Manage public SSH files as "extra-etc-file" instead of like a secret

1 files changed, 7 insertions, 13 deletions

diff --git a/Makefile b/Makefile
index 08931fb..c39eb5b 100644
--- a/Makefile
+++ b/Makefile
@@ -5,18 +5,21 @@
 all: result
 
 
-result: ALWAYS
+result: ALWAYS src/infrastructure/keys/SSH/root@euandre.org.id_rsa.pub.stripped
 	rm -f result-next
 	guix system -v3 -r result-next build src/infrastructure/guix/system.scm
 	rm -f result
 	mv result-next result
 
+src/infrastructure/keys/SSH/root@euandre.org.id_rsa.pub.stripped: \
+		src/infrastructure/keys/SSH/root@euandre.org.id_rsa.pub.txt
+	cut -d' ' -f6- < $(@D)/`basename $@ .stripped`.txt > $@
+
 
 check:
 
 clean:
 	rm -rf \
-		src/secrets/*.txt src/infrastructure/keys/SSH/*.stripped       \
 		result result-next                                             \
 
 
@@ -43,22 +46,13 @@ $(repo-secrets):
 	gpg -aer eu@euandre.org < $(@D)/`basename $@ .gpg` > $@
 
 
-public-ssh = src/infrastructure/keys/SSH/root@euandre.org.id_rsa.pub
-$(public-ssh).stripped: $(public-ssh).txt
-	cut -d' ' -f6- < $(public-ssh).txt > $@
-
-
-upload-secrets: $(prod-secrets.txt) $(public-ssh).stripped \
-		src/infrastructure/keys/known_hosts.txt
+upload-secrets: $(prod-secrets.txt)
 	ssh euandre.org sudo -u secrets-keeper 'rm -f /opt/secrets/*'
 	rsync \
 		--rsync-path='sudo -u secrets-keeper rsync' \
 		--chmod=000                                 \
 		-avzP                                       \
-		$(prod-secrets.txt)                         \
-		$(public-ssh).stripped                      \
-		src/infrastructure/keys/known_hosts.txt     \
-		euandre.org:/opt/secrets/
+		$(prod-secrets.txt) euandre.org:/opt/secrets/
 
 
 ## Generate the ".ssh/authorized_keys" file and upload