moving around reencrypt secrets

2025-07-06 16:40:14 +00:00 · 2025-03-09 05:02:20 +00:00
parent 2722a8bf61
commit e90c6b1724
4 changed files with 29 additions and 44 deletions
--- a/apps/loadkey.nix
+++ b/apps/loadkey.nix
@ -1,9 +0,0 @@
-{ pkgs, ... }:
-{
-
-  # TODO: just replace with packages instead of apps
-
-  type = "app";
-
-  program = "${pkgs.nmasur.loadkey}/bin/loadkey";
-}
--- a/apps/reencrypt-secrets.nix
+++ b/apps/reencrypt-secrets.nix
@ -1,27 +0,0 @@
-{ pkgs, ... }:
-{
-
-  # nix run github:nmasur/dotfiles#reencrypt-secrets ./private
-
-  type = "app";
-
-  program = builtins.toString (
-    pkgs.writeShellScript "reencrypt-secrets" ''
-      if [ $# -eq 0 ]; then
-        echo "Must provide directory to reencrypt."
-        exit 1
-      fi
-      encrypted=$1
-      for encryptedfile in ''${1}/*; do
-        tmpfile=$(mktemp)
-        echo "Decrypting ''${encryptedfile}..."
-        ${pkgs.age}/bin/age --decrypt \
-          --identity ~/.ssh/id_ed25519 $encryptedfile > $tmpfile
-        echo "Encrypting ''${encryptedfile}..."
-        ${pkgs.age}/bin/age --encrypt --armor --recipients-file ${builtins.toString ../misc/public-keys} $tmpfile > $encryptedfile
-        rm $tmpfile
-      done
-      echo "Finished."
-    ''
-  );
-}