From 392a62d4ce64303eff6ff03fd06257db9cf60f8a Mon Sep 17 00:00:00 2001
From: Fuwn <contact@fuwn.me>
Date: Sun, 22 Sep 2024 03:00:21 -0700
Subject: sops: seperate secrets per module

---
 home/default.nix                        |  1 +
 home/ebisu/fortune/system/default.nix   |  1 +
 home/ebisu/fortune/system/sops.nix      | 16 ++++++++++++++++
 home/ebisu/fortune/system/variables.nix |  4 ++--
 4 files changed, 20 insertions(+), 2 deletions(-)
 create mode 100644 home/ebisu/fortune/system/sops.nix

(limited to 'home')

diff --git a/home/default.nix b/home/default.nix
index cb76501..73b31fc 100644
--- a/home/default.nix
+++ b/home/default.nix
@@ -28,6 +28,7 @@ in
         chaotic.homeManagerModules.default
         pywal-nix.homeManagerModules.${pkgs.system}.default
         rui.homeManagerModules.${pkgs.system}.default
+        sops-nix.homeManagerModules.sops
       ];
 
       extraSpecialArgs = {
diff --git a/home/ebisu/fortune/system/default.nix b/home/ebisu/fortune/system/default.nix
index cf8279a..2215f17 100644
--- a/home/ebisu/fortune/system/default.nix
+++ b/home/ebisu/fortune/system/default.nix
@@ -7,6 +7,7 @@
     ./terminal
     ./virtualisation
     ./peripheral.nix
+    ./sops.nix
     ./ssh.nix
     ./tracing.nix
     ./variables.nix
diff --git a/home/ebisu/fortune/system/sops.nix b/home/ebisu/fortune/system/sops.nix
new file mode 100644
index 0000000..695d343
--- /dev/null
+++ b/home/ebisu/fortune/system/sops.nix
@@ -0,0 +1,16 @@
+{ config, ... }:
+{
+  sops = {
+    gnupg.sshKeyPaths = [ ];
+    defaultSopsFile = ../../../../secrets/${config.home.username}.yaml;
+
+    age = {
+      sshKeyPaths = [ ];
+      keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
+      generateKey = false;
+    };
+
+    secrets.suzuri_token = { };
+    secrets.openai_api_key = { };
+  };
+}
diff --git a/home/ebisu/fortune/system/variables.nix b/home/ebisu/fortune/system/variables.nix
index f365ed1..5b96479 100644
--- a/home/ebisu/fortune/system/variables.nix
+++ b/home/ebisu/fortune/system/variables.nix
@@ -86,7 +86,7 @@
     MOZ_USE_XINPUT2 = "1";
     AWT_TOOLKIT = "MToolkit wmname LG3D";
     _JAVA_AWT_WM_NONREPARENTING = 1;
-    OPENAI_API_KEY = secrets.openai_api_key;
+    OPENAI_API_KEY = "$(cat ${config.sops.secrets.openai_api_key.path})";
     NNN_FIFO = "/tmp/nnn.fifo";
     _Z_DATA = "${config.xdg.dataHome}/z";
     W3M_DIR = "${config.xdg.dataHome}/w3m";
@@ -97,6 +97,6 @@
     BUNDLE_USER_PLUGIN = "${config.xdg.dataHome}/bundle";
     PSQL_HISTORY = "${config.xdg.dataHome}/psql_history";
     PKG_CACHE_PATH = "${config.xdg.cacheHome}/pkg-cache";
-    SUZURI_TOKEN = "${secrets.suzuri_token}";
+    SUZURI_TOKEN = "$(cat ${config.sops.secrets.suzuri_token.path})";
   };
 }
-- 
cgit v1.2.3