SOPS_FILE := "../nix-secrets/.sops.yaml" # Define path to helpers export HELPERS_PATH := justfile_directory() + "/scripts/helpers.sh" # default recipe to display help information default: @just --list # Update commonly changing flakes and prep for a rebuild rebuild-pre: update-nix-secrets @git add --intent-to-add . # Run post-rebuild checks, like if sops is running properly afterwards rebuild-post: check-sops # Run a flake check on the config and installer check ARGS="": NIXPKGS_ALLOW_UNFREE=1 REPO_PATH=$(pwd) nix flake check --impure --keep-going --show-trace {{ARGS}} cd nixos-installer && NIXPKGS_ALLOW_UNFREE=1 REPO_PATH=$(pwd) nix flake check --impure --keep-going --show-trace {{ARGS}} # Rebuild the system rebuild: rebuild-pre && rebuild-post # NOTE: Add --option eval-cache false if you end up caching a failure you cant get around scripts/rebuild.sh # Rebuild the system and run a flake check rebuild-full: rebuild-pre && rebuild-post scripts/rebuild.sh just check # Rebuild the system and run a flake check rebuild-trace: rebuild-pre && rebuild-post scripts/rebuild.sh trace just check # Update the flake update: nix flake update # Update and then rebuild rebuild-update: update rebuild # Git diff there entire repo expcept for flake.lock diff: git diff ':!flake.lock' # Generate a new age key age-key: nix-shell -p age --run "age-keygen" # Check if sops-nix activated successfully check-sops: scripts/check-sops.sh # Update nix-secrets flake update-nix-secrets: @(cd ../nix-secrets && git fetch && git rebase > /dev/null) || true nix flake update nix-secrets --timeout 5 # Build an iso image for installing new systems and create a symlink for qemu usage iso: # If we dont remove this folder, libvirtd VM doesnt run with the new iso... rm -rf result nix build --impure .#nixosConfigurations.iso.config.system.build.isoImage && ln -sf result/iso/*.iso latest.iso # Install the latest iso to a flash drive iso-install DRIVE: iso sudo dd if=$(eza --sort changed result/iso/*.iso | tail -n1) of={{DRIVE}} bs=4M status=progress oflag=sync # Configure a drive password using disko disko DRIVE PASSWORD: echo "{{PASSWORD}}" > /tmp/disko-password sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko -- \ --mode disko \ disks/btrfs-luks-impermanence-disko.nix \ --arg disk '"{{DRIVE}}"' \ --arg password '"{{PASSWORD}}"' rm /tmp/disko-password # Copy all the config files to the remote host sync USER HOST PATH: rsync -av --filter=':- .gitignore' -e "ssh -l {{USER}} -oport=22" . {{USER}}@{{HOST}}:{{PATH}}/nix-config # Run nixos-rebuild on the remote host build-host HOST: NIX_SSHOPTS="-p22" nixos-rebuild --target-host {{HOST}} --use-remote-sudo --show-trace --impure --flake .#"{{HOST}}" switch # Called by the rekey recipe sops-rekey: cd ../nix-secrets && for file in $(ls sops/*.yaml); do \ sops updatekeys -y $file; \ done # Update all keys in sops/*.yaml files in nix-secrets to match the creation rules keys rekey: sops-rekey cd ../nix-secrets && \ (pre-commit run --all-files || true) && \ git add -u && (git commit -nm "chore: rekey" || true) && git push # Update an age key anchor or add a new one sops-update-age-key FIELD KEYNAME KEY: #!/usr/bin/env bash source {{HELPERS_PATH}} sops_update_age_key {{FIELD}} {{KEYNAME}} {{KEY}} # Update an existing user age key anchor or add a new one sops-update-user-age-key USER HOST KEY: just sops-update-age-key users {{USER}}_{{HOST}} {{KEY}} # Update an existing host age key anchor or add a new one sops-update-host-age-key HOST KEY: just sops-update-age-key hosts {{HOST}} {{KEY}} # Automatically create creation rules entries for a .yaml file for host-specific secrets sops-add-host-creation-rules USER HOST: #!/usr/bin/env bash source {{HELPERS_PATH}} sops_add_host_creation_rules "{{USER}}" "{{HOST}}" # Automatically create creation rules entries for a shared.yaml file for shared secrets sops-add-shared-creation-rules USER HOST: #!/usr/bin/env bash source {{HELPERS_PATH}} sops_add_shared_creation_rules "{{USER}}" "{{HOST}}" # Automatically add the host and user keys to creation rules for shared.yaml and .yaml sops-add-creation-rules USER HOST: just sops-add-host-creation-rules {{USER}} {{HOST}} && \ just sops-add-shared-creation-rules {{USER}} {{HOST}}