fix: remove agebox

2022-04-17 16:30:48 +00:00 · 2022-04-17 16:30:48 +00:00 · d240fc93e3
parent 247ef1a388
commit d240fc93e3
5 changed files with 15 additions and 17 deletions
--- a/.age.yml
+++ b/.age.yml
@ -0,0 +1,5 @@
+version: "1"
+paths:
+- overlay/zdt/configs/access.conf
+keys:
+- age1z42dmf0cluvuyp2jz9gzkf2ly9afxqmp9cy6dy22fwak32uhjszscn25k4
--- a/.ageboxreg.yml
+++ b/.ageboxreg.yml
@ -1,3 +0,0 @@
-file_ids:
- overlay/zdt/configs/access.conf
-version: "1"
--- a/.agekeys
+++ b/.agekeys
@ -1 +0,0 @@
-age1z42dmf0cluvuyp2jz9gzkf2ly9afxqmp9cy6dy22fwak32uhjszscn25k4
--- a/18
+++ b/18
@ -13,18 +13,20 @@ clean:

 # Adds all tracked encrypted files to .gitignore as safety net
 age-add-gitignore:
-	@for f in $$(yq eval .file_ids[] .ageboxreg.yml); do grep -qxF $$f .gitignore || echo $$f >> .gitignore; done
+	@touch .gitignore; for f in $$(yq eval .paths[] .age.yml); do grep -qxF $$f .gitignore || echo $$f >> .gitignore; done

-# Decrypts all secrets, which also removes the .agebox files locally and they show as "deleted" for now
-# This is a design choice of the agebox devs atm
+# Decrypts all secrets and removes the .age file
 age-unseal:
-	@agebox decrypt --all
+	@for f in $$(yq eval .paths[] .age.yml); do \
+		age --decrypt -i ~/.ssh/git.age -o $$f $$f.age && rm $$f.age; \
+	done

 # Encrypts all secrets, but compares the local unencrypted files with the decrypted content from the index first
-# If there are no diffs, just restore the agebox file from the index and delete the unaltered local unencrypted file
+# If there are no diffs, just restore the .age file from the index and delete the unaltered local unencrypted file
 # If there are changes re-encrypt
 age-seal:
-	@for f in $$(yq eval .file_ids[] .ageboxreg.yml); do \
+	@keys=$$(yq eval .keys[] .age.yml | sed -e 's/^/-r /' ); \
+	for f in $$(yq eval .paths[] .age.yml); do \
 		[ -f $$f ] || continue; \
-		git restore $${f}.agebox; agebox cat $$f.agebox | diff - $$f && \
-		rm -f $$f || ( rm -f $$f.agebox; agebox encrypt $$f --public-keys .agekeys; ); done
+		git restore $${f}.age; age --decrypt -i ~/.ssh/git.age $$f.age | diff -q - $$f 2>/dev/null 1>&2 && \
+		rm -f $$f || ( rm -f $$f.age; age --encrypt $$keys -o $$f.age $$f && rm -f $$f; ); done
--- a/overlay/zdt/configs/access.conf.agebox
+++ b/overlay/zdt/configs/access.conf.agebox
@ -1,5 +0,0 @@
-age-encryption.org/v1
-> X25519 ZT6m1CYk0KfJbxayb1X65OgPL6U4lnVgr90fSOiHNTA
-aAo+pQyd8gS9Y2cYufu9rAsSCDr+hmjfRa2h5HtkEZw
--- JlxAy916xCRYxSIeTbFzmU9U6+TYOFSVwDMx30m8i/w
-–<EFBFBD>„Ñ³ÕáËËuPŒ#®¯@h9Ëšû·åCŠÏ<C5A0>Ò
mm>–áîè'Ç ™k¡°d6ºŒ¢™ö¬q™ŸÆ<C5B8>žSÁÅ¥
				`@ -1 +0,0 @@`
				`age1z42dmf0cluvuyp2jz9gzkf2ly9afxqmp9cy6dy22fwak32uhjszscn25k4`