rrvsh/pantheon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(sops): add cargo registry token as secret

Browse source
This commit is contained in:
Mohammad Rafiq 2025-03-25 04:45:56 +08:00
parent c9b321991f
commit fa620983be
No known key found for this signature in database
5 changed files with 21 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

5
secrets/secrets.yaml
View file

@ -1,6 +1,7 @@
hashed_password_rafiq: ENC[AES256_GCM,data:mdlOGpXDDm7HZQU9gi7+IL/UQxDgjD76LO3LYR1zQPNq6JFBHkNrPDZ0cUedHfkFwxXmr5VSdVfNSqSArq4v7bNuD8FfW/K43w==,iv:4FPbEWDc1XIeFqYPaK07zDwQqgGSrVTGRAcaIYzXQsg=,tag:MRN+0a0uELXBSyx9RDQA7A==,type:str] hashed_password_rafiq: ENC[AES256_GCM,data:mdlOGpXDDm7HZQU9gi7+IL/UQxDgjD76LO3LYR1zQPNq6JFBHkNrPDZ0cUedHfkFwxXmr5VSdVfNSqSArq4v7bNuD8FfW/K43w==,iv:4FPbEWDc1XIeFqYPaK07zDwQqgGSrVTGRAcaIYzXQsg=,tag:MRN+0a0uELXBSyx9RDQA7A==,type:str]
rafiq-nemesis: ENC[AES256_GCM,data:W+739P+Q2PR3pFNXITIB1p2skE6woBweR92s+dCDBY2qovhI1HkP2eEKIAjkd4XT+re0HEA/LDOgxBEx4YB9GOHY/rgf7HI/8/MzevaU1UGSXTXAlDhRDj7GP7XV3BfmxOsAPgrDeca7rN7QHto9EXJiZRril9KIlFQhrHEljXvQQ0Hu1gAVdQoRuMjxk7KFlJ7FPUVq862Dgtwow5M2Lg69sMJdE/aW8uW//nkmvvLEpd7aen2LaDTxydiPHebLCEHEIG/0muexnxhqtuy0Emx0OISZwbL6G5IG2Oa65TvDg3ZKSvnlLpOvqYa1alAmscdkzw5xGIoVjDW+DIb67NrmB9MBeVF+g70g/TGBURCNU3ZysvpNueU5OAEExi3t6S32qzQFn0iAJXwuGnnZhsJMCU5wmGt/6PeYOt5wR7J8GtseK8jxs0/0FMtDGniR9lQwsp7WNFiB+OJHXrDm2/iG0GioUOWKayrpFp4yiGUXxAaETal7q1bFWsv/eYtWoz9QsToR9HE=,iv:IhnHuLY3oxtImw6DzJIbTb/Xrj6yablexVD29wZgRis=,tag:TT6xfdCL4vxx/Q5NsL3BUA==,type:str] rafiq-nemesis: ENC[AES256_GCM,data:W+739P+Q2PR3pFNXITIB1p2skE6woBweR92s+dCDBY2qovhI1HkP2eEKIAjkd4XT+re0HEA/LDOgxBEx4YB9GOHY/rgf7HI/8/MzevaU1UGSXTXAlDhRDj7GP7XV3BfmxOsAPgrDeca7rN7QHto9EXJiZRril9KIlFQhrHEljXvQQ0Hu1gAVdQoRuMjxk7KFlJ7FPUVq862Dgtwow5M2Lg69sMJdE/aW8uW//nkmvvLEpd7aen2LaDTxydiPHebLCEHEIG/0muexnxhqtuy0Emx0OISZwbL6G5IG2Oa65TvDg3ZKSvnlLpOvqYa1alAmscdkzw5xGIoVjDW+DIb67NrmB9MBeVF+g70g/TGBURCNU3ZysvpNueU5OAEExi3t6S32qzQFn0iAJXwuGnnZhsJMCU5wmGt/6PeYOt5wR7J8GtseK8jxs0/0FMtDGniR9lQwsp7WNFiB+OJHXrDm2/iG0GioUOWKayrpFp4yiGUXxAaETal7q1bFWsv/eYtWoz9QsToR9HE=,iv:IhnHuLY3oxtImw6DzJIbTb/Xrj6yablexVD29wZgRis=,tag:TT6xfdCL4vxx/Q5NsL3BUA==,type:str]
rafiq-mellinoe: ENC[AES256_GCM,data:1Ouj3GcmYfWsMmaQ1eDnbLuKk0BH2ec8yqYdA9kmKVIAX66IFnk9yMJd/2ECF7lAqx+Uqvul+f8xuNfXINTVgUQ1jQIT8FFbWzsAc6aJZbzWG79cdM90uQyJXOY/zVkDsYiL9UcVzIf26hjZqjarouyPhq7qtokatS1QgVFzDjQjhKOGyiaBVNElgFCdzXtzb3on6v381R3pCGePCjwBjEBuNTzXrqGgHs9FHjvga9z0Vry4bUKsZQvs/Vxa8QSX7+5jslEFk0bUmypBmg+Qv/89FbYHgMmfR2D26kZhVzxlXA4F7ZJvxeYbcOJw3r55SsQGwgB3Te08jG6rK8JFb7JahJ0qBm73ZJkH8y0bEXgNj9JwdNIoX4RnHy5ihgnmwK7GICD9jk6gXbzcbcohi6+ZcreCDKEhnYU9Y3mh8CwqwS+IafDTKFrHrJibikVTlPG7jcclaTWQiAvDjDHvHUnr360QmhFfUs8xGu7f+7aKYcAH6jSOLzPWCPQfp/w8ETq+bTd8DkulSGjmGRghJCxXOTk=,iv:hO2wQHi+hTqmM0c1UbJMqx1z/77G1rQ1R/R7GkI/yBU=,tag:NatoghXfI5/BHejnciFv4w==,type:str] rafiq-mellinoe: ENC[AES256_GCM,data:1Ouj3GcmYfWsMmaQ1eDnbLuKk0BH2ec8yqYdA9kmKVIAX66IFnk9yMJd/2ECF7lAqx+Uqvul+f8xuNfXINTVgUQ1jQIT8FFbWzsAc6aJZbzWG79cdM90uQyJXOY/zVkDsYiL9UcVzIf26hjZqjarouyPhq7qtokatS1QgVFzDjQjhKOGyiaBVNElgFCdzXtzb3on6v381R3pCGePCjwBjEBuNTzXrqGgHs9FHjvga9z0Vry4bUKsZQvs/Vxa8QSX7+5jslEFk0bUmypBmg+Qv/89FbYHgMmfR2D26kZhVzxlXA4F7ZJvxeYbcOJw3r55SsQGwgB3Te08jG6rK8JFb7JahJ0qBm73ZJkH8y0bEXgNj9JwdNIoX4RnHy5ihgnmwK7GICD9jk6gXbzcbcohi6+ZcreCDKEhnYU9Y3mh8CwqwS+IafDTKFrHrJibikVTlPG7jcclaTWQiAvDjDHvHUnr360QmhFfUs8xGu7f+7aKYcAH6jSOLzPWCPQfp/w8ETq+bTd8DkulSGjmGRghJCxXOTk=,iv:hO2wQHi+hTqmM0c1UbJMqx1z/77G1rQ1R/R7GkI/yBU=,tag:NatoghXfI5/BHejnciFv4w==,type:str]
cargo_api_key: ENC[AES256_GCM,data:kZ2ic/3Ig2x1s4LJITanu1WsQ1MnQCC9Z6+kTzrHXmM+iBE=,iv:7wy6F5v1A1/N+ZorQat0lswDy+dgwdg/jlfYYIv8cWc=,tag:bfr/DVnFCUSWtXKlMkqZHg==,type:str]
cwp_jira_access_key: ENC[AES256_GCM,data:iGH1xqToAM72n8sZbTsrgL5azgRGWiwq4g7YSJcyhscZLAOW10nX9PHrQ9w=,iv:xR9zqg8vE2O7VuWvYYJSC9F3w2M1VY4JiD+4yxJA+4Q=,tag:DxhqjH/CjsJgZ/8d2Z/Ltg==,type:str] cwp_jira_access_key: ENC[AES256_GCM,data:iGH1xqToAM72n8sZbTsrgL5azgRGWiwq4g7YSJcyhscZLAOW10nX9PHrQ9w=,iv:xR9zqg8vE2O7VuWvYYJSC9F3w2M1VY4JiD+4yxJA+4Q=,tag:DxhqjH/CjsJgZ/8d2Z/Ltg==,type:str]
cwp_jira_link: ENC[AES256_GCM,data:7sNEkUd1AoUA8H1pWtiB24/cJP7cC98Uk1XDrfnf17jv,iv:QlsCBybTegL4lokNhD5vRyoxQJVVskZ52gQJZWoz974=,tag:0oAYSqNvyF6qqZw4gF0Jgg==,type:str] cwp_jira_link: ENC[AES256_GCM,data:7sNEkUd1AoUA8H1pWtiB24/cJP7cC98Uk1XDrfnf17jv,iv:QlsCBybTegL4lokNhD5vRyoxQJVVskZ52gQJZWoz974=,tag:0oAYSqNvyF6qqZw4gF0Jgg==,type:str]
sops: sops:
@ -27,8 +28,8 @@ sops:
dGZmTEN0NWlnVExHczNYdHphbUJRaFEKEWtxkXbzZheNzX4tMirXa5mGrctwIdhv dGZmTEN0NWlnVExHczNYdHphbUJRaFEKEWtxkXbzZheNzX4tMirXa5mGrctwIdhv
7T1dBHn2h3B5FUHe5RVgQpEJvQD6ed2AIeY6XSAkt7ofhUzHzMNGow== 7T1dBHn2h3B5FUHe5RVgQpEJvQD6ed2AIeY6XSAkt7ofhUzHzMNGow==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-22T10:25:55Z" lastmodified: "2025-03-24T19:58:38Z"
mac: ENC[AES256_GCM,data:xiRUjBCnTGf2V+fHA8HLw9jvIVgFuMl1K4exHeX/ykKeh5z9fHFcRj9mcJcE8ZxXvax8MiWeHf9H93PsEy7ocD6FvBD04tWL5oHOgZtuUs4u2RpVR+/PyvUMdVhv9I78U/aJMv19bshwCCbS4TqTKR9bzZy5e0kQPb0NK9K3OlI=,iv:fQzFqToEI27775xdhXI/ObPO2/+vZY29O/ll2+jCTb4=,tag:KqM0KNMX5TvHP74MwQoz0A==,type:str] mac: ENC[AES256_GCM,data:5gGR1ikHTkAfcZarOpuus9jDgarFPbGEecs5rJUM6EcvKUsdk+x00iCiT7TNyAusf7qCQ85Lrl+EVb1XJ6qq7qOe+q+uIukKbs4mIftiz1w1dsQlFeo5QBjsLI8+7cCik92gAF6bBKzf+P1nZ0h9gMCbiVUiBEGkubRiEdwDnWg=,iv:gEflEBaZ/JgFuJCflaS4PbBC2/eWKSPDktk4Q4hicKA=,tag:+fuM6FhldSETQ/Cs9ANsow==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.4 version: 3.9.4

