rrvsh/pantheon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor: move gemini api key to secret

Browse source
This commit is contained in:
Mohammad Rafiq 2025-03-30 05:05:22 +08:00
parent 00c219cb05
commit 9ee5317e6a
No known key found for this signature in database
5 changed files with 34 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

5
configs/secrets/secrets.yaml
View file

@ -2,6 +2,7 @@ password: ENC[AES256_GCM,data:pbNp9qB92UiLv8S18L1Wr+wbiGahxyNbAsvhrJtZTJfQ9H2yyT
ts_auth_key: ENC[AES256_GCM,data:2/pabfBT8KAGLKDytTMrhSBX8xr/TyJbX0mAsMlzmniyK9GT0xTAq3LsRfNLyCitSVauWIXwPYFia78NCw==,iv:PBDp4+SP9yVRJtmMmvJxUQju6qTOB7cJGSQZIbRSLm8=,tag:ZYDRlMrmmwwvxs71IV3dmQ==,type:str] ts_auth_key: ENC[AES256_GCM,data:2/pabfBT8KAGLKDytTMrhSBX8xr/TyJbX0mAsMlzmniyK9GT0xTAq3LsRfNLyCitSVauWIXwPYFia78NCw==,iv:PBDp4+SP9yVRJtmMmvJxUQju6qTOB7cJGSQZIbRSLm8=,tag:ZYDRlMrmmwwvxs71IV3dmQ==,type:str]
cwp_jira_link: ENC[AES256_GCM,data:7YwR5ajQDcyZgUGgMonajBV7DG/wlxsbxpiagMaPCBk=,iv:loFSGCV4no/azjIRYxjZHDkrrJmH0nzGlF8t0o0yfo4=,tag:pQYLLq4fu7T8Z03GvrJ+3A==,type:str] cwp_jira_link: ENC[AES256_GCM,data:7YwR5ajQDcyZgUGgMonajBV7DG/wlxsbxpiagMaPCBk=,iv:loFSGCV4no/azjIRYxjZHDkrrJmH0nzGlF8t0o0yfo4=,tag:pQYLLq4fu7T8Z03GvrJ+3A==,type:str]
cwp_jira_pat: ENC[AES256_GCM,data:+4VnPikwuSPHdPj9xihuFeht1FPYdZHcHxYNjKMwU2MU7VC4cOUA9vpcEgk=,iv:8f8Z/V9LnuTFdCsqJhaa55BL0ibgSW8PUQoW7FxAOZE=,tag:XL/Xf1QaNLiLT2m/dWcrKw==,type:str] cwp_jira_pat: ENC[AES256_GCM,data:+4VnPikwuSPHdPj9xihuFeht1FPYdZHcHxYNjKMwU2MU7VC4cOUA9vpcEgk=,iv:8f8Z/V9LnuTFdCsqJhaa55BL0ibgSW8PUQoW7FxAOZE=,tag:XL/Xf1QaNLiLT2m/dWcrKw==,type:str]
gemini_api_key: ENC[AES256_GCM,data:Kh1Kya8O6lqN0MMK1OMn/BHw51XDOAroSrOL3h4K8r6VorAwHTZw,iv:Gxg13mHBID7Gv4du+484IF1q7LFOCvtyzWMHG+IBUVM=,tag:jcjmKveybkET4RFOV4F8PQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -35,8 +36,8 @@ sops:
cTFJZ3ZBTG12enVWbmQrc3JNTjY3akEKSzjApYoZ0i70DBc7/IHo1giziDgVcRNi cTFJZ3ZBTG12enVWbmQrc3JNTjY3akEKSzjApYoZ0i70DBc7/IHo1giziDgVcRNi
E6roLPPJjM+n7ZhEielnc+PjsQZ74ZX6z2D4UY5AGOYY3BOmmTF51g== E6roLPPJjM+n7ZhEielnc+PjsQZ74ZX6z2D4UY5AGOYY3BOmmTF51g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-27T13:04:25Z" lastmodified: "2025-03-29T20:50:17Z"
mac: ENC[AES256_GCM,data:6eINPO68OJGMhWhORC4MfBiA4Qax30UYzZBGdeqsDsRfjFZ7TCCiLrdHOdGWOr0S9nCelXm9VnTjIjFGudpZ2k3vQ5lM9bt1DZ19Y2XbeHhC7jZJP51ql9NexNMlT10zLdWWUWhxoow8avAszAguUc0nmWgi+R9N+ctrtwAWpmw=,iv:OYBn6dYDZJrJJ6xXUXoK5Ml3fHBULMYnQXAfqM+1rUU=,tag:ScVH3GRaMAKNnLQNNNDgtw==,type:str] mac: ENC[AES256_GCM,data:fJ0UbSeQQzDAScXAOpYDD5aiOLNVLBhuAmJE3gwmT1Lm48UbncWfBKcvBfWElH3CTFaeuXshH7sRnUkKig5PKU0EVrpvWFic5TIjwk2G+fqLvzamuhk5y+4/VjUHA6Y3vXHRBV7XClblXqHa3LWk/l5eCtbiWEF1uNlz9h9JRbU=,iv:CCJMj5eYaTl2u8oq+s6yr9Xd83vIjBMMOfCVD5O54eQ=,tag:NzMDZTi9kVuWLsVSPaedBQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.4 version: 3.9.4

