Daholli/nixos-config
1
0
Fork 0
Code Issues 2 Pull requests Releases Packages Activity Actions

nix: add access-token for github

Browse source
This commit is contained in:
Christoph Hollizeck 2026-02-18 23:58:24 +01:00
parent c9486641cc
commit 1aab156439
Signed by: Daholli
GPG key ID: 249300664F2AF2C7
5 changed files with 54 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

77
flake.lock generated
View file

@ -1406,8 +1406,12 @@
}, },
"nixos-images": { "nixos-images": {
"inputs": { "inputs": {
"nixos-stable": "nixos-stable", "nixos-stable": [
"nixos-unstable": "nixos-unstable" "nixpkgs-rpi"
],
"nixos-unstable": [
"nixpkgs-rpi"
]
}, },
"locked": { "locked": {
"lastModified": 1747747741, "lastModified": 1747747741,
@ -1474,40 +1478,6 @@
"type": "github" "type": "github"
} }
}, },
"nixos-stable": {
"locked": {
"lastModified": 1746957726,
"narHash": "sha256-k9ut1LSfHCr0AW82ttEQzXVCqmyWVA5+SHJkS5ID/Jo=",
"ref": "nixos-24.11",
"rev": "a39ed32a651fdee6842ec930761e31d1f242cb94",
"shallow": true,
"type": "git",
"url": "https://github.com/NixOS/nixpkgs"
},
"original": {
"ref": "nixos-24.11",
"shallow": true,
"type": "git",
"url": "https://github.com/NixOS/nixpkgs"
}
},
"nixos-unstable": {
"locked": {
"lastModified": 1747060738,
"narHash": "sha256-ByfPRQuqj+nhtVV0koinEpmJw0KLzNbgcgi9EF+NVow=",
"ref": "nixpkgs-unstable",
"rev": "eaeed9530c76ce5f1d2d8232e08bec5e26f18ec1",
"shallow": true,
"type": "git",
"url": "https://github.com/NixOS/nixpkgs"
},
"original": {
"ref": "nixpkgs-unstable",
"shallow": true,
"type": "git",
"url": "https://github.com/NixOS/nixpkgs"
}
},
"nixos-wsl": { "nixos-wsl": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_5", "flake-compat": "flake-compat_5",
@ -1547,11 +1517,11 @@
}, },
"nixpkgs-latest-factorio": { "nixpkgs-latest-factorio": {
"locked": { "locked": {
"lastModified": 1771449080, "lastModified": 1771455027,
"narHash": "sha256-gMHK6Mt1TgU1WoRSbEH8I6xQYi5GcYf6Dx4Ft91sohw=", "narHash": "sha256-cTx+FXH4iq6nil753azcwgs7H6F16CLz26RPIRKuGCM=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ff37ee0d7279ca4ce555ee5bc94fcb0f58b60b1d", "rev": "1720090b48306293c69ec01af7ee7f416a81d534",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1563,11 +1533,11 @@
}, },
"nixpkgs-latest-minecraft": { "nixpkgs-latest-minecraft": {
"locked": { "locked": {
"lastModified": 1771449080, "lastModified": 1771455027,
"narHash": "sha256-gMHK6Mt1TgU1WoRSbEH8I6xQYi5GcYf6Dx4Ft91sohw=", "narHash": "sha256-cTx+FXH4iq6nil753azcwgs7H6F16CLz26RPIRKuGCM=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ff37ee0d7279ca4ce555ee5bc94fcb0f58b60b1d", "rev": "1720090b48306293c69ec01af7ee7f416a81d534",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1609,11 +1579,11 @@
}, },
"nixpkgs-master": { "nixpkgs-master": {
"locked": { "locked": {
"lastModified": 1771449080, "lastModified": 1771455027,
"narHash": "sha256-gMHK6Mt1TgU1WoRSbEH8I6xQYi5GcYf6Dx4Ft91sohw=", "narHash": "sha256-cTx+FXH4iq6nil753azcwgs7H6F16CLz26RPIRKuGCM=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ff37ee0d7279ca4ce555ee5bc94fcb0f58b60b1d", "rev": "1720090b48306293c69ec01af7ee7f416a81d534",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1623,6 +1593,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-rpi": {
"locked": {
"lastModified": 1770234462,
"narHash": "sha256-Ab6VqbckLApCrZlj8+HXJkPhMiquUP84osaSOZzA3HI=",
"owner": "nvmd",
"repo": "nixpkgs",
"rev": "071e76e7df3520f30f8a213b37f2f3f4cd96e937",
"type": "github"
},
"original": {
"owner": "nvmd",
"ref": "modules-with-keys-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1771208521, "lastModified": 1771208521,
@ -1875,6 +1861,7 @@
"nixpkgs-latest-factorio": "nixpkgs-latest-factorio", "nixpkgs-latest-factorio": "nixpkgs-latest-factorio",
"nixpkgs-latest-minecraft": "nixpkgs-latest-minecraft", "nixpkgs-latest-minecraft": "nixpkgs-latest-minecraft",
"nixpkgs-master": "nixpkgs-master", "nixpkgs-master": "nixpkgs-master",
"nixpkgs-rpi": "nixpkgs-rpi",
"nixpkgs-stable": "nixpkgs-stable_2", "nixpkgs-stable": "nixpkgs-stable_2",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"simple-nixos-mailserver": "simple-nixos-mailserver", "simple-nixos-mailserver": "simple-nixos-mailserver",

