refactor sops secrets

2022-11-17 08:57:22 +10:00 · 2022-11-17 08:57:22 +10:00 · 9c17a146cb
commit 9c17a146cb
parent c9e9ae7b2d
4 changed files with 4 additions and 8 deletions
--- a/build02/nixpkgs-update.nix
+++ b/build02/nixpkgs-update.nix
@ -183,7 +183,7 @@ in

  sops.secrets.nix-community-cachix = {
    path = "/home/r-ryantm/.config/cachix/cachix.dhall";
-    sopsFile = ../roles/nix-community-cache.yaml;
+    sopsFile = ../roles/nix-community-cache/secrets.yaml;
    owner = "r-ryantm";
    group = "r-ryantm";
  };
--- a/roles/nix-community-cache/secrets.yaml
+++ b/roles/nix-community-cache/secrets.yaml
--- a/services/hydra/default.nix
+++ b/services/hydra/default.nix
@ -60,7 +60,7 @@ in {
        ];
    };

-    sops.secrets.nix-community-cachix.sopsFile = ../../roles/nix-community-cache.yaml;
+    sops.secrets.nix-community-cachix.sopsFile = ../../roles/nix-community-cache/secrets.yaml;
    sops.secrets.id_buildfarm = {};

    services.hydra = {
--- a/tasks.py
+++ b/tasks.py
@ -97,13 +97,9 @@ def update_sops_files(c):
    c.run(
        """
 find . \
-        -not -path "./.github/*" \
-        -not -path "./.mergify.yml" \
-        -not -path "./_config.yml" \
        -type f \
-        \( -iname '*.enc.json' -o -iname '*.yaml' \) \
-        -print0 | \
-        xargs -0 -n1 sops updatekeys --yes
+        \( -iname '*.enc.json' -o -iname 'secrets.yaml' \) \
+        -exec sops updatekeys --yes {} \;
 """
    )