1
configs/security.nix
View file

@ -12,6 +12,7 @@
ts_auth_key = { }; ts_auth_key = { };
cwp_jira_link = { }; cwp_jira_link = { };
cwp_jira_pat = { }; cwp_jira_pat = { };
gemini_api_key = { };
}; };
}; };

21
configs/shell/aichat.nix Normal file
View file

@ -0,0 +1,21 @@
{ pkgs, ... }:
{
home-manager.users.rafiq = {
home.shellAliases = {
ai = "aichat -r %shell% -e";
};
home.packages = with pkgs; [
aichat
];
xdg.configFile."aichat/config.yaml" = {
text = ''
model: gemini:gemini-2.0-flash
clients:
- type: gemini
'';
};
};
}

12
configs/shell/default.nix
View file

@ -1,7 +1,8 @@
{ pkgs, ... }: { pkgs, config, ... }:
{ {
imports = [ imports = [
./scripts ./scripts
./aichat.nix
./comma.nix ./comma.nix
./direnv.nix ./direnv.nix
./editorconfig.nix ./editorconfig.nix
@ -17,11 +18,17 @@
./zsh.nix ./zsh.nix
]; ];
environment.shellInit = # sh
''
export CWP_JIRA_LINK=$(sudo cat ${config.sops.secrets.cwp_jira_link.path})
export CWP_JIRA_PAT=$(sudo cat ${config.sops.secrets.cwp_jira_pat.path})
export GEMINI_API_KEY=$(sudo cat ${config.sops.secrets.gemini_api_key.path})
'';
home-manager.users.rafiq.home = { home-manager.users.rafiq.home = {
shell.enableShellIntegration = true; shell.enableShellIntegration = true;
shellAliases = { shellAliases = {
gs = "git status"; gs = "git status";
ai = "aichat -r %shell% -e";
cd = "z"; cd = "z";
v = "$EDITOR"; v = "$EDITOR";
g = "git"; g = "git";
@ -30,7 +37,6 @@
}; };
packages = with pkgs; [ packages = with pkgs; [
aichat
bat bat
btop # add settings as home-manager module btop # add settings as home-manager module
devenv devenv

3
configs/shell/zsh.nix
View file

@ -22,9 +22,6 @@
'' ''
# Bind CTRL+Backspace to delete whole word # Bind CTRL+Backspace to delete whole word
bindkey '^H' backward-kill-word bindkey '^H' backward-kill-word
export CWP_JIRA_LINK_FILE="${config.sops.secrets.cwp_jira_link.path}"
export CWP_JIRA_PAT_FILE="${config.sops.secrets.cwp_jira_pat.path}"
''; '';
# TODO: Look into whether we need to add the history attribute # TODO: Look into whether we need to add the history attribute
profileExtra = # bash profileExtra = # bash