From 1ee07a5857dd40b9f838a076417f15ad28ad09f3 Mon Sep 17 00:00:00 2001 From: Lucas Chaim Date: Sat, 28 Sep 2024 23:13:40 -0300 Subject: [PATCH] feat: Add GitHub access token Also, it turns out home manager configurations do have access to the host configs when they aren't standalone. This is the first commit implementing that. --- modules/home/base/default.nix | 3 ++- modules/nixos/secrets/extraNixOptions/default.nix | 6 ++++++ secrets/default.yaml | 6 ++++-- 3 files changed, 12 insertions(+), 3 deletions(-) create mode 100644 modules/nixos/secrets/extraNixOptions/default.nix diff --git a/modules/home/base/default.nix b/modules/home/base/default.nix index fed805c..166bd1e 100644 --- a/modules/home/base/default.nix +++ b/modules/home/base/default.nix @@ -2,7 +2,7 @@ config, lib, ... -}: +} @ args: with lib; let inherit (lib.lpchaim) shared; inherit (lib.snowfall) fs; @@ -31,6 +31,7 @@ in { options = "--delete-older-than=7d"; }; nix.settings = shared.nix.settings; + nix.extraOptions = mkIf (args ? osConfig) args.osConfig.nix.extraOptions; systemd.user.startServices = "sd-switch"; }; } diff --git a/modules/nixos/secrets/extraNixOptions/default.nix b/modules/nixos/secrets/extraNixOptions/default.nix new file mode 100644 index 0000000..60f20b6 --- /dev/null +++ b/modules/nixos/secrets/extraNixOptions/default.nix @@ -0,0 +1,6 @@ +{config, ...}: { + sops.secrets."nix/extraAccessTokens".mode = "0440"; + nix.extraOptions = '' + !include ${config.sops.secrets."nix/extraAccessTokens".path} + ''; +} diff --git a/secrets/default.yaml b/secrets/default.yaml index 7463e39..df003fb 100644 --- a/secrets/default.yaml +++ b/secrets/default.yaml @@ -2,6 +2,8 @@ atuin: username: ENC[AES256_GCM,data:9cA9z/hkgA==,iv:V+lQ5cSrlbdcdWNbUELopnsFDdWxjvBV6EBvqFqZB/o=,tag:rT4VUx5iO5xL5wp8jYzjng==,type:str] password: ENC[AES256_GCM,data:4edw5Isf0XCLtyfyzyQ19aqTouePgVasQxoX84OMqD8vl6pYA/hK6LmCbRXWnZDvVmgKvfvSYaOfjzZpud4a21mEhTa32/24CGpjvn7oJujmiNQUxQHc8iz1/GxnTLYVWVay+wXK,iv:097d5cjMwb+xOvaAzMnWfUQWIR35M+MAmJZvyZii070=,tag:k2bCA5U4pJhLB3co8jI/Pg==,type:str] key: ENC[AES256_GCM,data:oPo5e02Dn0RR1jbfJXXivVK8X+FmxjZgItqJk3XaKFRUWS/CBvCAJE7Hiwz0F79MW48kIPQCXPV15yAtnfIddnowKPfSDkx+8JH6AeXGKohUpRMyN0SqGiLJneWVCz/YDPa/eKhs19zPsWZo/IC+ab1Y0W3CjAt+cxnsZpNQsDa3mdVFtrBF32bROvVuKrI=,iv:wnif68ePe/oQ2KXbhgxpoB4YRjR7pXVG/vqswY5RO8I=,tag:lr+EThqiBFVgPprKgZG1qw==,type:str] +nix: + extraAccessTokens: ENC[AES256_GCM,data:4y9B/wV5YiRHdHKCoRdVUxuRipe2VSBllisWUd0c1NPHak8dOOcYjemr01rIhlu2L2/gO30MCGm3lAAnd/jIca8DRAIq43vt+gE=,iv:fh6lOK1dbaCU2vvVxW5DtiDqJhXZ78RhwlC53vqUr6E=,tag:/KAlYhJKVsBSWdhL/EJ6pg==,type:str] password: ENC[AES256_GCM,data:yDYTXXnvBsVz70mW3qrany+3Mp9bboGCu8huU+g9NrvA0byPHAySxnuO1DIVV8dFSHLjOci7OKDAjtLyWF9YofrD6pfhNHxyHg==,iv:BbRfwswhd8yn+/g0Hyl0GXoZFOt08a+Tv+SLxbaqzl8=,tag:ZdQSaqeIPGGCu1XqvFWOAw==,type:str] tailscale: oauth: @@ -76,8 +78,8 @@ sops: d0tBMXZkQnpCenZHdW9SMUs0dUlsTWcKEgypYl2f9UteYvnNlyS30OG3wZXPUEt0 9rwMktnBaYvS8aekWw+zUy+WJZ3YtRDFm4fqykG12mvV1eAqq/Tq9Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-07T13:30:00Z" - mac: ENC[AES256_GCM,data:Q9aOcXMExsu+rKzyQkUGTIuPZBFi5goZXrz4VCrI161vuuXS2eYI3PvmrnbGBdvIvRxXcqguYnaWUzS3JWB9cb2yjd+4v48g1Mqk6KVx3sq3pu/kkirikH57rSpF6lvqyu3wbKJeqqTTZnjVw0hhLQPpVI5H83jDAx3NHKA1SqI=,iv:zYMx70s7spzjVf/PHR4YN5MCuoTtO8eNjBg7jBvZyHQ=,tag:gz7XvNiolCrWiuhWa/3OeA==,type:str] + lastmodified: "2024-09-28T15:34:06Z" + mac: ENC[AES256_GCM,data:vYvdgzvBEGN2p/mMdirv8jn30JXf+unMTjHD5IWHrGijXQVvCkAbGK0c54Y/90uDl9M7eCLzZUzMD0NIKuz+8cEOVW6TSvt8RxcCeCIIHEbp9SxgiYWU6CPGzpC+1dofqsyAPdfMXeszE7LkDD/DCmaA4E/zJVC0lPbsxtdP5QQ=,iv:sKjjXLkm430AuZ8oFiXSYwda26+bcq7WgMazfcKEnko=,tag:eStzVW7As3MJ+J+PYc78AQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0