nix: add access-token for github

2026-02-18 23:58:24 +01:00 · 2026-02-18 23:58:24 +01:00 · 1aab156439
commit 1aab156439
parent c9486641cc
5 changed files with 54 additions and 49 deletions
--- a/modules/base/default.nix
+++ b/modules/base/default.nix
@ -59,7 +59,6 @@
          ];

          sops = {
-            defaultSopsFile = ../../../secrets/secrets.yaml;
            defaultSopsFormat = "yaml";

            age = {
--- a/modules/base/system/nixdaemon.nix
+++ b/modules/base/system/nixdaemon.nix
@ -34,9 +34,25 @@
        clean.extraArgs = "--keep-since 7d --keep 5";
      };

+      sops = {
+        secrets."github/pat" = {
+          sopsFile = ../../../secrets/secrets.yaml;
+        };
+        templates."access_tokens.conf" = {
+          content = ''
+            access-tokens = github.com=${config.sops.placeholder."github/pat"}
+          '';
+          owner = "root";
+          group = "secrets-access";
+          mode = "0440";
+        };
+      };
+
      nix = {
        package = pkgs.lix;

+        extraOptions = "!include ${config.sops.templates."access_tokens.conf".path}";
+
        settings =
          let
            users = [
@ -47,6 +63,7 @@
            ++ lib.optional config.services.hydra.enable "hydra hydra-www hydra-evaluator";
          in
          {
+
            nix-path = "nixpkgs=flake:nixpkgs";
            experimental-features = "nix-command flakes";
            http-connections = 50;