From 79af6f5c2d51f3184d4b475fa79e5f57d5e4773e Mon Sep 17 00:00:00 2001
From: Joey Hafner <joey@jafner.net>
Date: Fri, 23 Aug 2024 18:09:27 -0700
Subject: [PATCH] #3 Remove superfluous lines from filter scripts, switch sops
 creation rules to apply to all

---
 .sops.yaml              |  2 +-
 .sops/decrypt-filter.sh |  3 ---
 .sops/encrypt-filter.sh | 13 +++----------
 3 files changed, 4 insertions(+), 14 deletions(-)

diff --git a/.sops.yaml b/.sops.yaml
index 0b512eac..da6373cb 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,5 +1,5 @@
 creation_rules:
-  - path_regex: secrets.env
+  - path_regex: .*
     shamir_threshold: 2
     key_groups:
       - age: # Author keys
diff --git a/.sops/decrypt-filter.sh b/.sops/decrypt-filter.sh
index 11c20245..46d6a088 100644
--- a/.sops/decrypt-filter.sh
+++ b/.sops/decrypt-filter.sh
@@ -3,9 +3,6 @@
 # Takes encrypted file contents from /dev/stdin
 # Outputs to stdout
 
-SOPS_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd)
-REPO_ROOT=$(realpath "$SOPS_DIR/../../")
-
 if [[ -f $HOME/.age/key ]]; then
     export SOPS_AGE_KEY_FILE=$HOME/.age/key
 else
diff --git a/.sops/encrypt-filter.sh b/.sops/encrypt-filter.sh
index 87effb5d..f9d76aee 100644
--- a/.sops/encrypt-filter.sh
+++ b/.sops/encrypt-filter.sh
@@ -3,19 +3,12 @@
 # Takes file contents from stdin
 # Outputs to stdout
 
-# Set up directory variables and default age recipients
-SOPS_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd)
-SOPS_AGE_RECIPIENTS="$(<$SOPS_DIR/age-author-pubkeys)"
-HOST_AGE_PUBKEY_PATH="$(echo $1 | cut -d'/' -f -2)/.age-pubkey"
-if [[ -f "$HOST_AGE_PUBKEY_PATH" ]]; then
-    SOPS_AGE_RECIPIENTS="$SOPS_AGE_RECIPIENTS,$(<$HOST_AGE_PUBKEY_PATH)"
-fi
-
 if [[ -f $HOME/.age/key ]]; then
     export SOPS_AGE_KEY_FILE=$HOME/.age/key
 else
     echo "SOPS_AGE_KEY_FILE not found at $HOME/.age/key"
     echo "Cannot encrypt secrets."
+    exit 1
 fi
 
 # Set input/output type
@@ -33,7 +26,7 @@ case $FILE_EXT in
 esac
 
 if [[ -z ${FILE_TYPE+x} ]]; then
-    sops --encrypt --age ${SOPS_AGE_RECIPIENTS} /dev/stdin
+    sops --encrypt --config ../.sops.yaml /dev/stdin
 else
-    sops --encrypt --input-type $FILE_TYPE --output-type $FILE_TYPE --age ${SOPS_AGE_RECIPIENTS} /dev/stdin
+    sops --encrypt --config ../.sops.yaml --input-type $FILE_TYPE --output-type json /dev/stdin
 fi
\ No newline at end of file