diff --git a/module/default.nix b/module/default.nix index a957c82..e9b59c4 100644 --- a/module/default.nix +++ b/module/default.nix @@ -55,6 +55,26 @@ let ''; }; + hostKeys = mkOption { + type = types.listOf ( + types.submodule ({ + options = { + path = mkOption { + type = types.path; + }; + type = mkOption { + type = types.str; + }; + }; + }) + ); + default = config.services.openssh.hostKeys; + readOnly = true; + description = '' + `config.services.openssh.hostKeys` + ''; + }; + hostIdentifier = mkOption { type = types.str; default = config.networking.hostName; @@ -307,7 +327,7 @@ in config = let - secretsMetadata = (pkgs.formats.toml { }).generate "secretsMetadata" cfg; + secretsMetadata = (pkgs.formats.toml { }).generate "secretsMetadata" (cfg); in mkIf sysusers { test = secretsMetadata; diff --git a/src/cmd/deploy.rs b/src/cmd/deploy.rs index 5127711..26014aa 100644 --- a/src/cmd/deploy.rs +++ b/src/cmd/deploy.rs @@ -1,4 +1,8 @@ -use std::path::{Path, PathBuf}; +use std::{ + collections::HashMap, + fs, + path::{Path, PathBuf}, +}; use crate::profile::Profile; @@ -6,11 +10,28 @@ use eyre::Result; use spdlog::debug; impl Profile { - pub fn deploy

(self, _flake_root: P, storage: P) -> Result<()> - where - P: AsRef + Into, - { - let storage = storage.as_ref().to_path_buf(); + pub fn deploy(self) -> Result<()> { + let storage_name_ctt_map: HashMap> = { + let mut map = HashMap::new(); + // dir with host pub key encrypted material, prefix hash + let storage = PathBuf::from(&self.settings.storage_dir_store); + fs::read_dir(storage)?.for_each(|entry| { + let entry = entry.expect("enter store, must success"); + let path = entry.path(); + let name = entry.file_name().to_string_lossy().to_string(); + debug!("record secret name from store: {}", name); + let content = fs::read(path).expect("reading store, must success"); + map.insert(name, content); + }); + map + }; + + // for entry in storage_ctt { + // let entry = entry?; + // let path = entry.path(); + + // debug!("found renced secret in store: {:?}", path); + // } let secs_map = self.get_renced_paths().into_map(); diff --git a/src/cmd/mod.rs b/src/cmd/mod.rs index 334bdae..2cfed95 100644 --- a/src/cmd/mod.rs +++ b/src/cmd/mod.rs @@ -54,9 +54,9 @@ pub struct EditSubCmd { /// Decrypt and deploy cipher credentials #[argh(subcommand, name = "deploy")] pub struct DeploySubCmd { - #[argh(positional, short = 's')] + #[argh(option, short = 's')] /// per hostkey encrypted dir - storage: String, + storage: Option, } #[derive(FromArgs, PartialEq, Debug)] @@ -90,7 +90,7 @@ impl Args { } SubCmd::Deploy(DeploySubCmd { ref storage }) => { info!("deploying secrets"); - profile.deploy(flake_root, storage.into()) + profile.deploy() } SubCmd::Edit(_) => todo!(), SubCmd::Check(_) => todo!