index 334bdae..2cfed95 100644
--- a/src/cmd/mod.rs
+++ b/src/cmd/mod.rs
@@ -54,9 +54,9 @@ pub struct EditSubCmd {
/// Decrypt and deploy cipher credentials
#[argh(subcommand, name = "deploy")]
pub struct DeploySubCmd {
- #[argh(positional, short = 's')]
+ #[argh(option, short = 's')]
/// per hostkey encrypted dir
- storage: String,
+ storage: Option,
}
#[derive(FromArgs, PartialEq, Debug)]
@@ -90,7 +90,7 @@ impl Args {
}
SubCmd::Deploy(DeploySubCmd { ref storage }) => {
info!("deploying secrets");
- profile.deploy(flake_root, storage.into())
+ profile.deploy()
}
SubCmd::Edit(_) => todo!(),
SubCmd::Check(_) => todo!(),
diff --git a/src/profile.rs b/src/profile.rs
index 3286f64..11512ea 100644
--- a/src/profile.rs
+++ b/src/profile.rs
@@ -29,6 +29,7 @@ pub struct Settings {
pub host_identifier: String,
pub extraEncryption_pubkeys: Vec,
pub host_pubkey: String,
+ pub host_keys: Vec,
pub storage_dir_relative: String,
pub storage_dir_store: String,
pub master_identities: Vec,
@@ -39,3 +40,8 @@ pub struct MasterIdentity {
pub identity: String,
pub pubkey: String,
}
+#[derive(Debug, Deserialize)]
+pub struct HostKey {
+ pub path: String,
+ pub r#type: String,
+}
diff --git a/test/secrets/renced/tester/1b91d07a2a9f7305f210128dd6f98f7a-factorio-admin.age b/test/secrets/renced/tester/1b91d07a2a9f7305f210128dd6f98f7a-factorio-admin.age
index df0a79a..afe5bab 100644
--- a/test/secrets/renced/tester/1b91d07a2a9f7305f210128dd6f98f7a-factorio-admin.age
+++ b/test/secrets/renced/tester/1b91d07a2a9f7305f210128dd6f98f7a-factorio-admin.age
@@ -1,7 +1,9 @@
age-encryption.org/v1
--> ssh-ed25519 IQ9o3A 1j6zR72FgIFGUEGEOvHeO+pTsZ7Iox3H6snqgJq+x1E
-FchkY8twOKMxZMJ3DAesvoHH9DcXhJqbxVtv3wX6dHY
--> 0rK2B-grease vMnU!G>
-5Cue4hEPUb9tZKSFgMFHfugjb/iSmh3rqKZq
---- 0O5Mym4j8aleEzngjFxVOV/+BK+mvlsZubUkRw2GAIU
-x,JbTmąm*Pj7P_,N7{X
\ No newline at end of file
+-> ssh-ed25519 IQ9o3A d+olDO38ZReZ943zY8WbsYsgFztbLm4oQ+XDb07Hl0Y
+IzwhDsLc2wxdSdjgsegVRpJmvPlmL/KFIUTPhjOEVkw
+-> T-grease YndAs
+5/INJef7aI3K8hLjQteyY5SSaI1nlSyECTu8bKeL1OnffkaT0sSOcPUowBD0XkJH
+5Ajo67oVXFtd3IryRs+etcDLejt4uLpxw/vKyL/H/r6Ireh17gT751UObJwfqPAK
+mRM
+--- Kk3MRA82ysH1f6GGxsNiRJeVbVdncd9ioW113PS7eCo
+?RL%|JkD3|`L0HV
\ No newline at end of file
diff --git a/test/secrets/renced/tester/745a75ccb0974360dd2d93e3de475a84-factorio-server.age b/test/secrets/renced/tester/745a75ccb0974360dd2d93e3de475a84-factorio-server.age
index 666f64b..3bfeeb2 100644
--- a/test/secrets/renced/tester/745a75ccb0974360dd2d93e3de475a84-factorio-server.age
+++ b/test/secrets/renced/tester/745a75ccb0974360dd2d93e3de475a84-factorio-server.age
@@ -1,9 +1,9 @@
age-encryption.org/v1
--> ssh-ed25519 IQ9o3A rlStBJD4I4IO5kBvoBm41jsniJ4RlYAKmhfUpuB7vyU
-0ocdk0cqpzBNtgyvHyudv2kRduF/zexzpelhcf1q0i4
--> aloHYP-grease r|
-N3zY2GFx0MkyyXXN9cb23CnOfOJ7SdllpqUFUa9r+Mr3KGZEjob4NvOjvdjmCWpx
-+rGG3N4kR9P4i82+qfpZXeul4KtV3SWeDrFkNn5gBSP9rFLcfFu5N6UavKzu
---- 9XL5sJQW7P9nuKz+lxzYDyixFbVAEk6VavGnv+XR7Hg
-P-$J)3G ]-.VY
-LA /7+^;$=ֵ
\ No newline at end of file
+-> ssh-ed25519 IQ9o3A /fK+a1YKItRkkd4WKil476eX5A5CYhf7zwez/2owFQk
+WiyBeL3Tovn7z0jy77CW9e53NyKg1niJ8WiZqBG1Rr8
+-> --grease
+N1X8Psrs1N+6BEJ3LsfarXQqApEepD0IS5N8c3mjY0hx0Jd6wPrgCw95o5UKW9vn
+MobkL9cfpAOt2jtQlzCYfFtJdlQKk4idSlwMkO2BZL30IAx+VtICpfg/JNqGu9Vv
+BO4
+--- iYgSYgc6/WPLO5dOON56wvGX45L8H/DIqiUON1EMUXk
+$?r1.KزIU'äE49TY
\ No newline at end of file