SOPS_FILE := "../nix-secrets/secrets.yaml"

# default recipe to display help information
default:
  @just --list

# fetches from remote and updates flake.lock with latest revisions of nix-secrets for next time a rebuild occurs
update-flake-secrets:
  (cd ../nix-secrets && git fetch && git rebase) || true
  nix flake lock --update-input nix-secrets

# full system rebuild from flake (stages changes and automatically detects host)
rebuild-system:
  git add *.nix
  sudo nixos-rebuild switch --flake .#$(hostname)

# updates all flake inputs for system
update-flake:
  nix flake update

# edit sops file
edit-sops:
  echo "Editing {{SOPS_FILE}}"
  nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops {{SOPS_FILE}}"

# update keys in secrets.yaml and push to remote
update-sops-secrets:
  cd $HOME/nix-secrets && (\
    nix-shell -p sops --run "sops updatekeys -y secrets.yaml" && \
    git add -u && (git commit -m "updated secrets" || true) && git push \
  )