Squash changes containing private information

[perso/Immae/Config/Nix.git] / scripts / with_env

diff --git a/scripts/with_env b/scripts/with_env
new file mode 100755 (executable)
index 0000000..783d86c
--- /dev/null
+++ b/scripts/with_env
@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+
+if [ -z "$SOPS_VARS_FILE" ]; then
+  echo "Variable SOPS_VARS_FILE is needed with a path to the sops variables"
+  exit 1;
+fi
+
+umask 0077
+TEMP=$(mktemp -d /tmp/XXXXXX-nixops-files)
+chmod go-rwx $TEMP
+
+finish() {
+  rm -rf "$TEMP"
+}
+
+trap finish EXIT
+
+sops -d $SOPS_VARS_FILE | yq -r .ssl_keys.nix_repository > $TEMP/id_ed25519
+
+cat > $TEMP/ssh_config <<EOF
+Host *
+IdentityFile $TEMP/id_ed25519
+EOF
+export SSH_CONFIG_FILE="$TEMP/ssh_config"
+export SSH_IDENTITY_FILE="$TEMP/id_ed25519"
+
+"$@"