16
systems/modules/common.nix
View file

@ -28,10 +28,16 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICbZfOYt6zydLyO4f9JAsxb1i6kHAjYzqa0SOqef6MKM rafiq@orpheus" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICbZfOYt6zydLyO4f9JAsxb1i6kHAjYzqa0SOqef6MKM rafiq@orpheus"
]; ];
}; };
environment = {
sessionVariables = {
CWP_JIRA_ACCESS_KEY_FILE = config.sops.secrets.cwp_jira_access_key.path;
CWP_JIRA_LINK_FILE = config.sops.secrets.cwp_jira_link.path;
};
environment.sessionVariables.CWP_JIRA_ACCESS_KEY_FILE = systemPackages = with pkgs; [
config.sops.secrets.cwp_jira_access_key.path; git
environment.sessionVariables.CWP_JIRA_LINK_FILE = config.sops.secrets.cwp_jira_link.path; ];
};
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
@ -48,10 +54,6 @@
"@wheel" "@wheel"
]; ];
environment.systemPackages = with pkgs; [
git
];
time.timeZone = "Asia/Singapore"; time.timeZone = "Asia/Singapore";
i18n.defaultLocale = "en_SG.UTF-8"; i18n.defaultLocale = "en_SG.UTF-8";

7
systems/modules/sops.nix
View file

@ -1,4 +1,4 @@
{ inputs, ... }: { inputs, config, ... }:
{ {
imports = [ inputs.sops-nix.nixosModules.sops ]; imports = [ inputs.sops-nix.nixosModules.sops ];
sops = { sops = {
@ -13,6 +13,11 @@
}; };
cwp_jira_access_key = { }; cwp_jira_access_key = { };
cwp_jira_link = { }; cwp_jira_link = { };
cargo_api_key = {
mode = "0440";
owner = config.users.users.rafiq.name;
group = config.users.users.rafiq.group;
};
}; };
}; };
} }

4
users/modules/programs/zsh.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }: { pkgs, osConfig, ... }:
{ {
programs.zsh = { programs.zsh = {
enable = true; enable = true;
@ -12,6 +12,8 @@
'' ''
# Bind CTRL+Backspace to delete whole word # Bind CTRL+Backspace to delete whole word
bindkey '^H' backward-kill-word bindkey '^H' backward-kill-word
# Set Cargo Registry Token
export CARGO_REGISTRY_TOKEN="$(cat ${osConfig.sops.secrets.cargo_api_key.path})"
''; '';
# TODO: Look into whether we need to add the history attribute # TODO: Look into whether we need to add the history attribute
profileExtra = # bash profileExtra = # bash

1
users/modules/sh.nix
View file

@ -6,7 +6,6 @@
./programs/direnv.nix ./programs/direnv.nix
./programs/fzf.nix ./programs/fzf.nix
./programs/git.nix ./programs/git.nix
./programs/cargo.nix
./programs/nvf.nix ./programs/nvf.nix
./programs/starship.nix ./programs/starship.nix
./programs/tealdeer.nix ./programs/tealdeer.nix