feat: winters <> summers parity

2026-04-14 21:29:12 +02:00 · 2026-01-10 15:56:09 +01:00 · 2026-01-10 15:56:09 +01:00 · 04e3bcefc3
commit 04e3bcefc3
parent 7cacce85a0
144 changed files with 3628 additions and 732 deletions
--- a/pkgs/config/swarsel-sops/default.nix
+++ b/pkgs/config/swarsel-sops/default.nix
@ -3,9 +3,9 @@ writeShellApplication {
  inherit name;
  runtimeInputs = [ sops ];
  text = ''
-    sops updatekeys ${homeConfig.homeDirectory}/secrets/repo/*
-    sops updatekeys ${homeConfig.homeDirectory}/secrets/nginx/*
-    sops updatekeys ${homeConfig.homeDirectory}/secrets/work/*
-    sops updatekeys ${homeConfig.homeDirectory}/hosts/*/*/*/secrets/*/secrets.yaml
+    sops updatekeys ${homeConfig.swarselsystems.flakePath}/secrets/repo/*
+    sops updatekeys ${homeConfig.swarselsystems.flakePath}/secrets/nginx/*
+    sops updatekeys ${homeConfig.swarselsystems.flakePath}/secrets/work/*
+    sops updatekeys ${homeConfig.swarselsystems.flakePath}/hosts/*/*/*/secrets/*/secrets.yaml
  '';
 }
--- a/pkgs/flake/gen-sops-guest/default.nix
+++ b/pkgs/flake/gen-sops-guest/default.nix
@ -0,0 +1,30 @@
+{ name, writeShellApplication, ... }:
+
+writeShellApplication {
+  inherit name;
+  text = ''
+
+    if [ "$#" -lt 3 ]; then
+      echo "Usage: $0 <host> <arch_path> <service1> [service2 ...]" >&2
+      echo "Example: $0 hintbooth hosts/nixos/x86_64-linux adguardhome nginx" >&2
+      exit 1
+    fi
+
+    HOST="$1"
+    ARCH_PATH="$2"
+    shift 2
+
+    for service in "$@"; do
+      cat <<EOF
+      - path_regex: ''${ARCH_PATH}/''${HOST}/secrets/''${service}/[^/]+\.(yaml|json|env|ini|enc)\$
+        key_groups:
+        - pgp:
+          - *swarsel
+          age:
+          - *''${HOST}
+          - *''${HOST}-''${service}
+
+    EOF
+    done
+  '';
+}