phaer’s gists

phaer / make-disko-image-with-secrets.sh

Last active April 24, 2025 14:23

Given a hostname of a host, this uses "clan secrets" to copy the identity key for sops-nix into a disk image built outside the nix store

	#!/usr/bin/env bash
	# Given a hostname of a host, this uses "clan secrets" to copy the age identity key for
	# sops-nix into a disk image built outside the nix store.
	# The file will be owned root:root with u+rw perms inside the vm, but will still only
	# be as secure as the disk image is, as it contains the age identity key unencrypted.
	# This can still be very useful to build ready-to-boot appliances which can already
	# non-interactively, access secrets on first-boot.

	set -eu

phaer / image diffs.md

Last active November 26, 2024 13:32

amazon

- result/master/amazon:{out}
+ result/new/amazon:{out}
• The set of input derivation names do not match:
    - nixos-system-unnamed-25.05pre-git
    + nixos-system-unnamed-amazon-25.05pre-git
• The input derivation named `closure-info` differs

phaer / passage-to-bitwarden.py

Created December 11, 2023 12:22

	import json
	import uuid
	import subprocess
	from pathlib import Path

	age_identity = Path("~/.passage/identities").expanduser()
	store_dir = Path("~/.passage/store").expanduser()

	folders = []
	items = []

phaer / build.sh

Last active April 12, 2023 11:54

dream2nix v1 api without flakes

	$(nix-build -A packages.odoo.config.lock.refresh --no-out-link)/bin/refresh
	nix-build -A packages.odoo

phaer / parse-currentTime.nix

Created March 15, 2023 23:09

parse-currentTime.nix

	# https://stackoverflow.com/questions/7136385/calculate-day-number-from-an-unix-timestamp-in-a-math-way
	# https://howardhinnant.github.io/date_algorithms.html#civil_from_days
	let
	t = builtins.currentTime;
	z = t / 86400 + 719468;
	era = (if z >= 0 then z else z - 146096) / 146097;
	doe = (z - era * 146097);
	y' = (yoe) + era * 400;
	doy = doe - (365 * yoe + yoe / 4 - yoe / 100);
	yoe = (doe - doe / 1460 + doe / 36524 - doe / 146096) / 365;

phaer / writeScript.nix

Created December 5, 2022 21:38

nix: writeScript without stdenv

	{ name ? "hello"
	, text ? "echo 'Hello World'"
	, pkgs ? import <nixpkgs> {}
	}:
	builtins.derivation {
	inherit name;
	inherit (pkgs) system;
	builder = "${pkgs.busybox}/bin/busybox";
	args = [
	"sh"

phaer / fetch-from-store.sh

Created August 13, 2022 09:21

Fetch a file from a nix binary cache via HTTP, given its store path

	#!/usr/bin/env bash
	# TODO: run in nix shell gitlab:abstract-binary/nix-nar-rs, nix-shell does not support
	# flakes, nix shell no shebangs atm.

	STORE_PATH="/nix/store/4q7ij8ivy09vbhini8j0gzd7f77z0bwn-disk-image"
	FILE_NAME="nixos.root.qcow2"
	CACHE_URL="https://nix-dabei.cachix.org"

	HASH="$(echo "$STORE_PATH" \| sed 's\|^/nix/store/$[^-]$-.$\|\1\|')"
	NAR_INFO_URL="$CACHE_URL/$HASH.narinfo"

phaer / secrets.nix

Last active January 14, 2022 09:47

nixos-secret-templates

	{ pkgs, lib, config, ... }:
	let
	cfg = config.my.secrets;
	makeSecretServiceUnit = name: value:
	lib.nameValuePair "secret-${value.secret}" {
	description = "template for secret ${value.secret}";
	serviceConfig = {
	Type = "oneshot";
	RemainAfterExit = true;
	};

phaer / org-metadata.py

Created January 3, 2021 12:42

Workaround for pandocs org-parser not handling generic multi-line metadata keys.

	#!/usr/bin/env python3
	"""
	Pandocs Org-Parser does not handle generic multi-line metadata keys. Only
	their last line ends up in the AST and so this can't be solved (easily) with
	lua filters.

	We use python to extract org metadata keys before the first non-metadata line
	and output them in YAML for use with pandoc's --metadata-file. E.g.

	#+TITLE: Letter

phaer / convert.py

Created August 15, 2018 03:47

kubernetes open api to hcl2 spec

	import sys
	import json
	from collections import OrderedDict
	from contextlib import contextmanager


	def resolve_json_pointer(spec, reference):
	prefix, definitions, name = reference.split('/')
	return spec.get(definitions).get(name)

Paul Haerle phaer