diff --git a/reference/hosts/callisto/default.nix b/reference/hosts/callisto/default.nix index 1c6fd35..f72086c 100644 --- a/reference/hosts/callisto/default.nix +++ b/reference/hosts/callisto/default.nix @@ -7,6 +7,8 @@ imports = [ ./configuration.nix + ../../modules + ../../secrets self.nixosModules.liminalOS { home-manager.users.youwen = { diff --git a/reference/hosts/demeter/default.nix b/reference/hosts/demeter/default.nix index 5d89278..50ef0cf 100644 --- a/reference/hosts/demeter/default.nix +++ b/reference/hosts/demeter/default.nix @@ -7,7 +7,9 @@ imports = [ ./configuration.nix + ../../modules ../../secrets + ../../users/youwen/nixos.nix self.nixosModules.liminalOS { home-manager.users.youwen = { diff --git a/reference/modules/default.nix b/reference/modules/default.nix new file mode 100644 index 0000000..fbe70a8 --- /dev/null +++ b/reference/modules/default.nix @@ -0,0 +1,6 @@ +{ config, ... }: +{ + nix.extraOptions = '' + !include ${config.age.secrets.nix_config_github_pat.path} + ''; +} diff --git a/reference/secrets/default.nix b/reference/secrets/default.nix index fd59188..f4cdc4f 100644 --- a/reference/secrets/default.nix +++ b/reference/secrets/default.nix @@ -31,5 +31,11 @@ mode = "600"; path = "/home/youwen/.config/gh/hosts.yml"; }; + nix_config_github_pat = { + file = ./nix_config_github_pat.age; + owner = "youwen"; + group = "users"; + mode = "0440"; + }; }; } diff --git a/reference/secrets/nix_config_github_pat.age b/reference/secrets/nix_config_github_pat.age new file mode 100644 index 0000000..f3762bf --- /dev/null +++ b/reference/secrets/nix_config_github_pat.age @@ -0,0 +1,27 @@ +age-encryption.org/v1 +-> ssh-rsa 4p6DaQ +bQrpj5stBmy83Fk3M0sIno+WvcuNcc45JBUjlodontzHOig5ZduC26G8HXuegMVV +RWgv2Go/S2Rpbyq+u+l8acDmWfNRQyhpi20d+Erei4pYIBP0NvRntdCUDqcJNlI5 +pFr6QbnUC6GI+zqobaRVJ3bg9DsNDb/HZHIkmZjLvO6uD2muAdLY9UdOQh0O/bKm +1ZBAiBdtT3gZ2TWGk25XpCe+2If+aTsEHDBGOtjsofcaQgNG/+GEvpwSFopX80Nm +IrfS9DB+bm0WHt6gh/5wRpyYteIv7+Bd/M3pa00OYXbWDjFBmulXGb8UQ4RNJiJz +7ETRMHe50NTqxyOZC0iJ6GIr7zEbbpwEM5BCoat8R4VPZs5zJ8OUG2G0QfwD29nA +TlHVZT2wJP4xrjdmS9wUofLknRsEFxNWEjenibhrCSz837RS+z/Pvi4/+PTVwpQs +afQRK27wbMZpFkfxaZz5q6Xn+qWCFh8H8X0Ke78ycm4LvC0wjTR0DE705JC6F67c + +-> ssh-rsa pv6HEg +aKV2D6LoyPgaHnCQxsRDZ7dz1wuyz6VCNocsdZluwxwuO3z+SFhrc/4gg4iL6iMF +ENr2MznrXddXBWdhap9L6RmJt4YbjSolxBmI/cHwCmFGZEeAPsOjX21bdCCHB7D9 +8lf0Fqjs4D1SC5djPqTFQJV8AIvkdsTF53bf9ZnN1s28Tpvvx/x4kwhiqR9v7DGc +gi4K0ClBW711+wvzzkPAnn0oklYrbcuZNGwTW7t8TG+hmF2o0aHB1kJ4ngMn6LUb +E5WlIy3ykYlGCd0sfognRYIrQwjqq4VQACmnQ+Fh/F43GxWCTruF5GejcRew1zDu ++W+L9Z4A+rR/5E5Xjt4isGFYxEsnyYwH5Dvj1M1ANAU8VMS1H30YTAuL57WXih9p +RrWadNdW1uxvZHysyEWDa9j3wBbh0b0HhDYJAtFeJcB8IAzNnyBLXWFYukISZ6Rc +qylG2DhtzqdyUi08socUQ/okL0FIbbMLT69faPbgkJk+w5iTCL8ZA9AMMKnN9a3z +11nXmgqTf1zTJe5Z6o9C3eLMiKlWvIrJ+WMbedBy/h6Qp9IdNnGEk6FCjrV1lxlr +UIvpSEsOa7vscKKiAaRcQ+Uq7Kqn2OORdcPJXJd5n817ziAOtglX6K2OSpIoAnOY +KE7xOTN+fQq5Yw61UaP3Nl25Zns5u4sQAzhHjIBmoEw +--- cZ6bbJKB4uN0RX9l0MWaH0Hgr81cGxhnMTgSuVKUfI4 +qRp[0*C;o Q > +ыBu[j"/=.Vnmx͎ +:TTj"+2ׄiPMOvĖ)$\V0_ȽN暈^*Y(dR;-͙Z'o\Y5- \ No newline at end of file diff --git a/reference/secrets/secrets.nix b/reference/secrets/secrets.nix index 36657ae..eb4389f 100644 --- a/reference/secrets/secrets.nix +++ b/reference/secrets/secrets.nix @@ -11,4 +11,5 @@ in "youwen_ucsb_client_secret.age".publicKeys = users ++ systems; "tincan_app_password.age".publicKeys = users ++ systems; "github_cli_secret_config.age".publicKeys = users ++ systems; + "nix_config_github_pat.age".publicKeys = users ++ systems; }