Makefile: Add "upload-secrets" target, and include borg-passphrase.txt in it

author: EuAndreh <eu@euandre.org> 2023-03-12 20:09:36 -0300
committer: EuAndreh <eu@euandre.org> 2023-03-12 20:09:36 -0300
commit: d0d1fffee8dc94c53f4841dacf8b6bbdc99ee58a (patch)
tree: b3ecc5210e9f2dc4ae82539b140a5e1694c7f04a /Makefile
parent: system.scm: Use generic title for CGit root-title (diff)
download: server-d0d1fffee8dc94c53f4841dacf8b6bbdc99ee58a.tar.gz
server-d0d1fffee8dc94c53f4841dacf8b6bbdc99ee58a.tar.xz
1 files changed, 22 insertions, 0 deletions
diff --git a/Makefile b/Makefile
index 53be13d..1e98bc7 100644
--- a/Makefile
+++ b/Makefile
@@ -12,6 +12,28 @@ clean:
 public:
 
 
+secrets.txt.gpg = \
+	src/secrets/borg-passphrase.txt.gpg
+secrets.txt = $(secrets.txt.gpg:.gpg=)
+
+
+.SUFFIXES: .gpg
+
+.gpg:
+	gpg -d < $< > $@
+
+$(secrets.txt.gpg):
+	gpg -aer eu@euandre.org < $(@D)/`basename $@ .gpg` > $@
+
+upload-secrets: $(secrets.txt)
+	ssh euandre.org sudo -u secrets-keeper 'rm -f /opt/secrets/*'
+	rsync \
+		--rsync-path='sudo -u secrets-keeper rsync' \
+		--chmod=000                                 \
+		-avzP                                       \
+		$(secrets.txt) euandre.org:/opt/secrets/
+
+
 ## Generate the ".ssh/authorized_keys" file and upload
 ## it to rsync.net.
 upload-keys:
author	EuAndreh <eu@euandre.org>	2023-03-12 20:09:36 -0300
committer	EuAndreh <eu@euandre.org>	2023-03-12 20:09:36 -0300
commit	d0d1fffee8dc94c53f4841dacf8b6bbdc99ee58a (patch)
tree	b3ecc5210e9f2dc4ae82539b140a5e1694c7f04a /Makefile
parent	system.scm: Use generic title for CGit root-title (diff)
download	server-d0d1fffee8dc94c53f4841dacf8b6bbdc99ee58a.tar.gz server-d0d1fffee8dc94c53f4841dacf8b6bbdc99ee58a.tar.xz