From 0b106d21ccc88d112f2f04ec0d5b1c8acedc399c Mon Sep 17 00:00:00 2001 From: ulic-youthlic Date: Fri, 7 Feb 2025 20:43:35 +0800 Subject: [PATCH] add github token for nix visit github api --- nixos/modules/nix.nix | 7 +++++++ secrets/general.yaml | 5 +++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/nixos/modules/nix.nix b/nixos/modules/nix.nix index b33c101..49243b4 100644 --- a/nixos/modules/nix.nix +++ b/nixos/modules/nix.nix @@ -1,5 +1,6 @@ { inputs, + config, outputs, pkgs, lib, @@ -12,8 +13,14 @@ allowUnfree = true; }; }; + sops.secrets."access-tokens" = { + mode = "0444"; + }; nix = { nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; + extraOptions = '' + !include ${config.sops.secrets."access-tokens".path} + ''; settings = { inherit (outputs.nix.settings) substituters; trusted-users = [ diff --git a/secrets/general.yaml b/secrets/general.yaml index 10c4d0c..4f23efe 100644 --- a/secrets/general.yaml +++ b/secrets/general.yaml @@ -2,6 +2,7 @@ rustypaste: auth: ENC[AES256_GCM,data:DORM12zY0wQQxqBNFYG3oYodhevUJXNjdqJcnyOnuPnZQIsUdEtm4TyNHokUKYoc30s8c6INOFoAB+7210y0dQE3hfg=,iv:Kms90lNPaL5fvQjD31+DZGJf+YQU/tTGLTxrqkvsbDY=,tag:5voNZlwGf2adVQoVqgyRqA==,type:str] delete: ENC[AES256_GCM,data:fbhJiJhh4YSMZQ6/dfquesJE0sNSn2PUkbjtJmisj5qHtsM=,iv:M1R7giNyLhbj98iiCPENQy44Ixqnie1PHlNcsVs5TLs=,tag:zdBbZ4NR7D4HxsxCizTliw==,type:str] atuin-key: ENC[AES256_GCM,data:e3K7/7BaeXuR+vHJdtO79UQp3XRvROcD8ISkuCp3KGCSlBKUM3GuCwhIeFoIl0fOUqVYOzcCAcjsH2nBRqcXhtS8jhM=,iv:Mh3jsu6mdj0VOLSIoNz/0awyydVf7q3/E7iB7CJi+UA=,tag:xuHhUmK/J2stdjRrtbhQSw==,type:str] +access-tokens: ENC[AES256_GCM,data:TBg9y2xdVmLNQV3JzGRSbYSrqtYQxakWNPF+OBShqCP6Z/M9H8of6zbgevOudfAPXUbcDv55tBo58U/Z2VIMJysYuUDbbmO9WoqEB2AQNjFgbxBbSwGOEVz8fwKItj01f15r3gAfQVQl0T8Vaf5+VIVXpzG1h7O7,iv:IQw7ddpTuj5vzT6MEvqUiHEsd/Sekl8wVe+A8uibsEw=,tag:I4oyeM1j2LJ++5omk4Ao2A==,type:str] matrix-telegram-bot: ENC[AES256_GCM,data:4G9JSR4l3043SM63gvJr0xBFuS11eoesi9rrobTxN9HpEGNklYDWHH/+Bm7P/2Bxnye3CiO/Z8KffvbjH8slRHLtbSpo8lRsfi9uRAbeMl7aXe/nTjpN078QSN3WXXc9XqYq0sxwNKPrnW3bmPQsHUiykZ3Go5A9Qw1iIPvPpXITyNbeD0gA+2CBB7PIURI7X0PIgSfUtMFZvl2J9znqCnlfC41bj6aC3sywsEkpuFJiMEojrwl+XmVS/u4eNMq8KiofVn9QlGx5gdGZ9LfZZdc+8E6u5GovqP2JTwwfaeZPzdwdZ2YsdoAvmgAusMfjCNZvHF7msLsOyNJW4592ZC7+fHhRbkKnVKc3OwA4ILWd9Jl0p0BoS0Ckn3V5nUQFgxVJ2O0yd/FLFaEqbeBLHNqC6u9CTYk82Uy23ilXQYKIc9h2wQkM329E6j9Mk0f9uavoYVPkpz6ahLzcni2W26FUkeaZ7PkrHmHWfJvvvi32GB4+q1m0phPmcd3cKVhXhbhLXiBcx2Rj7Q==,iv:Br0w0SiYajFr8p5CZEg47x3KpJ+AOleHthsEc3ho4YI=,tag:k+wptcSnNzfefF66Ug824Q==,type:str] matrix-reg-token: ENC[AES256_GCM,data:Cr5560L9gQo/tKUz1sQOAg5dckI6SyDxeNyrjW4oI6qkV8bxUrMaAGnVkkeF9TF9FgAnRb+7Lm+axd2SmkPWnqrLll2NzLC01zXht9Mq9RroAPXFraEV1X1Ge1qAAtkr,iv:42r93HLVDKuDCOYlfem7oi3gcHfhDYiNbFKOCHxim+o=,tag:9hWGQrWHsv2eYNgFlHtfeA==,type:str] ssh-private-key: @@ -53,8 +54,8 @@ sops: a1Y1NU9CK2h1SS83VW42bzBMa01yMXMKI1DBtgNlkNCrxUQvnD6a45mQKNfg5gM4 Zb5buo9Jofj4dn/HFwng3T3gxKTrP2Dh74CAH4L0M5yrF9fzk5TCcQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-04T05:04:29Z" - mac: ENC[AES256_GCM,data:D0C2biLcMcfSMqx+1Zb1JWMzGElste8rJTAsOwnjx+rfm/fUr7sOXfOOQTMO4+LXVDeZPSsKL4BXhNQQynKFDlyCGmBA8FWqRjM42XO0wZ+So1s5fSY1Ep00E21SbMtoJ6jHWFEB7PXI737ueS7pJSLAN2vUPEZLn4bdsSy0E18=,iv:7316v8T/w4CAG2OZlYOci1mF+Xge2dvfeQ4PHc3jFTE=,tag:vDE2s7SVeCXppjNMUtFXkg==,type:str] + lastmodified: "2025-02-06T10:56:15Z" + mac: ENC[AES256_GCM,data:WzeYoApPyzhIQ36kksgePg6fdsgm8+03wHj24BfeRFS92IvIcHVpVZpc8dhRF6cxx2ydvmRgCgpmjMQLkqfWUgdhTiaJDsc7h8pVC7Kbgk1Qex5Ohk5UW1vOKFCT0Naog/bO/ujguR5p8WW/0XOnM31MnIUq58gwH3IQ5bDDkRo=,iv:9eMDDLWSEWsNuMUZ5Pg/KsjlOrqovfymcoAO07zl5fM=,tag:Wd55I4MOOJWcGNjNKmoLjA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4