diff --git a/hosts/common/configs/system/nix/default.nix b/hosts/common/configs/system/nix/default.nix index 46cf447..18a3c78 100644 --- a/hosts/common/configs/system/nix/default.nix +++ b/hosts/common/configs/system/nix/default.nix @@ -1,8 +1,14 @@ { config, inputs, ... }: { - sops.secrets."nix/accessTokens/github" = { - sopsFile = ../../../../../secrets/personal/secrets.yaml; - group = "users"; + sops = { + secrets."nix/accessTokens/github.com".sopsFile = ../../../../../secrets/personal/secrets.yaml; + + templates."nix-access-tokens" = { + content = '' + access-tokens = github.com=${config.sops.placeholder."nix/accessTokens/github.com"} + ''; + group = "users"; + }; }; nix = { @@ -22,7 +28,7 @@ registry.self.flake = inputs.self; extraOptions = '' - !include ${config.sops.secrets."nix/accessTokens/github".path} + !include ${config.sops.templates."nix-access-tokens".path} ''; }; } diff --git a/hosts/eirene/users/nick/configs/console/git/default.nix b/hosts/eirene/users/nick/configs/console/git/default.nix index 7633348..9ba4d3f 100644 --- a/hosts/eirene/users/nick/configs/console/git/default.nix +++ b/hosts/eirene/users/nick/configs/console/git/default.nix @@ -3,25 +3,33 @@ home ? throw "home argument is required", }: { + config, inputs, lib, system, ... }: let + hmConfig = config.home-manager.users.${user}; selfPkgs = inputs.self.packages.${system}; in { home-manager.users.${user} = { - sops.secrets = { - "git/credentials" = { - sopsFile = ../../../../../../../secrets/personal/secrets.yaml; - path = "${home}/.config/git/credentials"; + sops = { + secrets = { + "git/credentials/git.karaolidis.com/username".sopsFile = + ../../../../../../../secrets/personal/secrets.yaml; + "git/credentials/git.karaolidis.com/password".sopsFile = + ../../../../../../../secrets/personal/secrets.yaml; }; - "git/cookies" = { - sopsFile = ../../../../../../../secrets/personal/secrets.yaml; - path = "${home}/.config/git/cookies"; + templates."git/credentials" = { + content = '' + https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/username"}:${ + hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/password" + }@git.karaolidis.com + ''; + path = "${home}/.config/git/credentials"; }; }; diff --git a/hosts/elara/users/nikara/configs/console/git/default.nix b/hosts/elara/users/nikara/configs/console/git/default.nix index 00c368c..879f5fd 100644 --- a/hosts/elara/users/nikara/configs/console/git/default.nix +++ b/hosts/elara/users/nikara/configs/console/git/default.nix @@ -3,6 +3,7 @@ home ? throw "home argument is required", }: { + config, inputs, lib, system, @@ -10,19 +11,26 @@ ... }: let + hmConfig = config.home-manager.users.${user}; selfPkgs = inputs.self.packages.${system}; in { home-manager.users.${user} = { - sops.secrets = { - "git/credentials" = { - sopsFile = ../../../../../../../secrets/personal/secrets.yaml; - path = "${home}/.config/git/credentials"; + sops = { + secrets = { + "git/credentials/git.karaolidis.com/username".sopsFile = + ../../../../../../../secrets/personal/secrets.yaml; + "git/credentials/git.karaolidis.com/password".sopsFile = + ../../../../../../../secrets/personal/secrets.yaml; }; - "git/cookies" = { - sopsFile = ../../../../../../../secrets/personal/secrets.yaml; - path = "${home}/.config/git/cookies"; + templates."git/credentials" = { + content = '' + https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/username"}:${ + hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/password" + }@git.karaolidis.com + ''; + path = "${home}/.config/git/credentials"; }; }; diff --git a/hosts/elara/users/nikara/configs/console/gradle/default.nix b/hosts/elara/users/nikara/configs/console/gradle/default.nix index 5e391fa..848f2d1 100644 --- a/hosts/elara/users/nikara/configs/console/gradle/default.nix +++ b/hosts/elara/users/nikara/configs/console/gradle/default.nix @@ -2,7 +2,10 @@ user ? throw "user argument is required", home ? throw "home argument is required", }: -{ pkgs, ... }: +{ config, pkgs, ... }: +let + hmConfig = config.home-manager.users.