oysteikt/nix-dotfiles
1
2
Fork 0
Code Issues 142 Pull Requests Activity

{common,home}/nix: finegrained tokens

Browse Source
This commit is contained in:
Oystein Kristoffer Tveit
2025-05-06 13:05:11 +02:00
parent 045ca620ea
commit 150089a583
3 changed files with 48 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
home/programs/nix.nix
View File

@@ -1,15 +1,32 @@
{ config, ... }:
{ config, lib, ... }:
{
sops = {
secrets = {
"nix/access-tokens/github" = { sopsFile = ../../secrets/common.yaml; };
"nix/access-tokens/pvv-git" = { sopsFile = ../../secrets/common.yaml; };
"nix/access-tokens/github" = { sopsFile = ./../../secrets/common.yaml; };
"nix/access-tokens/pvv-git" = { sopsFile = ./../../secrets/common.yaml; };
"nix/access-tokens/github-nordicsemi" = { sopsFile = ./../../secrets/common.yaml; };
"nix/access-tokens/bitbucket-nordicsemi" = { sopsFile = ./../../secrets/common.yaml; };
};
templates."nix-access-tokens.conf".content = let
inherit (config.sops) placeholder;
in ''
access-tokens = github.com=${placeholder."nix/access-tokens/github"} git.pvv.ntnu.no=${placeholder."nix/access-tokens/pvv-git"}
'';
tokens = {
"github.com" = placeholder."nix/access-tokens/github";
"git.pvv.ntnu.no" = placeholder."nix/access-tokens/pvv-git";
"bitbucket.nordicsemi.no" = placeholder."nix/access-tokens/bitbucket-nordicsemi";
"github.com/NordicPlayground" = placeholder."nix/access-tokens/github-nordicsemi";
"github.com/NordicSemiconductor" = placeholder."nix/access-tokens/github-nordicsemi";
};
in "access-tokens = ${lib.pipe tokens [
lib.attrsToList
(builtins.sort (p: q: p.name > q.name))
(map ({ name, value }: "${name}=${value}"))
(builtins.concatStringsSep " ")
]}";
};
nix = {