mirror of
https://github.com/nmasur/dotfiles
synced 2024-11-30 04:35:37 +00:00
28 lines
747 B
Nix
28 lines
747 B
Nix
{ pkgs, ... }: {
|
|
|
|
# nix run github:nmasur/dotfiles#reencrypt-secrets ./private
|
|
|
|
type = "app";
|
|
|
|
program = builtins.toString (pkgs.writeShellScript "reencrypt-secrets" ''
|
|
if [ $# -eq 0 ]; then
|
|
echo "Must provide directory to reencrypt."
|
|
exit 1
|
|
fi
|
|
encrypted=$1
|
|
for encryptedfile in ''${1}/*; do
|
|
tmpfile=$(mktemp)
|
|
echo "Decrypting ''${encryptedfile}..."
|
|
${pkgs.age}/bin/age --decrypt \
|
|
--identity ~/.ssh/id_ed25519 $encryptedfile > $tmpfile
|
|
echo "Encrypting ''${encryptedfile}..."
|
|
${pkgs.age}/bin/age --encrypt --armor --recipients-file ${
|
|
builtins.toString ../hosts/public-keys
|
|
} $tmpfile > $encryptedfile
|
|
rm $tmpfile
|
|
done
|
|
echo "Finished."
|
|
'');
|
|
|
|
}
|