1
modules/base/default.nix
View file

@ -59,7 +59,6 @@
]; ];
sops = { sops = {
defaultSopsFile = ../../../secrets/secrets.yaml;
defaultSopsFormat = "yaml"; defaultSopsFormat = "yaml";
age = { age = {

17
modules/base/system/nixdaemon.nix
View file

@ -34,9 +34,25 @@
clean.extraArgs = "--keep-since 7d --keep 5"; clean.extraArgs = "--keep-since 7d --keep 5";
}; };
sops = {
secrets."github/pat" = {
sopsFile = ../../../secrets/secrets.yaml;
};
templates."access_tokens.conf" = {
content = ''
access-tokens = github.com=${config.sops.placeholder."github/pat"}
'';
owner = "root";
group = "secrets-access";
mode = "0440";
};
};
nix = { nix = {
package = pkgs.lix; package = pkgs.lix;
extraOptions = "!include ${config.sops.templates."access_tokens.conf".path}";
settings = settings =
let let
users = [ users = [
@ -47,6 +63,7 @@
++ lib.optional config.services.hydra.enable "hydra hydra-www hydra-evaluator"; ++ lib.optional config.services.hydra.enable "hydra hydra-www hydra-evaluator";
in in
{ {
nix-path = "nixpkgs=flake:nixpkgs"; nix-path = "nixpkgs=flake:nixpkgs";
experimental-features = "nix-command flakes"; experimental-features = "nix-command flakes";
http-connections = 50; http-connections = 50;

2
modules/users/cholli/default.nix
View file

@ -47,7 +47,7 @@ topLevel: {
sopsFile = ./../../../secrets/secrets.yaml; sopsFile = ./../../../secrets/secrets.yaml;
neededForUsers = true; neededForUsers = true;
}; };
users.groups.secrets-access.members = [ "cholli" ];
users.users.cholli = { users.users.cholli = {
description = topLevel.config.flake.meta.users.cholli.name; description = topLevel.config.flake.meta.users.cholli.name;
isNormalUser = true; isNormalUser = true;

6
secrets/secrets.yaml
View file

@ -1,6 +1,8 @@
passwordHash: ENC[AES256_GCM,data:T1rPJ5PhicrB54KxuTF2VT9i54uOngZnp1dS1xE/2qiuVUNUmYDrtryCk3nupJx9IVf0XqymQ3ut9A6YD1NjGvCBN+Klk2aevA==,iv:u9tpn9VAwn4yrChxICV6KgHFnvV5rpwKq6WWBjwntEk=,tag:sU9GebazI7gNuLSNO4Sjww==,type:str] passwordHash: ENC[AES256_GCM,data:T1rPJ5PhicrB54KxuTF2VT9i54uOngZnp1dS1xE/2qiuVUNUmYDrtryCk3nupJx9IVf0XqymQ3ut9A6YD1NjGvCBN+Klk2aevA==,iv:u9tpn9VAwn4yrChxICV6KgHFnvV5rpwKq6WWBjwntEk=,tag:sU9GebazI7gNuLSNO4Sjww==,type:str]
samba: samba:
cholli: ENC[AES256_GCM,data:x2fZ8VcSAcelCj9/Tjp2I1KNeLo=,iv:66Je1+TL6jtnC+LZS3747yq/c6zI4FwlBXH1BjIFeDk=,tag:+vujtFcdKTcsyBisC/UyNA==,type:str] cholli: ENC[AES256_GCM,data:x2fZ8VcSAcelCj9/Tjp2I1KNeLo=,iv:66Je1+TL6jtnC+LZS3747yq/c6zI4FwlBXH1BjIFeDk=,tag:+vujtFcdKTcsyBisC/UyNA==,type:str]
github:
pat: ENC[AES256_GCM,data:HXps9ZUjTDjQDSQMdLXzXEvXsG55VgJaFD0zL87QnS3bDj4Ok8PeqA==,iv:OoY4AP3caKeES4P6qyQeGzX7fvp/Xz/Q65eYa1ZmOIU=,tag:71y7zxIlO8EmFAN8Eb/x5Q==,type:str]
remotebuild: remotebuild:
private-key: ENC[AES256_GCM,data:kLF+Mo5EIS5mu8be0nDVRTAb7mzt6dtEL56aG4mV2BxLRcyUZXs7eCbj7j7sOpjqz0k8m+1lHAouvNjyzxANeH10/R3Fy3GZqeWtgJSOEQE3biZaD3dqz0e3Gv3ib/Y0yNYTafosCmn6CmPIsVfiE/dfS1oM2Ksrf/AQ3ufPKIdV0h+p5SK6LnhpBqxgIf7s3MFbBzR+iEgxn1jnmCLaoVqNXhO2tmQqgmRHyh2kHruFj9ZwUi6mWDBie7zX7qlOt/m9p5QN/v5KWn4CfMDWzMlSTYdjEd6lUlP8UC35MJafVT59ioF+ueqePhr4DyDR7d+Cg6Z/iNHWiSH1z17p4Rxt3D4IAverqcd1i8c92C8S4NJKvtWRyfMgZMB3/iG2ZqrLcJXlxrZZKZ9X5B+y5a0Ljb+Vg00V68ktFISt7vAsK79Qy/QjHCotXY0uugkeaGnxS1qhig5tmXdxD+OKk/cJt0kqYEyUFKVQf9unr6xaD2IuOkFKyp/fYhU5LfS0uiAt99ENrfNrIRdHAsUvgWW6Sq7qSVmjkLfU,iv:mlYWlmFT0Ybmn26Spqri5E9zRkrBweV6bWvvByLnIvs=,tag:tdB7dw+GMnr5/8fXoem10w==,type:str] private-key: ENC[AES256_GCM,data:kLF+Mo5EIS5mu8be0nDVRTAb7mzt6dtEL56aG4mV2BxLRcyUZXs7eCbj7j7sOpjqz0k8m+1lHAouvNjyzxANeH10/R3Fy3GZqeWtgJSOEQE3biZaD3dqz0e3Gv3ib/Y0yNYTafosCmn6CmPIsVfiE/dfS1oM2Ksrf/AQ3ufPKIdV0h+p5SK6LnhpBqxgIf7s3MFbBzR+iEgxn1jnmCLaoVqNXhO2tmQqgmRHyh2kHruFj9ZwUi6mWDBie7zX7qlOt/m9p5QN/v5KWn4CfMDWzMlSTYdjEd6lUlP8UC35MJafVT59ioF+ueqePhr4DyDR7d+Cg6Z/iNHWiSH1z17p4Rxt3D4IAverqcd1i8c92C8S4NJKvtWRyfMgZMB3/iG2ZqrLcJXlxrZZKZ9X5B+y5a0Ljb+Vg00V68ktFISt7vAsK79Qy/QjHCotXY0uugkeaGnxS1qhig5tmXdxD+OKk/cJt0kqYEyUFKVQf9unr6xaD2IuOkFKyp/fYhU5LfS0uiAt99ENrfNrIRdHAsUvgWW6Sq7qSVmjkLfU,iv:mlYWlmFT0Ybmn26Spqri5E9zRkrBweV6bWvvByLnIvs=,tag:tdB7dw+GMnr5/8fXoem10w==,type:str]
cholli: cholli:
@ -52,7 +54,7 @@ sops:
SkVjdXVSR0h3bWtwazBpaTRUM0ZMS1kKG/zf54NMDxEkmzPtkOUN4wir5LKEE8Oh SkVjdXVSR0h3bWtwazBpaTRUM0ZMS1kKG/zf54NMDxEkmzPtkOUN4wir5LKEE8Oh
sV5/1sVu2+xaRDx4l0bIKrFWdLouY3ZsPZihreAIEB5qtzlfBx6CoA== sV5/1sVu2+xaRDx4l0bIKrFWdLouY3ZsPZihreAIEB5qtzlfBx6CoA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-05T08:30:43Z" lastmodified: "2026-02-18T21:46:42Z"
mac: ENC[AES256_GCM,data:LTyEkbTw+SVqAqpB2Zl8slxMM18OOIY3R76iPySkhhtUfwnki7fMExjuniq7tsMJfT4Ssp2jvSsNERsxbhxs/96OnH/CQtDva7N64yW3AM7nn5Ha6vb82YeNWcq2+aEqt1l2AF1Kva6lFzBz4tWT6lfHpfEQonpAOdLxT55dspo=,iv:dTnvZOKZUPYYGKqWS6TbrQMOJnzSCrBcZ0Tul56Da2c=,tag:32HcHZhjLHvov+Rb+cNkcw==,type:str] mac: ENC[AES256_GCM,data:1F3VW7Fok4sr2JtrQYmBADzPZvmQ52zb2cV6ByZg2xwpjolzh2P87YVYOogpEDqbL1sRCEVh3caABNDEgXNRr7td+x4Ji8EPc5q6m9vGNG0KcY4bQJofnCj1XxRZ9EuaheoZ4MRlhA6h6Eah4Mkq5pE6kVn7FbiX4rAzxg7RMIQ=,iv:l4jRsio+2mdaNK9bgIw4r+qneLu+Vl1cxnb7AbWQvm0=,tag:qRuFRsI/Walnf7IgBwsUSQ==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0