43 lines
1.3 KiB
Nix
43 lines
1.3 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
sops = {
|
|
age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
|
|
defaultSopsFile = ../secrets/secrets.yaml;
|
|
defaultSopsFormat = "yaml";
|
|
|
|
secrets = {
|
|
ai_gateway_base_url = { };
|
|
ai_gateway_api_key = { };
|
|
exa_api_key = { };
|
|
context7_api_key = { };
|
|
};
|
|
};
|
|
|
|
# Generate age key from ed25519 SSH key for sops CLI
|
|
home.activation.sopsAgeKey = config.lib.dag.entryAfter [ "writeBoundary" ] ''
|
|
KEY_DIR="${config.home.homeDirectory}/.config/sops/age"
|
|
KEY_FILE="$KEY_DIR/keys.txt"
|
|
SSH_KEY="${config.home.homeDirectory}/.ssh/id_ed25519"
|
|
if [ -f "$SSH_KEY" ] && [ ! -f "$KEY_FILE" ]; then
|
|
mkdir -p "$KEY_DIR"
|
|
${pkgs.ssh-to-age}/bin/ssh-to-age -private-key -i "$SSH_KEY" > "$KEY_FILE"
|
|
chmod 600 "$KEY_FILE"
|
|
fi
|
|
'';
|
|
|
|
programs.fish.interactiveShellInit = ''
|
|
# sops-nix secrets → env vars
|
|
for pair in \
|
|
AI_GATEWAY_BASE_URL:${config.sops.secrets.ai_gateway_base_url.path} \
|
|
AI_GATEWAY_API_KEY:${config.sops.secrets.ai_gateway_api_key.path} \
|
|
EXA_API_KEY:${config.sops.secrets.exa_api_key.path} \
|
|
CONTEXT7_API_KEY:${config.sops.secrets.context7_api_key.path}
|
|
set -l parts (string split : $pair)
|
|
if test -r $parts[2]
|
|
set -gx $parts[1] (cat $parts[2])
|
|
end
|
|
end
|
|
'';
|
|
}
|