tasks.py: add ssh-to-age to shell and update comments

2023-02-07 11:01:07 +10:00 · 2023-02-07 11:01:07 +10:00 · 16962b3a09
commit 16962b3a09
parent a6fb3a5457
3 changed files with 4 additions and 4 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -8,8 +8,7 @@ keys:
  - &ryantm age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay
  - &zimbatm age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h
  - &zowoq age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n
-# scan new hosts like this:
-# $ nix-shell -p ssh-to-age --run 'ssh-keyscan buildXX.nix-community.org | ssh-to-age'
+# scan new hosts with `scan-age-keys` task
 creation_rules:
  - path_regex: ^secrets.yaml$
    key_groups:
--- a/shell.nix
+++ b/shell.nix
@ -17,6 +17,7 @@ mkShellNoCC {
    ))
    jq
    sops
+    ssh-to-age
    (python3.withPackages (
      p: [
        p.deploykit
--- a/tasks.py
+++ b/tasks.py
@ -124,7 +124,7 @@ find . \
@task
 def scan_age_keys(c, host):
    """
-    Scans for the host key via ssh an converts it to age
+    Scans for the host key via ssh an converts it to age. Use inv scan-age-keys build**.nix-community.org
    """
    import subprocess

@ -133,7 +133,7 @@ def scan_age_keys(c, host):
    )
    print("###### Age keys ######")
    subprocess.run(
-        ["nix", "run", "--inputs-from", ".#", "nixpkgs#ssh-to-age"],
+        ["ssh-to-age"],
        input=proc.stdout,
        check=True,
        text=True,