dotfiles/EdenQwQ
1
0
Fork 0
mirror of https://github.com/EdenQwQ/nixos.git synced 2025-12-26 10:14:58 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions

secrets: use agenix

Browse source
This commit is contained in:
EdenQwQ 2025-03-03 14:32:06 +08:00
parent 038dfdbf35
commit dd4017ab39
9 changed files with 149 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

136
flake.lock generated
View file

@ -1,5 +1,26 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1736955230,
"narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"base16": {
"inputs": {
"fromYaml": "fromYaml"
@ -67,6 +88,28 @@
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"firefox-gnome-theme": {
"flake": false,
"locked": {
@ -215,7 +258,7 @@
},
"flake-utils": {
"inputs": {
"systems": "systems"
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
@ -233,7 +276,7 @@
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
@ -352,6 +395,27 @@
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
@ -372,7 +436,7 @@
"type": "github"
}
},
"home-manager_2": {
"home-manager_3": {
"inputs": {
"nixpkgs": [
"stylix",
@ -423,7 +487,7 @@
},
"nh": {
"inputs": {
"nixpkgs": "nixpkgs"
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1740563087,
@ -465,7 +529,7 @@
"inputs": {
"niri-stable": "niri-stable",
"niri-unstable": "niri-unstable",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs_3",
"nixpkgs-stable": "nixpkgs-stable",
"xwayland-satellite-stable": "xwayland-satellite-stable",
"xwayland-satellite-unstable": "xwayland-satellite-unstable"
@ -542,16 +606,16 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1735563628,
"narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
"lastModified": 1703013332,
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
@ -598,16 +662,16 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1740560979,
"narHash": "sha256-Vr3Qi346M+8CjedtbyUevIGDZW8LcA1fTG0ugPY/Hic=",
"lastModified": 1735563628,
"narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5135c59491985879812717f4c9fea69604e7f26f",
"rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
@ -629,6 +693,22 @@
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1740560979,
"narHash": "sha256-Vr3Qi346M+8CjedtbyUevIGDZW8LcA1fTG0ugPY/Hic=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5135c59491985879812717f4c9fea69604e7f26f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1740560979,
"narHash": "sha256-Vr3Qi346M+8CjedtbyUevIGDZW8LcA1fTG0ugPY/Hic=",
@ -644,7 +724,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1735554305,
"narHash": "sha256-zExSA1i/b+1NMRhGGLtNfFGXgLtgo+dcuzHzaWA6w3Q=",
@ -685,7 +765,7 @@
"nur": {
"inputs": {
"flake-parts": "flake-parts_4",
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_5",
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
@ -750,13 +830,14 @@
},
"root": {
"inputs": {
"agenix": "agenix",
"flake-parts": "flake-parts",
"home-manager": "home-manager",
"home-manager": "home-manager_2",
"nh": "nh",
"nil": "nil",
"niri": "niri",
"nixd": "nixd",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_4",
"nixvim": "nixvim",
"nur": "nur",
"stylix": "stylix",
@ -795,12 +876,12 @@
"flake-utils": "flake-utils_3",
"git-hooks": "git-hooks",
"gnome-shell": "gnome-shell",
"home-manager": "home-manager_2",
"home-manager": "home-manager_3",
"nixpkgs": [
"nixpkgs"
],
"nur": "nur_2",
"systems": "systems_3",
"systems": "systems_4",
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes",
@ -866,6 +947,21 @@
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tinted-foot": {
"flake": false,
"locked": {
@ -1014,7 +1110,7 @@
},
"treefmt-nix_4": {
"inputs": {
"nixpkgs": "nixpkgs_5"
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1739829690,

1
flake.nix
View file

@ -64,5 +64,6 @@
};
nh.url = "github:viperML/nh";
treefmt-nix.url = "github:numtide/treefmt-nix";
agenix.url = "github:ryantm/agenix";
};
}

11
home/programs/coding/nixvim/ai.nix
View file

@ -1,4 +1,9 @@
{ user, ... }:
{
user,
config,
lib,
...
}:
{
programs.nixvim = {
plugins = {
@ -32,7 +37,7 @@
# lua
''
function ()
local siliconflow_token_file = io.open("/home/${user}/Downloads/tokens/siliconflow_token", "r")
local siliconflow_token_file = io.open("${config.age.secrets.siliconflow_token.path}", "r")
local siliconflow_api_key = siliconflow_token_file:read()
siliconflow_token_file:close()
return require("codecompanion.adapters").extend("openai_compatible", {
@ -53,7 +58,7 @@
# lua
''
function()
local gemini_token_file = io.open("/home/${user}/Downloads/gemini_token", "r")
local gemini_token_file = io.open("${config.age.secrets.gemini_token.path}", "r")
local gemini_api_key = gemini_token_file:read()
gemini_token_file:close()
return require("codecompanion.adapters").extend("gemini", {

2
hosts/default.nix
View file

@ -23,6 +23,8 @@ let
inputs.stylix.homeManagerModules.stylix
inputs.niri.homeModules.niri
inputs.nixvim.homeManagerModules.nixvim
inputs.agenix.homeManagerModules.default
../secrets/age.nix
];
in
{

2
os/system/configuration.nix
View file

@ -104,6 +104,8 @@
gnome.gnome-browser-connector.enable = true;
gvfs.enable = true;
openssh.enable = true;
};
security = {

6
secrets/age.nix Normal file
View file

@ -0,0 +1,6 @@
{
age.secrets = {
siliconflow_token.file = ./siliconflow_token.age;
gemini_token.file = ./gemini_token.age;
};
}

BIN
secrets/gemini_token.age Normal file
View file

Binary file not shown.

14
secrets/secrets.nix Normal file
View file

@ -0,0 +1,14 @@
let
eden = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXeMZ+CkyITSuDSbt4T9uglVJvt+c75X4QPiX8iCFbx";
eden-inspiron = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqbqHz5O4f6nBoki57c6hekVqUiO4hvSb9k771i61YS";
in
{
"siliconflow_token.age".publicKeys = [
eden
eden-inspiron
];
"gemini_token.age".publicKeys = [
eden
eden-inspiron
];
}

BIN
secrets/siliconflow_token.age Normal file
View file

Binary file not shown.