${user}; +in { environment.persistence."/cache"."${home}/.local/share/gradle" = { }; @@ -12,8 +15,11 @@ home = ".local/share/gradle"; }; - sops.secrets."artifactory" = { - sopsFile = ../../../../../../../secrets/sas/secrets.yaml; + sops.templates."gradle.properties" = { + content = '' + cdpUser=${hmConfig.sops.placeholder."artifactory/cdp/user"} + cdpPassword=${hmConfig.sops.placeholder."artifactory/cdp/password"} + ''; path = "${home}/.local/share/gradle/gradle.properties"; }; }; diff --git a/hosts/elara/users/nikara/configs/console/podman/default.nix b/hosts/elara/users/nikara/configs/console/podman/default.nix index 8f57138..957ef14 100644 --- a/hosts/elara/users/nikara/configs/console/podman/default.nix +++ b/hosts/elara/users/nikara/configs/console/podman/default.nix @@ -2,11 +2,29 @@ user ? throw "user argument is required", home ? throw "home argument is required", }: -{ lib, ... }: { - home-manager.users.${user}.sops.secrets = { - "registry" = { - sopsFile = ../../../../../../../secrets/sas/secrets.yaml; + config, + lib, + pkgs, + ... +}: +let + hmConfig = config.home-manager.users.${user}; +in +{ + home-manager.users.${user}.sops = { + secrets."registry/cr.sas.com".sopsFile = ../../../../../../../secrets/sas/secrets.yaml; + + templates."containers-auth.json" = { + content = builtins.readFile ( + (pkgs.formats.json { }).generate "auth.json" { + auths = { + "cr.sas.com" = { + auth = hmConfig.sops.placeholder."registry/cr.sas.com"; + }; + }; + } + ); path = "${home}/.config/containers/auth.json"; }; }; diff --git a/hosts/elara/users/nikara/default.nix b/hosts/elara/users/nikara/default.nix index 13455f7..6071197 100644 --- a/hosts/elara/users/nikara/default.nix +++ b/hosts/elara/users/nikara/default.nix @@ -163,6 +163,9 @@ in sopsFile = ../../../../secrets/sas/secrets.yaml; key = "gpg/pass"; }; + + "artifactory/cdp/user".sopsFile = ../../../../secrets/sas/secrets.yaml; + "artifactory/cdp/password".sopsFile = ../../../../secrets/sas/secrets.yaml; }; programs.clipbook.bookmarks = { diff --git a/hosts/installer/users/nick/configs/console/git/default.nix b/hosts/installer/users/nick/configs/console/git/default.nix index 7633348..9ba4d3f 100644 --- a/hosts/installer/users/nick/configs/console/git/default.nix +++ b/hosts/installer/users/nick/configs/console/git/default.nix @@ -3,25 +3,33 @@ home ? throw "home argument is required", }: { + config, inputs, lib, system, ... }: let + hmConfig = config.home-manager.users.${user}; selfPkgs = inputs.self.packages.${system}; in { home-manager.users.${user} = { - sops.secrets = { - "git/credentials" = { - sopsFile = ../../../../../../../secrets/personal/secrets.yaml; - path = "${home}/.config/git/credentials"; + sops = { + secrets = { + "git/credentials/git.karaolidis.com/username".sopsFile = + ../../../../../../../secrets/personal/secrets.yaml; + "git/credentials/git.karaolidis.com/password".sopsFile = + ../../../../../../../secrets/personal/secrets.yaml; }; - "git/cookies" = { - sopsFile = ../../../../../../../secrets/personal/secrets.yaml; - path = "${home}/.config/git/cookies"; + templates."git/credentials" = { + content = '' + https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/username"}:${ + hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/password" + }@git.karaolidis.com + ''; + path = "${home}/.config/git/credentials"; }; };