feat(global): add justfile for quick CICD commands
This commit is contained in:
madmin
parent
91b5b7a89e
commit
25be2b18a0
|
|
@ -0,0 +1,91 @@
|
||||||
|
# just is a command runner, Justfile is very similar to Makefile, but simpler.
|
||||||
|
|
||||||
|
# use zsh for shell commands
|
||||||
|
set shell := ["nu", "-c"]
|
||||||
|
|
||||||
|
############################################################################
|
||||||
|
#
|
||||||
|
# Common commands(suitable for all machines)
|
||||||
|
#
|
||||||
|
############################################################################
|
||||||
|
|
||||||
|
SOPS_FILE := "../nix-secrets/secrets.yaml"
|
||||||
|
|
||||||
|
# default recipe to display help information
|
||||||
|
default:
|
||||||
|
@just --list
|
||||||
|
|
||||||
|
rebuild-pre: update-nix-secrets
|
||||||
|
git add *.nix
|
||||||
|
|
||||||
|
rebuild-post:
|
||||||
|
just check-sops
|
||||||
|
|
||||||
|
# Add --option eval-cache false if you end up caching a failure you can't get around
|
||||||
|
rebuild: rebuild-pre
|
||||||
|
scripts/system-flake-rebuild.sh
|
||||||
|
|
||||||
|
# Requires sops to be running and you must have reboot after initial rebuild
|
||||||
|
rebuild-full: rebuild-pre && rebuild-post
|
||||||
|
scripts/system-flake-rebuild.sh
|
||||||
|
|
||||||
|
# Requires sops to be running and you must have reboot after initial rebuild
|
||||||
|
rebuild-trace: rebuild-pre && rebuild-post
|
||||||
|
scripts/system-flake-rebuild-trace.sh
|
||||||
|
|
||||||
|
update:
|
||||||
|
nix flake update
|
||||||
|
|
||||||
|
rebuild-update: update && rebuild
|
||||||
|
|
||||||
|
diff:
|
||||||
|
git diff ':!flake.lock'
|
||||||
|
|
||||||
|
history:
|
||||||
|
nix profile history --profile /nix/var/nix/profiles/system
|
||||||
|
|
||||||
|
repl:
|
||||||
|
nix repl -f flake:nixpkgs
|
||||||
|
|
||||||
|
clean:
|
||||||
|
# remove all generations older than 7 days
|
||||||
|
sudo nix profile wipe-history --profile /nix/var/nix/profiles/system --older-than 7d
|
||||||
|
|
||||||
|
gc:
|
||||||
|
# garbage collect all unused nix store entries
|
||||||
|
sudo nix-collect-garbage --delete-old
|
||||||
|
|
||||||
|
sops:
|
||||||
|
echo "Editing {{SOPS_FILE}}"
|
||||||
|
nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops {{SOPS_FILE}}"
|
||||||
|
|
||||||
|
age-key:
|
||||||
|
nix-shell -p age --run "age-keygen"
|
||||||
|
|
||||||
|
rekey:
|
||||||
|
cd ../nix-secrets && (\
|
||||||
|
sops updatekeys -y secrets.yaml && \
|
||||||
|
(pre-commit run --all-files || true) && \
|
||||||
|
git add -u && (git commit -m "chore: rekey" || true) && git push \
|
||||||
|
)
|
||||||
|
check-sops:
|
||||||
|
scripts/check-sops.sh
|
||||||
|
|
||||||
|
update-nix-secrets:
|
||||||
|
(cd ../nix-secrets && git fetch && git rebase) || true
|
||||||
|
nix flake lock --update-input nix-secrets
|
||||||
|
|
||||||
|
disko DRIVE PASSWORD:
|
||||||
|
echo "{{PASSWORD}}" > /tmp/disko-password
|
||||||
|
sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko -- \
|
||||||
|
--mode disko \
|
||||||
|
disks/btrfs-luks-impermanence-disko.nix \
|
||||||
|
--arg disk '"{{DRIVE}}"' \
|
||||||
|
--arg password '"{{PASSWORD}}"'
|
||||||
|
rm /tmp/disko-password
|
||||||
|
|
||||||
|
sync USER HOST:
|
||||||
|
rsync -av --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:nix-config/
|
||||||
|
|
||||||
|
sync-secrets USER HOST:
|
||||||
|
rsync -av --filter=':- .gitignore' -e "ssh -l {{USER}}" . {{USER}}@{{HOST}}:nix-secrets/
|
||||||
Loading…
Reference in New Issue