Commit 29b1721
Changed files (3)
modules
secrets
base
modules/base.nix
@@ -50,8 +50,15 @@
description = myvars.userfullname;
};
+ sops.templates.access-tokens = {
+ content = ''
+ access-tokens = github.com=${config.sops.placeholder.github-access-token}
+ '';
+ mode = "0444"; # file must be accessible (r) to all users, because only the build daemon runs as root and not nix evaluator itself.
+ };
+
nix.extraOptions = ''
- !include ${config.sops.secrets.nix-access-tokens.path}
+ !include ${config.sops.templates.access-tokens.path}
'';
nix.settings = {
secrets/base/default.nix
@@ -10,7 +10,7 @@ let
keys);
in {
sops.secrets = mapSecrets [
- "nix-access-tokens"
+ "github-access-token"
"mihomo/providers/yi_yuan"
"mihomo/providers/mo_jie"
"aria2-rpc-secret"
secrets/base/secrets.yaml
@@ -1,4 +1,4 @@
-nix-access-tokens: ENC[AES256_GCM,data:NeZ52vUX9qQhb6jRrxpjLTj4aGCvk1NBJwuxz5xpwZdeoXh+JCDddkO6UHYcTVtwfgfOZrz6Wa8yohDdxU3pp8+mii0Cy7in1IZ3q8OwfEiDxkvIpS4ycceyK702E3wT3aRxLFCVjpLsYlOefPHFs6FnLtTUuzCl,iv:3JRlMvdUcdyPCEfzBpF/B6ZR2ig6SpVoocNJoG7TLmc=,tag:r2Y7pH+SqZtaPxdu+b1cbw==,type:str]
+github-access-token: ENC[AES256_GCM,data:Ca/NER89MA1sF+bGc6Tcz/OVr7vlu7fh6p0eZWEONQ9HvkNeXN1aB3duWLTCWUTv+qvTYXrNicOTVFpLdlpaq3oJhZno+l6jbDu00DIOFUFyg8VfOXXZYPxlCx/K,iv:e+nTOBn4GAARFDXdWOEGZYMvzgjFUwxfk2BmY/Xm/A4=,tag:UuvOUtZ5LbFyy3JAEux40Q==,type:str]
mihomo:
providers:
yi_yuan: ENC[AES256_GCM,data:7K18ggNPbJvU5De/VyLUXkM8gVysDpElw3+Cyt9HXa9yYg5hCcjgndg9f7yg49yjkiS4oAbhsxibte48jW3U+c7hYvV2emaCnbbAiojGY9E06XsH8U3yYxUJu74emvE=,iv:bZtmdTaDR4jR9phF+f8rW/bSEWHHJrykb09oFDlTOiM=,tag:IpOhT9bSibdiwrCDu678aw==,type:str]
@@ -15,8 +15,8 @@ sops:
Yi9ZV013dWo1NjlEbkREMlYxL3FZS0EKMStYByW8u5mTQ+ZthgWqTTOsjatJVuFo
5bOZw/lgD5L6XcSb+xWbM21dlV/Vn7ulMsTHM7FE2Z36OGQc0cwQUA==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-06-14T17:25:52Z"
- mac: ENC[AES256_GCM,data:H8yhZZM7vsrDvOpvAPrGCEDAovlveQNfXaDg5iVFXxwehz3t38H+vyZL49saaLx+KJYSCUB9KXqu5zcvqynZgX57zTI3lylkiq9A28ShiCk14HF4abDmKz+L33P6vDpra9a7pRzU+jWUiftVtbVEqq5BTC61wYjJ/V8CQSXealA=,iv:Bfh68KjQy5/9u7MC+bWkMaFB1hmRSlRUYN8fFhF+Sjw=,tag:oJgB3siRbJhuJ7O16vE5uA==,type:str]
+ lastmodified: "2025-06-24T17:37:56Z"
+ mac: ENC[AES256_GCM,data:dUOejuUQVtnvBANiuRbaurODpvLrnhZ5+cME1Le5mfh5srwXIWBiIAgHt7iI7ylGWCEVE5BcdWqvs5uOG9Mrzrht9p6xpe3bd+1ATjUq+dqpzTU689mKtqOjlB+XyeYgEoE+0LHp7fn3KiriifMoSef2+8FzCO1rqqwH2GXajNw=,iv:o3MEWUj8mYMqYLzXBlxqvp2yijSmtINzxucW/UL9JsE=,tag:7tX9uugomqo7kIatE/fmmA==,type:str]
pgp:
- created_at: "2025-06-03T17:06:45Z"
enc: |-