From 7a56328fadadf9174c30a358cf2aeaf3a314bc59 Mon Sep 17 00:00:00 2001
From: Michel Fedde <git@iedsoftworks.com>
Date: Sat, 27 Sep 2025 15:23:22 +0200
Subject: [PATCH] Adds hooks for secrets

---
 .../applications/01-LoadSecrets.sh            | 12 +-------
 .config/yadm/hooks/post_commit                | 13 +++++++++
 .config/yadm/hooks/post_pull                  | 28 +++++++++++++++++++
 .config/yadm/hooks/post_push                  |  8 ++++++
 4 files changed, 50 insertions(+), 11 deletions(-)
 create mode 100755 .config/yadm/hooks/post_commit
 create mode 100755 .config/yadm/hooks/post_pull
 create mode 100644 .config/yadm/hooks/post_push

diff --git a/.config/yadm/bootstrap.v2/applications/01-LoadSecrets.sh b/.config/yadm/bootstrap.v2/applications/01-LoadSecrets.sh
index 082e141..9558701 100755
--- a/.config/yadm/bootstrap.v2/applications/01-LoadSecrets.sh
+++ b/.config/yadm/bootstrap.v2/applications/01-LoadSecrets.sh
@@ -6,10 +6,6 @@ loadSecretsRepo() {
   configFile="$HOME/.ssh/config"
 
   if [[ -d "$secretsFolderPath/.git" ]]; then
-    (
-      cd "$secretsFolderPath"
-      git pull --ff-only
-    )
     return 0
   fi
 
@@ -24,13 +20,7 @@ loadSecretsRepo() {
   fi
 
   git clone "$secretsGitPath" "$secretsFolderPath"
-}
-
-loadSecrets() {
-  secretsFolderPath="$HOME/.local/share/secrets"
-
-  loadSecretsRepo
   "$secretsFolderPath/deploy.sh"
 }
 
-addActions loadSecrets
+addActions loadSecretsRepo
diff --git a/.config/yadm/hooks/post_commit b/.config/yadm/hooks/post_commit
new file mode 100755
index 0000000..67a6547
--- /dev/null
+++ b/.config/yadm/hooks/post_commit
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+handleSecretChanges() {
+  secretsFolderPath="$HOME/.local/share/secrets"
+
+  message=$(yadm log -1 --format="%s")
+  hash=$(yadm rev-parse HEAD)
+
+  git --git-dir "$secretsFolderPath/.git" --work-tree "$secretsFolderPath" add .
+  git --git-dir "$secretsFolderPath/.git" --work-tree "$secretsFolderPath" commit -m "$message" -m "Issued from YADM by commit '$hash'"
+}
+
+handleSecretChanges
diff --git a/.config/yadm/hooks/post_pull b/.config/yadm/hooks/post_pull
new file mode 100755
index 0000000..124917f
--- /dev/null
+++ b/.config/yadm/hooks/post_pull
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+loadSecretsRepo() {
+  secretsGitPath="ssh://secrets-git-host/neintonine/yadm-config-secrets.git"
+  secretsFolderPath="$HOME/.local/share/secrets"
+  configFile="$HOME/.ssh/config"
+
+  if [[ -d "$secretsFolderPath/.git" ]]; then
+    git --git-dir "$secretsFolderPath/.git" --work-tree "$secretsFolderPath" pull --ff-only
+    return 0
+  fi
+
+  if [[ ! -f "$configFile" ]]; then
+    echo "Can't find the ssh config file!"
+    return 1
+  fi
+
+  if ! grep "Host secrets-git-host" "$configFile" >/dev/null; then
+    echo "Can't find secrets-git-host config"
+    return 1
+  fi
+
+  git clone "$secretsGitPath" "$secretsFolderPath"
+}
+
+echo "# Updating secrets"
+loadSecretsRepo
+"$secretsFolderPath/deploy.sh"
diff --git a/.config/yadm/hooks/post_push b/.config/yadm/hooks/post_push
new file mode 100644
index 0000000..1a90b4b
--- /dev/null
+++ b/.config/yadm/hooks/post_push
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+handleSecretChanges() {
+  secretsFolderPath="$HOME/.local/share/secrets"
+
+  git --git-dir "$secretsFolderPath/.git" --work-tree "$secretsFolderPath" push }
+
+handleSecretChanges