feat: added sops and ai apikeys, to home config

2025-08-24 14:09:17 +02:00
parent ac07c95fea
commit 3489b7fe17
7 changed files with 617 additions and 601 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -57,9 +57,9 @@
            home-manager.users.gunalx = import ./home/gunalx.nix;
            home-manager.backupFileExtension = "bac";
            home-manager.extraSpecialArgs = { inherit nix-colors inputs; };
-	    home-manager.sharedModules = [
-    	        inputs.sops-nix.homeManagerModules.sops
-	      ];
+            home-manager.sharedModules = [
+              inputs.sops-nix.homeManagerModules.sops
+            ];
          }

          sops-nix.nixosModules.sops
--- a/home/bash.nix
+++ b/home/bash.nix
@@ -5,29 +5,16 @@
  inputs,
  ...
 }:
-let
-#secrets = config.sops.secrets; 
-in
 {
-
-#imports = [
-#../secrets/sopsconf.nix
-#];
-# 
-#
-#secrets = {
-#      "ai/openai" = { };
-#      "ai/fireworks" = { };
-#      "ai/cerebras" = { };
-#      "ai/groq" = { };
-#      "ai/mistral" = { };
-#      "ai/aistudio" = { };
-#    };
-
-
-
-
- programs.bash = {
+  sops.secrets = {
+    "ai/openai" = { };
+    "ai/fireworks" = { };
+    "ai/cerebras" = { };
+    "ai/groq" = { };
+    "ai/mistral" = { };
+    "ai/aistudio" = { };
+  };
+  programs.bash = {
    enable = true;
    shellAliases = {
      "rebuild" =
@@ -50,14 +37,15 @@ in
      "neofetch" = "fastfetch";
      "htop" = "btm";
    };
-#    sessionVariables = {
-#      OPENAI_API_KEY = "$(cat ${config.sops.secrets."ai/openai".path})";
-#      FIREWORKS_API_KEY = "$(cat ${config.sops.secrets."ai/fireworks".path})";
-#      CEREBRAS_API_KEY = "$(cat ${config.sops.secrets."ai/cerebras".path})";
-#      GROQ_API_KEY = "$(cat ${config.sops.secrets."ai/groq".path})";
-#      MISTRAL_API_KEY = "$(cat ${config.sops.secrets."ai/mistral".path})";
-#      AISTUDIO_API_KEY = "$(cat ${config.sops.secrets."ai/aistudio".path})";
-#    };	
+    bashrcExtra = ''
+      # Export AI API keys from decrypted sops-nix secrets
+      export OPENAI_API_KEY="$(cat ${config.sops.secrets."ai/openai".path})"
+      export FIREWORKS_API_KEY="$(cat ${config.sops.secrets."ai/fireworks".path})"
+      export CEREBRAS_API_KEY="$(cat ${config.sops.secrets."ai/cerebras".path})"
+      export GROQ_API_KEY="$(cat ${config.sops.secrets."ai/groq".path})"
+      export MISTRAL_API_KEY="$(cat ${config.sops.secrets."ai/mistral".path})"
+      export AISTUDIO_API_KEY="$(cat ${config.sops.secrets."ai/aistudio".path})"
+    '';
    historyControl = [
      "ignoredups"
      "ignorespace"
--- a/home/gunalx.nix
+++ b/home/gunalx.nix
@@ -1,4 +1,9 @@
-{ pkgs, lib, ... }:
+{
+  pkgs,
+  lib,
+  inputs,
+  ...
+}:
 {
  imports = [
    ./sshconfig.nix
@@ -20,6 +25,9 @@
    ./foot.nix
    #./fcitx5.nix

+    #secrets
+    inputs.sops-nix.homeManagerModules.sops
+    ./sops.nix
  ];

  programs.nix-index = {
--- a/home/niri.nix
+++ b/home/niri.nix
--- a/home/sops.nix
+++ b/home/sops.nix
@@ -0,0 +1,14 @@
+{ config, pkgs, ... }:
+{
+  sops = {
+    defaultSopsFile = ../secrets/secrets.yaml;
+    validateSopsFiles = false;
+    age.sshKeyPaths = [
+      "/home/gunalx/.ssh/nixos"
+    ];
+    age.keyFile = "/home/gunalx/.config/sops/age/key.txt";
+    age.generateKey = true;
+    # This is the actual specification of the secrets.
+    #secrets."myservice/my_subdir/my_secret" = {};
+  };
+}
--- a/hosts/legolas/configuration.nix
+++ b/hosts/legolas/configuration.nix
@@ -33,7 +33,11 @@

  # Enable the X11 windowing system.
  services.xserver.enable = true;
-  services.xserver.videoDrivers = [ "intel" "modesetting" "fbdev" ];
+  services.xserver.videoDrivers = [
+    "intel"
+    "modesetting"
+    "fbdev"
+  ];

  services.libinput.enable = true;

@@ -48,6 +52,9 @@
    firefox
    fuzzel
    niri
+
+    nixfmt-rfc-style
+    nixfmt-tree
  ];

  # Some programs need SUID wrappers, can be configured further or are
--- a/secrets/sopsconf.nix
+++ b/secrets/sopsconf.nix
@@ -1,4 +1,3 @@
-
 { config, pkgs, ... }:
 {
  # This will add secrets.yaml to the nix store