introduce secrix-wrapper to devShel

1 year ago · 7f020def43
parent c3aa97ba5a
commit 7f020def43
1 changed files with 50 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@ -151,6 +151,50 @@

      };

+      packages."${system}".secrix-wrapper = pkgs.writeShellApplication {
+        name = "secr";
+        text = ''
+          secrix() {
+            set -x
+            exec ${outputs.apps.${system}.secrix.program} "$@"
+          }
+
+          help() {
+            echo "Usages:"
+            echo "  $0 [create|rekey|edit|encrypt] <system> [<args> …] <file>"
+            echo "  $0 decrypt [<args> …] <file>"
+          }
+
+          main() {
+            if [[ $# -lt 1 ]]; then
+              help
+              exit 0
+            fi
+            cmd="$1"
+            shift 1
+            case "$cmd" in
+              help|-h|--help)
+                help
+                ;;
+              create)
+                secrix "$cmd" --all-users --system "$@"
+                ;;
+              rekey|edit)
+                secrix "$cmd" --identity "$SECRIX_ID" --all-users --system "$@"
+                ;;
+              encrypt)
+                secrix "$cmd" --all-users --system "$@"
+                ;;
+              decrypt)
+                secrix "$cmd" --identity "$SECRIX_ID" "$@"
+                ;;
+            esac
+          }
+
+          main "$@"
+        '';
+      };
+
      devShells."${system}".default =
        let
          pkgs = pkgs_unstable;
@ -161,7 +205,13 @@
            rsync
            opentofu
            terranix
+            # tooling for services
+            outputs.packages.${system}.secrix-wrapper
+            wireguard-tools
          ];
+          shellHook = ''
+            export SECRIX_ID=~/".ssh/id_ed25519"
+          '';
        };

    };