{common,home}/nix: use sops templates for access tokens
This commit is contained in:
parent
f8a11ae4fb
commit
bcf29eb442
@ -94,14 +94,22 @@ in {
|
||||
sops.defaultSopsFile = ../secrets/home.yaml;
|
||||
sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519_home_sops" ];
|
||||
|
||||
sops.secrets."nix/access-tokens" = {
|
||||
sopsFile = ../secrets/common.yaml;
|
||||
sops = {
|
||||
secrets = {
|
||||
"nix/access-tokens/github" = { sopsFile = ../secrets/common.yaml; };
|
||||
"nix/access-tokens/pvv-git" = { sopsFile = ../secrets/common.yaml; };
|
||||
};
|
||||
templates."nix-access-tokens.conf".content = let
|
||||
inherit (config.sops) placeholder;
|
||||
in ''
|
||||
access-tokens = github.com=${placeholder."nix/access-tokens/github"} git.pvv.ntnu.no=${placeholder."nix/access-tokens/pvv-git"}
|
||||
'';
|
||||
};
|
||||
|
||||
nix = {
|
||||
settings.use-xdg-base-directories = true;
|
||||
extraOptions = ''
|
||||
!include ${config.sops.secrets."nix/access-tokens".path}
|
||||
!include ${config.sops.templates."nix-access-tokens.conf".path}
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -6,8 +6,16 @@
|
||||
./nix-builders/tsuki.nix
|
||||
];
|
||||
|
||||
sops.secrets = {
|
||||
"nix/access-tokens" = { sopsFile = ./../../secrets/common.yaml; };
|
||||
sops = {
|
||||
secrets = {
|
||||
"nix/access-tokens/github" = { sopsFile = ./../../secrets/common.yaml; };
|
||||
"nix/access-tokens/pvv-git" = { sopsFile = ./../../secrets/common.yaml; };
|
||||
};
|
||||
templates."nix-access-tokens.conf".content = let
|
||||
inherit (config.sops) placeholder;
|
||||
in ''
|
||||
access-tokens = github.com=${placeholder."nix/access-tokens/github"} git.pvv.ntnu.no=${placeholder."nix/access-tokens/pvv-git"}
|
||||
'';
|
||||
};
|
||||
|
||||
nix = {
|
||||
@ -28,7 +36,7 @@
|
||||
};
|
||||
|
||||
extraOptions = ''
|
||||
!include ${config.sops.secrets."nix/access-tokens".path}
|
||||
!include ${config.sops.templates."nix-access-tokens.conf".path}
|
||||
'';
|
||||
|
||||
optimise.automatic = true;
|
||||
|
@ -1,5 +1,7 @@
|
||||
nix:
|
||||
access-tokens: ENC[AES256_GCM,data:I2wXlh6XQL89k3Fko4uNvgxU26qKvRjTwq6dQXytW8tId51WRaHGs1qqEyxiVnwtpjXWcD4/5iAip/oSEyQzlR1zhTu01QwgeHYI6kxzyJDFGg4IbYZ6ReWy5RYIh8jji0+hfVzuLenmZLY365DjGAwg+z5KXDy2tKm4zEL8c+Pbv4Wt6LGQdYS74/xrc0KqPGNRMz/T/EALradx9T9+gdgnLBAPGfJV130fBbQijDuaCw==,iv:enw8eyh0yuqTyVucXCrQ+zSbNEaOrlTPqec8brUNA6M=,tag:pL4vYTE6lLKLjD10mVeAXw==,type:str]
|
||||
access-tokens:
|
||||
github: ENC[AES256_GCM,data:reARhNXlxTugP0dRS+PjMUOIYUDzlD7CW7If4F26uM9PEO+6N+KvT0MyuI/eSMaX+bEKWfi+HaZ/SyLw1Pjvretzot9lVqFWG7OrLE4iT+1WCccmwtvbc5Ppl+i2,iv:9pCveUmjl4nKCaLzo+Ybfi6rpzKCxGNRbyRUWUpTNkg=,tag:LT9zUc5C4hqcsVQE+Bfnjw==,type:str]
|
||||
pvv-git: ENC[AES256_GCM,data:fp8utMv7PLrz8LkDvvG7GVY4SiDFOgX8YF1M/hpZyGj9H6pDDvtOTw==,iv:FJmw6Tq81IECxQaJZc9u5gxIWse3OvCF7x7dmJ+m4pg=,tag:hdrsJtFhaj5W5PYTUDRx+g==,type:str]
|
||||
wstunnel:
|
||||
http-upgrade-path-prefix: ENC[AES256_GCM,data:3WG+fu+XXFDgHuEEosWtZKMj51Ks1QIdgWRRsX6RVre8+0t7/4bICoVYtaMSWwMAjH03tt5i1Af1orlKT72gvQ==,iv:syXhMVHwWf9H+HHBhNDq1Y1df9t6VitqhPEqruTnBRA=,tag:1RNmL50z6v4X/cVxkAAvew==,type:str]
|
||||
ssh:
|
||||
@ -74,8 +76,8 @@ sops:
|
||||
blkrc0locjd0eENvcnVmVW8zaStSODQK5icytb3Ae6BmoU3Sz6yp7aAj/CtmHIS0
|
||||
27xAjcGnnDmpVwo1NgjOgF1wZfmVA6II393E3KNNVs4pGeesS5C0VA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-11-25T09:09:38Z"
|
||||
mac: ENC[AES256_GCM,data:virqHg0KoyhLVP9yynReVwSGhTBWz2mO5uBRXqzae7plALvRS+mzErfR+h63bX4TF/iLxQ/pJZb+KqQugweWEon9cycIyoKfRaIqaIZ4t8SnVWmDt6xEebkZC4JT7FD9xf27YTzxnamyINRdiCirTfJOeF4PKEow0EjH0WoS1DQ=,iv:giJ6JOXJQInavkdZbkDABG66B45ciNTetGHcwcz73dA=,tag:rvCbdxNFwoYjGuFi/YwI2Q==,type:str]
|
||||
lastmodified: "2025-03-13T14:05:53Z"
|
||||
mac: ENC[AES256_GCM,data:ftoKk3mBVdRn16HGEq5kklw0/RTWpyjneBT2PJUUaGy4u0fWJy8ZfcIcoG+2WekiSFwWBab4kcFHr5KfXX+XEn1Y2brdcirCXr2PdrmccGxyvSiEy/C6OUrB9KiFqpf4tmx3IbYimlxBSE5uQStQATdGWu7cM+hsrW9j5wzWlUU=,iv:jmJHVMZqyf7xTFry76ywN2Yt++2sG/mWsBvaLONGoM4=,tag:19C+PS8tTRVUaqrlQnoDeQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-12-04T17:04:12Z"
|
||||
enc: |-
|
||||
@ -98,4 +100,4 @@ sops:
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
version: 3.9.4
|
||||
|
Loading…
x
Reference in New Issue
Block a user