2024-08-13 12:50:21 +02:00
|
|
|
SOPS_FILE := "./secrets/secrets.yaml"
|
|
|
|
|
2024-04-11 16:26:54 +02:00
|
|
|
default:
|
2024-07-17 17:21:42 +02:00
|
|
|
@just --list
|
2024-06-14 16:54:05 +02:00
|
|
|
|
2024-08-13 12:50:21 +02:00
|
|
|
rebuild-pre: update-nix-secrets
|
2024-07-17 17:21:42 +02:00
|
|
|
git add *.nix
|
|
|
|
|
|
|
|
rebuild-post:
|
|
|
|
just check-sops
|
|
|
|
|
2024-08-13 12:50:21 +02:00
|
|
|
# Requires sops to be running and you must have reboot after initial rebuild
|
|
|
|
rebuild: rebuild-pre
|
|
|
|
# sudo nixos-rebuild switch --flake .#$(hostname)
|
|
|
|
scripts/system-flake-rebuild.sh
|
|
|
|
|
|
|
|
# Requires sops to be running and you must have reboot after initial rebuild
|
|
|
|
rebuild-trace: rebuild-pre && rebuild-post
|
|
|
|
scripts/system-flake-rebuild-trace.sh
|
2024-06-14 16:54:05 +02:00
|
|
|
|
2024-08-13 12:50:21 +02:00
|
|
|
home_rebuild: rebuild-pre
|
2024-06-14 16:54:05 +02:00
|
|
|
home-manager switch --flake .#muhh
|
|
|
|
|
2024-07-17 17:21:42 +02:00
|
|
|
update:
|
2024-06-14 16:54:05 +02:00
|
|
|
nix flake update
|
2024-08-13 12:50:21 +02:00
|
|
|
|
|
|
|
rebuild-update: update && rebuild
|
|
|
|
|
|
|
|
sops:
|
|
|
|
echo "Editing {{SOPS_FILE}}"
|
|
|
|
nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops {{SOPS_FILE}}"
|
|
|
|
|
|
|
|
age-key:
|
|
|
|
nix-shell -p age --run "age-keygen"
|
|
|
|
|
|
|
|
rekey:
|
|
|
|
cd ../nix-secrets && (\
|
|
|
|
sops updatekeys -y secrets.yaml && \
|
|
|
|
(pre-commit run --all-files || true) && \
|
|
|
|
git add -u && (git commit -m "chore: rekey" || true) && git push \
|
|
|
|
)
|
|
|
|
|
|
|
|
check-sops:
|
|
|
|
scripts/check-sops.sh
|
|
|
|
|
|
|
|
update-nix-secrets:
|
|
|
|
(cd ../nix-secrets && git fetch && git rebase) || true
|
|
|
|
nix flake lock --update-input nix-secrets
|
|
|
|
|
|
|
|
iso:
|
|
|
|
# If we dont remove this folder, libvirtd VM doesnt run with the new iso...
|
|
|
|
rm -rf result
|
|
|
|
nix build ./nixos-installer#nixosConfigurations.iso.config.system.build.isoImage
|
|
|
|
|
|
|
|
iso-install DRIVE: iso
|
|
|
|
sudo dd if=$(eza --sort changed result/iso/*.iso | tail -n1) of={{DRIVE}} bs=4M status=progress oflag=sync
|
|
|
|
|
|
|
|
disko DRIVE PASSWORD:
|
|
|
|
echo "{{PASSWORD}}" > /tmp/disko-password
|
|
|
|
sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko -- \
|
|
|
|
--mode disko \
|
|
|
|
disks/btrfs-luks-impermanence-disko.nix \
|
|
|
|
--arg disk '"{{DRIVE}}"' \
|
|
|
|
--arg password '"{{PASSWORD}}"'
|
|
|
|
rm /tmp/disko-password
|
|
|
|
|
|
|
|
sync USER HOST:
|
|
|
|
rsync -av --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:nix-config/
|
|
|
|
|
|
|
|
sync-secrets USER HOST:
|
|
|
|
rsync -av --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:nix-secrets/
|