Commit 29b1721

HPCesia <me@hpcesia.com>
2025-06-24 17:46:55
feat(nix): update github token usage
1 parent 13e842a
Changed files (3)
modules/base.nix
@@ -50,8 +50,15 @@
     description = myvars.userfullname;
   };
 
+  sops.templates.access-tokens = {
+    content = ''
+      access-tokens = github.com=${config.sops.placeholder.github-access-token}
+    '';
+    mode = "0444"; # file must be accessible (r) to all users, because only the build daemon runs as root and not nix evaluator itself.
+  };
+
   nix.extraOptions = ''
-    !include ${config.sops.secrets.nix-access-tokens.path}
+    !include ${config.sops.templates.access-tokens.path}
   '';
 
   nix.settings = {
secrets/base/default.nix
@@ -10,7 +10,7 @@ let
       keys);
 in {
   sops.secrets = mapSecrets [
-    "nix-access-tokens"
+    "github-access-token"
     "mihomo/providers/yi_yuan"
     "mihomo/providers/mo_jie"
     "aria2-rpc-secret"
secrets/base/secrets.yaml
@@ -1,4 +1,4 @@
-nix-access-tokens: ENC[AES256_GCM,data:NeZ52vUX9qQhb6jRrxpjLTj4aGCvk1NBJwuxz5xpwZdeoXh+JCDddkO6UHYcTVtwfgfOZrz6Wa8yohDdxU3pp8+mii0Cy7in1IZ3q8OwfEiDxkvIpS4ycceyK702E3wT3aRxLFCVjpLsYlOefPHFs6FnLtTUuzCl,iv:3JRlMvdUcdyPCEfzBpF/B6ZR2ig6SpVoocNJoG7TLmc=,tag:r2Y7pH+SqZtaPxdu+b1cbw==,type:str]
+github-access-token: ENC[AES256_GCM,data:Ca/NER89MA1sF+bGc6Tcz/OVr7vlu7fh6p0eZWEONQ9HvkNeXN1aB3duWLTCWUTv+qvTYXrNicOTVFpLdlpaq3oJhZno+l6jbDu00DIOFUFyg8VfOXXZYPxlCx/K,iv:e+nTOBn4GAARFDXdWOEGZYMvzgjFUwxfk2BmY/Xm/A4=,tag:UuvOUtZ5LbFyy3JAEux40Q==,type:str]
 mihomo:
     providers:
         yi_yuan: ENC[AES256_GCM,data:7K18ggNPbJvU5De/VyLUXkM8gVysDpElw3+Cyt9HXa9yYg5hCcjgndg9f7yg49yjkiS4oAbhsxibte48jW3U+c7hYvV2emaCnbbAiojGY9E06XsH8U3yYxUJu74emvE=,iv:bZtmdTaDR4jR9phF+f8rW/bSEWHHJrykb09oFDlTOiM=,tag:IpOhT9bSibdiwrCDu678aw==,type:str]
@@ -15,8 +15,8 @@ sops:
             Yi9ZV013dWo1NjlEbkREMlYxL3FZS0EKMStYByW8u5mTQ+ZthgWqTTOsjatJVuFo
             5bOZw/lgD5L6XcSb+xWbM21dlV/Vn7ulMsTHM7FE2Z36OGQc0cwQUA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-06-14T17:25:52Z"
-    mac: ENC[AES256_GCM,data:H8yhZZM7vsrDvOpvAPrGCEDAovlveQNfXaDg5iVFXxwehz3t38H+vyZL49saaLx+KJYSCUB9KXqu5zcvqynZgX57zTI3lylkiq9A28ShiCk14HF4abDmKz+L33P6vDpra9a7pRzU+jWUiftVtbVEqq5BTC61wYjJ/V8CQSXealA=,iv:Bfh68KjQy5/9u7MC+bWkMaFB1hmRSlRUYN8fFhF+Sjw=,tag:oJgB3siRbJhuJ7O16vE5uA==,type:str]
+    lastmodified: "2025-06-24T17:37:56Z"
+    mac: ENC[AES256_GCM,data:dUOejuUQVtnvBANiuRbaurODpvLrnhZ5+cME1Le5mfh5srwXIWBiIAgHt7iI7ylGWCEVE5BcdWqvs5uOG9Mrzrht9p6xpe3bd+1ATjUq+dqpzTU689mKtqOjlB+XyeYgEoE+0LHp7fn3KiriifMoSef2+8FzCO1rqqwH2GXajNw=,iv:o3MEWUj8mYMqYLzXBlxqvp2yijSmtINzxucW/UL9JsE=,tag:7tX9uugomqo7kIatE/fmmA==,type:str]
     pgp:
         - created_at: "2025-06-03T17:06:45Z"
           enc: |-