feat(secrets): Add darwin sops config and gemini key access

2025-07-14 19:16:37 +08:00 · 2025-07-14 19:16:37 +08:00 · 79b83cfc70
commit 79b83cfc70
parent f502810dae
1 changed files with 15 additions and 0 deletions
--- a/nix/modules/system/secrets.nix
+++ b/nix/modules/system/secrets.nix
@ -30,6 +30,21 @@ in
          '';
      };
    };
+  flake.modules.darwin.default =
+    { config, ... }:
+    {
+      imports = [ inputs.sops-nix.darwinModules.sops ];
+      config = {
+        sops = {
+          age.sshKeyPaths = [ "${config.users.users.${username}.home}/.ssh/id_ed25519" ];
+          secrets."keys/gemini".sopsFile = secrets + "/keys.yaml";
+        };
+        environment.shellInit = # sh
+          ''
+            export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets."keys/gemini".path})
+          '';
+      };
+    };
  flake.modules.homeManager.default.persistDirs = [ ".config/sops/age" ];
  perSystem =
    { pkgs, ... }: