talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Add decrypt k8s secret script.

Browse Source
This commit is contained in:
Tom Alexander 2025-02-09 20:24:13 -05:00
parent a663a90ada
commit c37d0d9b9e
Signed by: talexander
GPG Key ID: D3A179C9A53C0EDE
2 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
nix/configuration/roles/kubernetes/default.nix
View File

@ -28,6 +28,21 @@ let
alias_klog = pkgs.writeShellScriptBin "klog" '' alias_klog = pkgs.writeShellScriptBin "klog" ''
exec ${pkgs.kubectl}/bin/kubectl logs --all-containers "$@" exec ${pkgs.kubectl}/bin/kubectl logs --all-containers "$@"
''; '';
decrypt_k8s_secret =
(pkgs.writeScriptBin "decrypt_k8s_secret" (builtins.readFile ./files/decrypt_k8s_secret.bash))
.overrideAttrs
(old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
buildInputs = [ pkgs.makeWrapper ];
postBuild = ''
wrapProgram $out/bin/decrypt_k8s_secret --prefix PATH : ${
lib.makeBinPath [
pkgs.kubectl
pkgs.jq
]
}
'';
});
in in
{ {
imports = [ ]; imports = [ ];
@ -55,6 +70,7 @@ in
alias_kdel alias_kdel
alias_kd alias_kd
alias_klog alias_klog
decrypt_k8s_secret
]; ];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {

7
nix/configuration/roles/kubernetes/files/decrypt_k8s_secret.bash Normal file
View File

@ -0,0 +1,7 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
kubectl get secret -o json "${@}" | jq '.data[] |= @base64d | .data'