From 884ee28beebebe10096908204154face54c87d9b Mon Sep 17 00:00:00 2001 From: Markus Heurung Date: Tue, 13 Aug 2024 12:50:21 +0200 Subject: [PATCH] start improving justfile --- justfile | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 58 insertions(+), 4 deletions(-) diff --git a/justfile b/justfile index fa70683..f78440c 100644 --- a/justfile +++ b/justfile @@ -1,17 +1,71 @@ +SOPS_FILE := "./secrets/secrets.yaml" + default: @just --list -rebuild-pre: +rebuild-pre: update-nix-secrets git add *.nix rebuild-post: just check-sops -rebuild: rebuild - sudo nixos-rebuild switch --flake .#$(hostname) +# Requires sops to be running and you must have reboot after initial rebuild +rebuild: rebuild-pre + # sudo nixos-rebuild switch --flake .#$(hostname) + scripts/system-flake-rebuild.sh -home_rebuild: +# Requires sops to be running and you must have reboot after initial rebuild +rebuild-trace: rebuild-pre && rebuild-post + scripts/system-flake-rebuild-trace.sh + +home_rebuild: rebuild-pre home-manager switch --flake .#muhh update: nix flake update + +rebuild-update: update && rebuild + +sops: + echo "Editing {{SOPS_FILE}}" + nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops {{SOPS_FILE}}" + +age-key: + nix-shell -p age --run "age-keygen" + +rekey: + cd ../nix-secrets && (\ + sops updatekeys -y secrets.yaml && \ + (pre-commit run --all-files || true) && \ + git add -u && (git commit -m "chore: rekey" || true) && git push \ + ) + +check-sops: + scripts/check-sops.sh + +update-nix-secrets: + (cd ../nix-secrets && git fetch && git rebase) || true + nix flake lock --update-input nix-secrets + +iso: + # If we dont remove this folder, libvirtd VM doesnt run with the new iso... + rm -rf result + nix build ./nixos-installer#nixosConfigurations.iso.config.system.build.isoImage + +iso-install DRIVE: iso + sudo dd if=$(eza --sort changed result/iso/*.iso | tail -n1) of={{DRIVE}} bs=4M status=progress oflag=sync + +disko DRIVE PASSWORD: + echo "{{PASSWORD}}" > /tmp/disko-password + sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko -- \ + --mode disko \ + disks/btrfs-luks-impermanence-disko.nix \ + --arg disk '"{{DRIVE}}"' \ + --arg password '"{{PASSWORD}}"' + rm /tmp/disko-password + +sync USER HOST: + rsync -av --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:nix-config/ + +sync-secrets USER HOST: + rsync -av --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:nix-secrets/