feat(sops): add cwp jira secret and url to sops as environment variables for rafiq

secrets/secrets.yaml

@@ -1,4 +1,6 @@
 hashed_password_rafiq: ENC[AES256_GCM,data:mdlOGpXDDm7HZQU9gi7+IL/UQxDgjD76LO3LYR1zQPNq6JFBHkNrPDZ0cUedHfkFwxXmr5VSdVfNSqSArq4v7bNuD8FfW/K43w==,iv:4FPbEWDc1XIeFqYPaK07zDwQqgGSrVTGRAcaIYzXQsg=,tag:MRN+0a0uELXBSyx9RDQA7A==,type:str]
+cwp_jira_access_key: ENC[AES256_GCM,data:iGH1xqToAM72n8sZbTsrgL5azgRGWiwq4g7YSJcyhscZLAOW10nX9PHrQ9w=,iv:xR9zqg8vE2O7VuWvYYJSC9F3w2M1VY4JiD+4yxJA+4Q=,tag:DxhqjH/CjsJgZ/8d2Z/Ltg==,type:str]
+cwp_jira_link: ENC[AES256_GCM,data:7sNEkUd1AoUA8H1pWtiB24/cJP7cC98Uk1XDrfnf17jv,iv:QlsCBybTegL4lokNhD5vRyoxQJVVskZ52gQJZWoz974=,tag:0oAYSqNvyF6qqZw4gF0Jgg==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -23,8 +25,8 @@ sops:
             ZGlJMjlST1B2a1g4Uit5QkRhdFhHblUKHBDYMHxA8ZzGpII+tHLjuU1KoyQHRQr0
             D1j1VPmee1DMLt29/wEjAlY1iLrXSxmCD3Ua+MosexDJnTtBQxs8tA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-17T13:38:02Z"
+    lastmodified: "2025-03-20T12:33:27Z"
-    mac: ENC[AES256_GCM,data:gyjlmW3HBITwcZNE1Bk98V18AUCLJo/2xRwV3NvW5SvfK9vJEp7msw4860L79fZHIu4qnOhYhwUcTOqvFLs0W5kKcphw/8wPa6qPFmuby9OQnJGX35UZO4oxKrdrfFiWTKoLQ48Uk5Tnj7YZxkN5umSbACQWdcSSvflyj1Pt2m4=,iv:smcrFEtJv/hXmf96wQUlCwmU8cMaG1Zr0+azxFxw3KY=,tag:OJkE9VBp0U3zRHhgBEn1Kg==,type:str]
+    mac: ENC[AES256_GCM,data:hiN4Ew6ZVBg4hxbqx1EAwGXSLR1YyArjJCK3yruAjFhw4id4Q992wzqVBmyCQRF7jZ7d0ZjPQOXynMY8Hbx2IMZcmEM/hcP0A5ZhRbI1j98TujIbRHK0Qz5PG71/DoZF7jl6E/UNDFjW4pdVd/wxnBOpIAJ7fWOw7Hkzi2Mkess=,iv:nM0Q+T0FETBEWkJRH+BRFxFX5g0gf1BSaDJNIGbF+zE=,tag:KpJiAFbybAnqoCuW59M2YQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.4

systems/modules/common.nix

@@ -2,7 +2,8 @@
   pkgs,
   config,
   ...
-}: {
+}:
+{
   imports = [
     ./networking.nix
     ./shell.nix
@@ -15,21 +16,34 @@
     isNormalUser = true;
     description = "rafiq";
     hashedPasswordFile = config.sops.secrets.hashed_password_rafiq.path;
-    extraGroups = ["networkmanager" "wheel"];
+    extraGroups = [
+      "networkmanager"
+      "wheel"
+    ];
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILv8HqazE294YdyGaXK6q2EniDlTpGaUL071kk9+W0GJ rafiq@nemesis"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICbZfOYt6zydLyO4f9JAsxb1i6kHAjYzqa0SOqef6MKM rafiq@orpheus"
     ];
   };
 
+  environment.sessionVariables.CWP_JIRA_ACCESS_KEY_FILE =
+    config.sops.secrets.cwp_jira_access_key.path;
+  environment.sessionVariables.CWP_JIRA_LINK_FILE = config.sops.secrets.cwp_jira_link.path;
+
   security.sudo.wheelNeedsPassword = false;
 
   # Enable basic fonts for reasonable Unicode coverage
   fonts.enableDefaultPackages = true;
 
   nixpkgs.config.allowUnfree = true;
-  nix.settings.experimental-features = ["nix-command" "flakes"];
+  nix.settings.experimental-features = [
-  nix.settings.trusted-users = ["root" "@wheel"];
+    "nix-command"
+    "flakes"
+  ];
+  nix.settings.trusted-users = [
+    "root"
+    "@wheel"
+  ];
 
   environment.systemPackages = with pkgs; [
     git

systems/modules/sops.nix

@@ -1,5 +1,6 @@
-{inputs, ...}: {
+{ inputs, ... }:
-  imports = [inputs.sops-nix.nixosModules.sops];
+{
+  imports = [ inputs.sops-nix.nixosModules.sops ];
   sops = {
     defaultSopsFile = ../../secrets/secrets.yaml;
     age.sshKeyPaths = [
@@ -10,6 +11,8 @@
       hashed_password_rafiq = {
         neededForUsers = true;
       };
+      cwp_jira_access_key = { };
+      cwp_jira_link = { };
     };
   };
 }