feat(sops): add cargo registry token as secret

2025-03-25 04:45:56 +08:00 · 2025-03-25 04:45:56 +08:00 · fa620983be
commit fa620983be
parent c9b321991f
5 changed files with 21 additions and 12 deletions
--- a/systems/modules/common.nix
+++ b/systems/modules/common.nix
@ -28,10 +28,16 @@
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICbZfOYt6zydLyO4f9JAsxb1i6kHAjYzqa0SOqef6MKM rafiq@orpheus"
    ];
  };
+  environment = {
+    sessionVariables = {
+      CWP_JIRA_ACCESS_KEY_FILE = config.sops.secrets.cwp_jira_access_key.path;
+      CWP_JIRA_LINK_FILE = config.sops.secrets.cwp_jira_link.path;
+    };

-  environment.sessionVariables.CWP_JIRA_ACCESS_KEY_FILE =
-    config.sops.secrets.cwp_jira_access_key.path;
-  environment.sessionVariables.CWP_JIRA_LINK_FILE = config.sops.secrets.cwp_jira_link.path;
+    systemPackages = with pkgs; [
+      git
+    ];
+  };

  security.sudo.wheelNeedsPassword = false;

@ -48,10 +54,6 @@
    "@wheel"
  ];

-  environment.systemPackages = with pkgs; [
-    git
-  ];
-
  time.timeZone = "Asia/Singapore";

  i18n.defaultLocale = "en_SG.UTF-8";
--- a/systems/modules/sops.nix
+++ b/systems/modules/sops.nix
@ -1,4 +1,4 @@
-{ inputs, ... }:
+{ inputs, config, ... }:
 {
  imports = [ inputs.sops-nix.nixosModules.sops ];
  sops = {
@ -13,6 +13,11 @@
      };
      cwp_jira_access_key = { };
      cwp_jira_link = { };
+      cargo_api_key = {
+        mode = "0440";
+        owner = config.users.users.rafiq.name;
+        group = config.users.users.rafiq.group;
+      };
    };
  };
 }