hektor/nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor: adopt modular secrets approach

Browse Source
This commit is contained in:
Hektor Misplon
2026-03-13 23:03:59 +01:00
committed by hektor
parent 3f9c9cd154
commit 916e732ce6
14 changed files with 212 additions and 161 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
home/hosts/work/default.nix
View File

@@ -41,41 +41,7 @@ in
../../modules/vscode
];
sops = {
age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
defaultSopsFile = "${inputs.nix-secrets}/secrets.yaml";
secrets = {
taskwarrior_sync_server_url = { };
taskwarrior_sync_server_client_id = { };
taskwarrior_sync_encryption_secret = { };
anki_sync_user = { };
anki_sync_key = { };
opencode_api_key = { };
};
templates = {
"taskrc.d/sync" = {
content = ''
sync.server.url=${config.sops.placeholder.taskwarrior_sync_server_url}
sync.server.client_id=${config.sops.placeholder.taskwarrior_sync_server_client_id}
sync.encryption_secret=${config.sops.placeholder.taskwarrior_sync_encryption_secret}
'';
};
"opencode/auth.json" = {
path = "${config.home.homeDirectory}/.local/share/opencode/auth.json";
content = ''
{
"zai-coding-plan": {
"type": "api",
"key": "${config.sops.placeholder.opencode_api_key}"
}
}
'';
};
};
};
sops.age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
nixpkgs.config.allowUnfree = true;

15
home/modules/anki/default.nix
View File

@@ -2,20 +2,17 @@
config,
lib,
pkgs,
myUtils,
osConfig ? null,
...
}:
let
hmSopsAvailable = config ? sops && config.sops ? secrets;
osSopsAvailable = osConfig != null && osConfig ? sops && osConfig.sops ? secrets;
sopsAvailable = hmSopsAvailable || osSopsAvailable;
sopsSecrets = if hmSopsAvailable then config.sops.secrets else osConfig.sops.secrets;
sops = myUtils.sopsAvailability config osConfig;
in
{
warnings = lib.optional (
!sopsAvailable && config.programs.anki.enable
!sops.available && config.programs.anki.enable
) "anki is enabled but sops secrets are not available. anki sync will not be configured.";
programs.anki = {
@@ -26,9 +23,9 @@ in
puppy-reinforcement
review-heatmap
];
profiles."User 1".sync = lib.mkIf sopsAvailable {
usernameFile = "${sopsSecrets."anki_sync_user".path}";
keyFile = "${sopsSecrets."anki_sync_key".path}";
profiles."User 1".sync = lib.mkIf sops.available {
usernameFile = "${sops.secrets."anki-sync-user".path}";
keyFile = "${sops.secrets."anki-sync-key".path}";
};
};
}

5
home/modules/cloud/hetzner.nix
View File

@@ -14,8 +14,7 @@ in
warnings =
lib.optional (!isNixOS)
"hcloud module requires NixOS host configuration. This module will not work with standalone home-manager.";
home = {
packages = with pkgs; [ hcloud ];
};
home.packages = with pkgs; [ hcloud ];
};
}

15
home/modules/taskwarrior/default.nix
View File

@@ -3,20 +3,17 @@
lib,
pkgs,
dotsPath,
myUtils,
osConfig ? null,
...
}:
let
hmSopsAvailable = config ? sops && config.sops ? templates;
osSopsAvailable = osConfig != null && osConfig ? sops && osConfig.sops ? templates;
sopsAvailable = hmSopsAvailable || osSopsAvailable;
sopsTemplates = if hmSopsAvailable then config.sops.templates else osConfig.sops.templates;
sops = myUtils.sopsAvailability config osConfig;
in
{
warnings =
lib.optional (!sopsAvailable && config.programs.taskwarrior.enable)
lib.optional (!sops.available && config.programs.taskwarrior.enable)
"taskwarrior is enabled, but sops templates are not available. taskwarrior sync will not be configured.";
home.packages = with pkgs; [
@@ -27,7 +24,7 @@ in
home.file = {
".config/task/taskrc" = {
force = true; # overwrite when present
force = true;
source = dotsPath + "/.config/task/taskrc";
};
".config/task/taskrc.d/aliases".source = dotsPath + "/.config/task/taskrc.d/aliases";
@@ -60,8 +57,8 @@ in
config = {
recurrence = "off";
};
extraConfig = lib.optionalString sopsAvailable ''
include ${sopsTemplates."taskrc.d/sync".path}
extraConfig = lib.optionalString sops.available ''
include ${sops.templates."taskrc.d/sync".path}
'';
};
}