refactor sops secrets
This commit is contained in:
parent
c9e9ae7b2d
commit
9c17a146cb
4 changed files with 4 additions and 8 deletions
|
@ -183,7 +183,7 @@ in
|
||||||
|
|
||||||
sops.secrets.nix-community-cachix = {
|
sops.secrets.nix-community-cachix = {
|
||||||
path = "/home/r-ryantm/.config/cachix/cachix.dhall";
|
path = "/home/r-ryantm/.config/cachix/cachix.dhall";
|
||||||
sopsFile = ../roles/nix-community-cache.yaml;
|
sopsFile = ../roles/nix-community-cache/secrets.yaml;
|
||||||
owner = "r-ryantm";
|
owner = "r-ryantm";
|
||||||
group = "r-ryantm";
|
group = "r-ryantm";
|
||||||
};
|
};
|
||||||
|
|
|
@ -60,7 +60,7 @@ in {
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
sops.secrets.nix-community-cachix.sopsFile = ../../roles/nix-community-cache.yaml;
|
sops.secrets.nix-community-cachix.sopsFile = ../../roles/nix-community-cache/secrets.yaml;
|
||||||
sops.secrets.id_buildfarm = {};
|
sops.secrets.id_buildfarm = {};
|
||||||
|
|
||||||
services.hydra = {
|
services.hydra = {
|
||||||
|
|
8
tasks.py
8
tasks.py
|
@ -97,13 +97,9 @@ def update_sops_files(c):
|
||||||
c.run(
|
c.run(
|
||||||
"""
|
"""
|
||||||
find . \
|
find . \
|
||||||
-not -path "./.github/*" \
|
|
||||||
-not -path "./.mergify.yml" \
|
|
||||||
-not -path "./_config.yml" \
|
|
||||||
-type f \
|
-type f \
|
||||||
\( -iname '*.enc.json' -o -iname '*.yaml' \) \
|
\( -iname '*.enc.json' -o -iname 'secrets.yaml' \) \
|
||||||
-print0 | \
|
-exec sops updatekeys --yes {} \;
|
||||||
xargs -0 -n1 sops updatekeys --yes
|
|
||||||
"""
|
"""
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue