tasks.py, devdoc/onboarding: add agenix

2024-05-18 16:41:38 +10:00 · 2024-05-18 16:41:38 +10:00 · d7a8a6d964
commit d7a8a6d964
parent cd6b0c8349
2 changed files with 11 additions and 0 deletions
--- a/devdoc/onboarding.md
+++ b/devdoc/onboarding.md
@ -4,6 +4,8 @@

 - Add their user and ssh key to [users](../users) as member of the `trusted` and `wheel` groups.

+- Add their user to [secrets/secrets.nix](../secrets/secrets.nix) and run `inv update-agenix-files`.
+
 - Add their age key to [.sops.yaml](../.sops.yaml), update the `creation_rules` and run `inv update-sops-files`.

 - Add their email in [terraform/locals.tf](../terraform/locals.tf), this will give them access to:
--- a/tasks.py
+++ b/tasks.py
@ -51,6 +51,15 @@ def sotp(c: Any, acct: str) -> None:
    c.run(f"nix develop .#sotp -c sotp {acct}")


+@task
+def update_agenix_files(c: Any) -> None:
+    """
+    Update all agenix secrets
+    """
+    os.chdir("secrets")
+    c.run("agenix --rekey", pty=True)
+
+
@task
 def update_sops_files(c: Any) -> None:
    """