(), diff --git a/src/profile.rs b/src/profile.rs index 3286f64..11512ea 100644 --- a/src/profile.rs +++ b/src/profile.rs @@ -29,6 +29,7 @@ pub struct Settings { pub host_identifier: String, pub extraEncryption_pubkeys: Vec, pub host_pubkey: String, + pub host_keys: Vec, pub storage_dir_relative: String, pub storage_dir_store: String, pub master_identities: Vec, @@ -39,3 +40,8 @@ pub struct MasterIdentity { pub identity: String, pub pubkey: String, } +#[derive(Debug, Deserialize)] +pub struct HostKey { + pub path: String, + pub r#type: String, +} diff --git a/test/secrets/renced/tester/1b91d07a2a9f7305f210128dd6f98f7a-factorio-admin.age b/test/secrets/renced/tester/1b91d07a2a9f7305f210128dd6f98f7a-factorio-admin.age index df0a79a..afe5bab 100644 --- a/test/secrets/renced/tester/1b91d07a2a9f7305f210128dd6f98f7a-factorio-admin.age +++ b/test/secrets/renced/tester/1b91d07a2a9f7305f210128dd6f98f7a-factorio-admin.age @@ -1,7 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 IQ9o3A 1j6zR72FgIFGUEGEOvHeO+pTsZ7Iox3H6snqgJq+x1E -FchkY8twOKMxZMJ3DAesvoHH9DcXhJqbxVtv3wX6dHY --> 0rK2B-grease vMnU!G> -5Cue4hEPUb9tZKSFgMFHfugjb/iSmh3rqKZq ---- 0O5Mym4j8aleEzngjFxVOV/+BK+mvlsZubUkRw2GAIU -x,JbTmąm*Pj7P_,N7{X \ No newline at end of file +-> ssh-ed25519 IQ9o3A d+olDO38ZReZ943zY8WbsYsgFztbLm4oQ+XDb07Hl0Y +IzwhDsLc2wxdSdjgsegVRpJmvPlmL/KFIUTPhjOEVkw +-> T-grease YndAs +5/INJef7aI3K8hLjQteyY5SSaI1nlSyECTu8bKeL1OnffkaT0sSOcPUowBD0XkJH +5Ajo67oVXFtd3IryRs+etcDLejt4uLpxw/vKyL/H/r6Ireh17gT751UObJwfqPAK +mRM +--- Kk3MRA82ysH1f6GGxsNiRJeVbVdncd9ioW113PS7eCo +?RL%|JkD3|`L0HV” \ No newline at end of file diff --git a/test/secrets/renced/tester/745a75ccb0974360dd2d93e3de475a84-factorio-server.age b/test/secrets/renced/tester/745a75ccb0974360dd2d93e3de475a84-factorio-server.age index 666f64b..3bfeeb2 100644 --- a/test/secrets/renced/tester/745a75ccb0974360dd2d93e3de475a84-factorio-server.age +++ b/test/secrets/renced/tester/745a75ccb0974360dd2d93e3de475a84-factorio-server.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 IQ9o3A rlStBJD4I4IO5kBvoBm41jsniJ4RlYAKmhfUpuB7vyU -0ocdk0cqpzBNtgyvHyudv2kRduF/zexzpelhcf1q0i4 --> aloHYP-grease r| -N3zY2GFx0MkyyXXN9cb23CnOfOJ7SdllpqUFUa9r+Mr3KGZEjob4NvOjvdjmCWpx -+rGG3N4kR9P4i82+qfpZXeul4KtV3SWeDrFkNn5gBSP9rFLcfFu5N6UavKzu ---- 9XL5sJQW7P9nuKz+lxzYDyixFbVAEk6VavGnv+XR7Hg -P-$J)3G ]-.VY -LA /7+^;$=ֵ \ No newline at end of file +-> ssh-ed25519 IQ9o3A /fK+a1YKItRkkd4WKil476eX5A5CYhf7zwez/2owFQk +WiyBeL3Tovn7z0jy77CW9e53NyKg1niJ8WiZqBG1Rr8 +-> --grease +N1X8Psrs1N+6BEJ3LsfarXQqApEepD0IS5N8c3mjY0hx0Jd6wPrgCw95o5UKW9vn +MobkL9cfpAOt2jtQlzCYfFtJdlQKk4idSlwMkO2BZL30IAx+VtICpfg/JNqGu9Vv +BO4 +--- iYgSYgc6/WPLO5dOON56wvGX45L8H/DIqiUON1EMUXk +$ ?r1.KزIU'äE49TY \ No newline at end of file