Simplify management of secrets in nixops

1 files changed, 8 insertions, 29 deletions

diff --git a/nixops/Makefile b/nixops/Makefile
index c521682..a7b24cd 100644
--- a/nixops/Makefile
+++ b/nixops/Makefile
@@ -1,8 +1,5 @@
 export
-ifndef NIXOPS_CONFIG_PASS_SUBTREE_PATH
-  $(error Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path)
-endif
-
+PASSWORD_STORE_DIR = $(shell pwd)/secrets
 NIXOPS_STATE ?= ./state/eldiron.nixops
 NIXOPS_DEPLOYMENT = cef694f3-081d-11e9-b31f-0242ec186adf
 nixpkgs ?= $(shell cat ../nix/sources.json | jq -r '."nixpkgs-nixops".url')
@@ -34,6 +31,9 @@ ifdef TARGET
 endif
 SSH_ARGS ?=
 
+edit_env:
+        pass edit Nixops/files/environment.nix || true
+
 nixops:
         $(NIXOPS_PRIV) $(NIXOPS_ARGS)
 
@@ -101,17 +101,6 @@ cleanup: delete-generations
 .PHONY: cleanup
 
 ###### Pull environment and deployment from remote
-# Don't include pull_deployment by default as this should happen only rarely
-pull: pull_environment;
-.PHONY: pull
-
-pull_environment:
-ifndef NIXOPS_CONFIG_PASS_SUBTREE_REMOTE
-        $(error "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name")
-endif
-        pass git subtree pull --prefix=$(NIXOPS_CONFIG_PASS_SUBTREE_PATH) $(NIXOPS_CONFIG_PASS_SUBTREE_REMOTE) master
-.PHONY: pull_environment
-
 pull_deployment:
         @if $(NIXOPS) info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null ; then \
           echo "This will remove your current deployment file and recreate it!. Continue? [y/N]" && \
@@ -119,7 +108,7 @@ pull_deployment:
           [ "$$y" = "y" -o "$$y" = "Y" ] && \
           $(NIXOPS) delete --force -d $(NIXOPS_DEPLOYMENT); \
         fi
-        pass show $(NIXOPS_CONFIG_PASS_SUBTREE_PATH)/Nixops/Deployment | $(NIXOPS) import
+        pass show Nixops/Deployment | $(NIXOPS) import
         $(NIXOPS) modify -d $(NIXOPS_DEPLOYMENT) "$$(pwd)/default.nix"
 .PHONY: pull_deployment
 
@@ -127,17 +116,7 @@ deployment_is_set:
         $(NIXOPS) info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null
 .PHONY: deployment_is_set
 
-###### Push environment and deployment information to password store
-push: push_deployment push_environment;
-.PHONY: push
-
+###### Push deployment information to password store
 push_deployment:
-        $(NIXOPS) export | pass insert -m $(NIXOPS_CONFIG_PASS_SUBTREE_PATH)/Nixops/Deployment
-.PHONY: push_deployment
-
-push_environment:
-ifndef NIXOPS_CONFIG_PASS_SUBTREE_REMOTE
-        $(error "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name")
-endif
-        pass git subtree push --prefix=$(NIXOPS_CONFIG_PASS_SUBTREE_PATH) $(NIXOPS_CONFIG_PASS_SUBTREE_REMOTE) master
-.PHONY: push_environment
+        $(NIXOPS) export | pass insert -m Nixops/Deployment
+.PHONY: push