From 2970a7d892394510814731609de55f19518511e3 Mon Sep 17 00:00:00 2001 From: clerie Date: Wed, 1 May 2024 17:11:36 +0200 Subject: [PATCH 1/2] pkgs/clerie-sops: Add clerie-sops-edit for working with multiline string attributes in json --- configuration/common/programs.nix | 1 + flake.nix | 1 + pkgs/clerie-sops/clerie-sops-edit.nix | 10 ++++++++++ pkgs/clerie-sops/clerie-sops-edit.sh | 25 +++++++++++++++++++++++++ pkgs/overlay.nix | 1 + 5 files changed, 38 insertions(+) create mode 100644 pkgs/clerie-sops/clerie-sops-edit.nix create mode 100755 pkgs/clerie-sops/clerie-sops-edit.sh diff --git a/configuration/common/programs.nix b/configuration/common/programs.nix index 23e7db2..f68ac3c 100644 --- a/configuration/common/programs.nix +++ b/configuration/common/programs.nix @@ -16,6 +16,7 @@ colmena agenix clerie-sops + clerie-sops-edit sops # Debugging diff --git a/flake.nix b/flake.nix index 1dd9579..08b3f9b 100644 --- a/flake.nix +++ b/flake.nix @@ -132,6 +132,7 @@ clerie-update-nixfiles clerie-sops clerie-sops-config + clerie-sops-edit chromium-incognito iot-data nix-remove-result-links diff --git a/pkgs/clerie-sops/clerie-sops-edit.nix b/pkgs/clerie-sops/clerie-sops-edit.nix new file mode 100644 index 0000000..c0ab33b --- /dev/null +++ b/pkgs/clerie-sops/clerie-sops-edit.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: + +pkgs.writeShellApplication { + name = "clerie-sops-edit"; + text = builtins.readFile ./clerie-sops-edit.sh; + runtimeInputs = with pkgs; [ + clerie-sops + jq + ]; +} diff --git a/pkgs/clerie-sops/clerie-sops-edit.sh b/pkgs/clerie-sops/clerie-sops-edit.sh new file mode 100755 index 0000000..220660a --- /dev/null +++ b/pkgs/clerie-sops/clerie-sops-edit.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash + +# Edit a single attribute of a sops json file +# Helps working with multiline strings in json + +set -euo pipefail + +SECRETS_FILE="$1" +KEY="$2" + +if [[ -n $EDITOR ]]; then + EDITOR=vim +fi + +TMP_FILE="$(mktemp)" + +clerie-sops --decrypt --extract "[\"${KEY}\"]" "${SECRETS_FILE}" > "${TMP_FILE}" + +vim "${TMP_FILE}" + +JSON_QUOTED_SECRET="$(jq -Rs '.' "${TMP_FILE}")" + +rm "${TMP_FILE}" + +clerie-sops --set "[\"${KEY}\"] ${JSON_QUOTED_SECRET}" "${SECRETS_FILE}" diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix index 2b6ae5a..d0e44da 100644 --- a/pkgs/overlay.nix +++ b/pkgs/overlay.nix @@ -4,6 +4,7 @@ final: prev: { clerie-merge-nixfiles-update = final.callPackage ./clerie-update-nixfiles/clerie-merge-nixfiles-update.nix {}; clerie-sops = final.callPackage ./clerie-sops/clerie-sops.nix {}; clerie-sops-config = final.callPackage ./clerie-sops/clerie-sops-config.nix {}; + clerie-sops-edit = final.callPackage ./clerie-sops/clerie-sops-edit.nix {}; clerie-update-nixfiles = final.callPackage ./clerie-update-nixfiles/clerie-update-nixfiles.nix {}; chromium-incognito = final.callPackage ./chromium-incognito {}; iot-data = final.python3.pkgs.callPackage ./iot-data {}; From b1fe15f4c995de4b82cc02d3be35dbfe93553c23 Mon Sep 17 00:00:00 2001 From: Flake Update Bot Date: Thu, 2 May 2024 03:03:03 +0200 Subject: [PATCH 2/2] Update nixpkgs 2024-05-02-01-03 --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index ac3e4da..989996f 100644 --- a/flake.lock +++ b/flake.lock @@ -283,11 +283,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1712963716, - "narHash": "sha256-WKm9CvgCldeIVvRz87iOMi8CFVB1apJlkUT4GGvA0iM=", + "lastModified": 1714253743, + "narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cfd6b5fc90b15709b780a5a1619695a88505a176", + "rev": "58a1abdbae3217ca6b702f03d3b35125d88a2994", "type": "github" }, "original": {