Refactor secrets handling

[perso/Immae/Config/Nix.git] / nixops / Makefile

diff --git a/nixops/Makefile b/nixops/Makefile
index f232e8a73c9d52020e7a15948c2f92b24222f13a..fb9da4cb2f6fa30cf4d99e45ad20fab8415438fa 100644 (file)
--- a/nixops/Makefile
+++ b/nixops/Makefile
@@ -26,7 +26,14 @@ endif
 SSH_ARGS ?=
 
 edit_env:
-       pass edit Nixops/files/environment.nix || true
+       $(EDITOR) secrets/environment.nix || true
+       git -C secrets add environment.nix || true
+       git -C secrets commit -m "Edit environment.nix" environment.nix || true
+
+edit_vars:
+       sops secrets/vars.yml || true
+       git -C secrets add vars.yml || true
+       git -C secrets commit -m "Edit password for vars.yml using sops." vars.yml || true
 
 ssh-eldiron:
        ./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@eldiron $(SSH_ARGS)'
@@ -59,6 +66,10 @@ deploy:
        ./scripts/with_env morph deploy default.nix switch --keep-result --upload-secrets $(MORPH_ARGS)
        nix-env -p $(PROFILE) --set .gcroots/default.nix
 
+next-boot:
+       ./scripts/with_env morph deploy default.nix boot --keep-result --upload-secrets $(MORPH_ARGS)
+       nix-env -p $(PROFILE) --set .gcroots/default.nix
+
 deploy-reboot:
        ./scripts/with_env morph deploy default.nix boot --reboot --upload-secrets $(MORPH_ARGS)
 
@@ -73,8 +84,8 @@ list-generations:
 .PHONY: list-generations
 
 delete-generations:
-       echo "make sure you ran a complete build before cleaning up!"
-       false
+       @echo "making sure that a complete build is done before cleaning up"
+       $(MAKE) build MORPH_ARGS=--keep-result
        nix-env -p $(PROFILE) --delete-generations $(GEN)
        $(MAKE) ssh-eldiron SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)"
        $(MAKE) ssh-dilion SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)"