From fef786d317acbc5f81e0975ac5b0664e7022dcd2 Mon Sep 17 00:00:00 2001 From: imxyy_soope_ Date: Tue, 22 Jul 2025 17:32:34 +0800 Subject: [PATCH] feat(nix): github token --- modules/nix.nix | 9 +++++++++ secrets/nix-github-token.conf | 27 +++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 secrets/nix-github-token.conf diff --git a/modules/nix.nix b/modules/nix.nix index 8200a53..286fdda 100644 --- a/modules/nix.nix +++ b/modules/nix.nix @@ -3,6 +3,7 @@ config, lib, pkgs, + secrets, ... }: lib.my.makeSwitch { @@ -48,6 +49,14 @@ lib.my.makeSwitch { ]; }; + sops.secrets.nix-github-token = { + sopsFile = secrets.nix-github-token; + format = "binary"; + }; + nix.extraOptions = '' + !include ${config.sops.secrets.nix-github-token.path} + ''; + # uncomment to enable auto gc /* nix.gc = { diff --git a/secrets/nix-github-token.conf b/secrets/nix-github-token.conf new file mode 100644 index 0000000..c7458a4 --- /dev/null +++ b/secrets/nix-github-token.conf @@ -0,0 +1,27 @@ +{ + "data": "ENC[AES256_GCM,data:qSfqMFxikz62vn1V+RxswNkkwqyQQriu1uwtMp/D94MKc4eLL+nbXbL7y5KzR1/DndMQMfrqmJdLpyPEUHkJT5r5jzW/nWVr38blvw1aqyU7TZFOiE+hKnQOJmjY+3Aq4Hgs4pDNNWUdHlphkf1vhMNJ2feZyjPlbw==,iv:ANO9NAKltzSS1EpM8om+7fjOdLMkdw3oYqeGpis+vgE=,tag:JI6RHeNDQINLKUSijEyxbw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1jf5pg2x6ta8amj40xdy0stvcvrdlkwc2nrwtmkpymu0qclk0eg5qmm9kns", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJY2J3dEJpTnhhVHcwY2tR\nSUttdW9vVCtnVDlPSjY1RmgyaVBLU0haV0FFCkR4Z0lIT3pEclZwc0FvNnozNzVa\nY05SaHZYeXJsUmhLYWxLN2JFRzllWGMKLS0tIHdqK3Zwb2FtY3lPVUc3TUloMXpk\nWlpyWFpLZnRNVnRZeHVCTmcxd1dob1kKe8GkgjHfA7i0N+Uurf4blkoAKrIgqKFK\n3Oore9s6WepbA81eA+xAuozQGLbCISufcmePKa7S1UWTYdsWTW1Tfg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1hpgg6psejh4y6jcdd34wxuml75fnweqpe0kh8376yqsctsfn9qxs037kk6", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiNUxEWDJTUys1RnVrTW9x\nWDBQVitHV0tUSFdJTGZNUGVseHdOWFJ2NHcwCkxlT2xXUDZRUk5pUWNJdU9GUS9H\nNEtzdlVsckdscWZiQUZYL0RwWFd4SUUKLS0tIEF1NjZZNVVDdTc1ckpBRHNaSlQ2\nc1o4ZnFaWkpZL1d0MUtaWExTTWh5RjAKcR5TAybOqaYZBBZpm2OUcS919x1SBvuw\nH/1bgJTRLzzLeSgMRz0Uq/Gf4UPhcs25Um/Y6l4l5bNuqKNGhZEyzA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1r0fv0tagxupfacv0aaxk5ss7sqvswv6kq8tk3x46ndqrj6f5afvqegahxq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwUmJodXN4THBraGpsVytO\nTkpWNHpmTm1NVnFiand4aGdnKzdELzY4emhBCldZRVdWSHBmZ2hDZ2F3bWR6eVBs\ncUF2eEg1alpYaE5sOGN6SU1jOC8zU00KLS0tIE5FeG5MTW80dG5NSkc0Qzl4WElE\nSmFHcmFwcHNsN0hjOGJJNjhMK3pyL3cKZ9NscSDpi7gaRDPIZweq70YwHEp73Z3Q\nUby/vj/LUl3ellAKFWiMibuZ3TjdfZrjGfhxN1Hq4eN4zd3n5UbLnw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1tp7th3rrv3x0l6jl76n0hjqjp223w2y586pkgr0hcjwdm254jd5shkj6a8", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3WUNZZGQrY05SUDJ5ZUdM\nRnc0MUc3SW5pK1JkTW1HT1oraDJhV0pvNlhRCmdwNHpLSzFYaUVtR2U2dzREa3h4\nWGVpbElES2dKalk0aGZSY3VBKzFNRW8KLS0tIFU0RmVuUWZsU2w2eUJ0QTYvTU5U\nTEFBdElDYnRaWDdkUE5HVUJ4Yy9nczAKAClAVe5wDhv3Ibt9auzTW1Jd8lej59uh\nSIC9MicNIm8Vkbc8MflGW07wkFWZE84KXw2eoP0e0vdHSWxP99hchg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-07-22T09:31:55Z", + "mac": "ENC[AES256_GCM,data:fm3hg9bCZP71zLnOYCRofWAB2ohIVIW+2M5QgzkmaO7pnnXHtsnCXrtOiNn5nM/p9Sx29o9reL3iAzMiD5gWT2crnSVu5dWglbpp1HGHnGCycxmCRcQcXuUWWAHNl0+HGBMOW9Bh8gxug9Hhs0eRPYhAMoqFCyiCtlpJT/dROHQ=,iv:2cSLRaa1MKlZvHaXt9Mz5houkBVHaehlxiqbSN4nhNE=,tag:Vhi9ObK6uYA9Dh68+gMe8A==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +}