refactor(fish): use op-env namespace and xdg.configHome for env template path

2026-04-13 18:53:54 +08:00
parent 1e78149a4f
commit 067608f4f8
1 changed files with 8 additions and 4 deletions
@@ -1,9 +1,13 @@
-{ ... }:
+{ config, ... }:

+let
+  envTpl = "${config.xdg.configHome}/op-env/env.tpl";
+in
 {
  # ── 1Password env template ──────────────────────────
  # op:// references only — no real secrets, safe to commit
-  xdg.configFile."1password/env.tpl".text = ''
+  # Kept outside ~/.config/op — that dir must be 700 and owned by op CLI
+  xdg.configFile."op-env/env.tpl".text = ''
    AI_GATEWAY_BASE_URL={{ op://Private/AI Gateway API/URL }}
    AI_GATEWAY_API_KEY={{ op://Private/AI Gateway API/credential }}
    EXA_API_KEY={{ op://Private/Exa API/credential }}
@@ -62,10 +66,10 @@

      # 1Password → env vars (single op call, silent if locked)
      function op-env --description "Load secrets from 1Password"
-        if not type -q op; or not test -f ~/.config/1password/env.tpl
+        if not type -q op; or not test -f ${envTpl}
          return 1
        end
-        for line in (op inject < ~/.config/1password/env.tpl 2>/dev/null)
+        for line in (op inject < ${envTpl} 2>/dev/null)
          string match -qr '^\s*(#|$)' -- $line; and continue
          set -l kv (string split -m 1 '=' $line)
          if test (count $kv) -ge 2