nix-config/justfile

72 lines
2 KiB
Makefile
Raw Normal View History

2024-08-13 12:50:21 +02:00
SOPS_FILE := "./secrets/secrets.yaml"
default:
2024-07-17 17:21:42 +02:00
@just --list
2024-06-14 16:54:05 +02:00
2024-08-13 12:50:21 +02:00
rebuild-pre: update-nix-secrets
2024-07-17 17:21:42 +02:00
git add *.nix
rebuild-post:
just check-sops
2024-08-13 12:50:21 +02:00
# Requires sops to be running and you must have reboot after initial rebuild
rebuild: rebuild-pre
# sudo nixos-rebuild switch --flake .#$(hostname)
scripts/system-flake-rebuild.sh
# Requires sops to be running and you must have reboot after initial rebuild
rebuild-trace: rebuild-pre && rebuild-post
scripts/system-flake-rebuild-trace.sh
2024-06-14 16:54:05 +02:00
2024-08-13 12:50:21 +02:00
home_rebuild: rebuild-pre
2024-06-14 16:54:05 +02:00
home-manager switch --flake .#muhh
2024-07-17 17:21:42 +02:00
update:
2024-06-14 16:54:05 +02:00
nix flake update
2024-08-13 12:50:21 +02:00
rebuild-update: update && rebuild
sops:
echo "Editing {{SOPS_FILE}}"
nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops {{SOPS_FILE}}"
age-key:
nix-shell -p age --run "age-keygen"
rekey:
cd ../nix-secrets && (\
sops updatekeys -y secrets.yaml && \
(pre-commit run --all-files || true) && \
git add -u && (git commit -m "chore: rekey" || true) && git push \
)
check-sops:
scripts/check-sops.sh
update-nix-secrets:
(cd ../nix-secrets && git fetch && git rebase) || true
nix flake lock --update-input nix-secrets
iso:
# If we dont remove this folder, libvirtd VM doesnt run with the new iso...
rm -rf result
nix build ./nixos-installer#nixosConfigurations.iso.config.system.build.isoImage
iso-install DRIVE: iso
sudo dd if=$(eza --sort changed result/iso/*.iso | tail -n1) of={{DRIVE}} bs=4M status=progress oflag=sync
disko DRIVE PASSWORD:
echo "{{PASSWORD}}" > /tmp/disko-password
sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko -- \
--mode disko \
disks/btrfs-luks-impermanence-disko.nix \
--arg disk '"{{DRIVE}}"' \
--arg password '"{{PASSWORD}}"'
rm /tmp/disko-password
sync USER HOST:
rsync -av --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:nix-config/
sync-secrets USER HOST:
rsync -av --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:nix-secrets/