diff --git a/SwarselSystems.org b/SwarselSystems.org index bfdee4a..eec648a 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -3889,7 +3889,7 @@ in } #+end_src -**** Expose home-manager secrets in NixOS (automatically active) +**** Expose home-manager sops secrets in NixOS (automatically active) #+begin_src nix-ts :tangle modules/nixos/common/home-manager-secrets.nix { lib, config, globals, ... }: @@ -3913,6 +3913,7 @@ in fever-pw = { path = "${homeDir}/.emacs.d/.fever"; owner = mainUser; }; }) // (lib.optionalAttrs modules.zsh { croc-password = { owner = mainUser; }; + github-nixpkgs-review-token = { owner = mainUser; }; }) // (lib.optionalAttrs modules.emacs { emacs-radicale-pw = { owner = mainUser; }; }); @@ -4632,7 +4633,9 @@ Next, we will setup some environment variables that need to be set on the system gst-plugins-ugly gst-libav ]); - }; + } // (lib.optionalAttrs (!config.swarselsystems.isPublic) { + GITHUB_NOTIFICATION_TOKEN_PATH = config.sops.secrets.github-notifications-token.path; + }); }; }; } @@ -11210,6 +11213,7 @@ Sets environment variables. Here I am only setting the EDITOR variable, most var SWARSEL_CAL3NAME = source3-name; SWARSEL_FULLNAME = fullName; SWARSEL_MAIL_ALL = allMailAddresses; + GITHUB_NOTIFICATION_TOKEN_PATH = nixosConfig.sops.secrets.github-notifications-token.path; }; }; } @@ -11681,6 +11685,7 @@ Currently I only use it as before with =initExtra= though. sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { croc-password = { }; + github-nixpkgs-review-token = { }; }; programs.zsh = { @@ -11715,8 +11720,10 @@ Currently I only use it as before with =initExtra= though. boot-diff = "nix store diff-closures /run/*-system"; gen-diff = "nix profile diff-closures --profile /nix/var/nix/profiles/system"; cc = "wl-copy"; - topology = "nix build .#topology.x86_64-linux.config.output"; - iso = "nix build --print-out-paths .#live-iso"; + build-topology = "nix build .#topology.x86_64-linux.config.output"; + build-iso = "nix build --print-out-paths .#live-iso"; + nix-review- = "nix run nixpkgs#nixpkgs-review -- rev HEAD"; + nix-review-post = "nix run nixpkgs#nixpkgs-review -- pr --post-result --systems linux"; } config.swarselsystems.shellAliases; autosuggestion.enable = true; @@ -11790,6 +11797,7 @@ Currently I only use it as before with =initExtra= though. bindkey '^H' my-backward-delete-word export CROC_PASS="$(cat ${nixosConfig.sops.secrets.croc-password.path})" + export GITHUB_TOKEN="$(cat ${nixosConfig.sops.secrets.github-nixpkgs-review-token.path})" ''; }; }; diff --git a/modules/home/common/env.nix b/modules/home/common/env.nix index a2604c5..f0404da 100644 --- a/modules/home/common/env.nix +++ b/modules/home/common/env.nix @@ -31,6 +31,7 @@ in SWARSEL_CAL3NAME = source3-name; SWARSEL_FULLNAME = fullName; SWARSEL_MAIL_ALL = allMailAddresses; + GITHUB_NOTIFICATION_TOKEN_PATH = nixosConfig.sops.secrets.github-notifications-token.path; }; }; } diff --git a/modules/home/common/zsh.nix b/modules/home/common/zsh.nix index 0fae0c0..17fe339 100644 --- a/modules/home/common/zsh.nix +++ b/modules/home/common/zsh.nix @@ -15,6 +15,7 @@ in sops.secrets = lib.mkIf (!config.swarselsystems.isPublic && !config.swarselsystems.isNixos) { croc-password = { }; + github-nixpkgs-review-token = { }; }; programs.zsh = { @@ -49,8 +50,10 @@ in boot-diff = "nix store diff-closures /run/*-system"; gen-diff = "nix profile diff-closures --profile /nix/var/nix/profiles/system"; cc = "wl-copy"; - topology = "nix build .#topology.x86_64-linux.config.output"; - iso = "nix build --print-out-paths .#live-iso"; + build-topology = "nix build .#topology.x86_64-linux.config.output"; + build-iso = "nix build --print-out-paths .#live-iso"; + nix-review- = "nix run nixpkgs#nixpkgs-review -- rev HEAD"; + nix-review-post = "nix run nixpkgs#nixpkgs-review -- pr --post-result --systems linux"; } config.swarselsystems.shellAliases; autosuggestion.enable = true; @@ -124,6 +127,7 @@ in bindkey '^H' my-backward-delete-word export CROC_PASS="$(cat ${nixosConfig.sops.secrets.croc-password.path})" + export GITHUB_TOKEN="$(cat ${nixosConfig.sops.secrets.github-nixpkgs-review-token.path})" ''; }; }; diff --git a/modules/nixos/client/env.nix b/modules/nixos/client/env.nix index ad9fad9..a7ad7a5 100644 --- a/modules/nixos/client/env.nix +++ b/modules/nixos/client/env.nix @@ -13,7 +13,9 @@ gst-plugins-ugly gst-libav ]); - }; + } // (lib.optionalAttrs (!config.swarselsystems.isPublic) { + GITHUB_NOTIFICATION_TOKEN_PATH = config.sops.secrets.github-notifications-token.path; + }); }; }; } diff --git a/modules/nixos/common/home-manager-secrets.nix b/modules/nixos/common/home-manager-secrets.nix index a4ade64..3be77fa 100644 --- a/modules/nixos/common/home-manager-secrets.nix +++ b/modules/nixos/common/home-manager-secrets.nix @@ -19,6 +19,7 @@ in fever-pw = { path = "${homeDir}/.emacs.d/.fever"; owner = mainUser; }; }) // (lib.optionalAttrs modules.zsh { croc-password = { owner = mainUser; }; + github-nixpkgs-review-token = { owner = mainUser; }; }) // (lib.optionalAttrs modules.emacs { emacs-radicale-pw = { owner = mainUser; }; }); diff --git a/secrets/general/secrets.yaml b/secrets/general/secrets.yaml index ebaf097..412f4aa 100644 --- a/secrets/general/secrets.yaml +++ b/secrets/general/secrets.yaml @@ -22,6 +22,8 @@ croc-password: ENC[AES256_GCM,data:uz7vI2rrPi1uTKEks4IPnWOt/R6ydlp/cQ==,iv:ZE01X github-api-token: ENC[AES256_GCM,data:9AhHkmv4JUjmir77INYflGvjNWW/E17FmfoXs5IUnAlL7B/l8s7UlVob0Az4lOUnm3+R0RWJz0HKMvOdZVZjd3RakdoWqvBHFqOVNF1MNthg2izIiaERsnDXcxj54qJfpD505xFSBWmnTKWVwRZlW5WEsFPuvaVy,iv:wzXT+qsn4VG+R8tGU33EWoaMKs4c/BB5W7f2JvuX2eY=,tag:EEhbktsmWHBwh0iBtfaXlA==,type:str] #ENC[AES256_GCM,data:vQF1i7rtfz/MBElKIN9j8N0=,iv:jf2SZpulx85yx2sHcnA3iwkiXJcHq4x1fdBUcSRuiK0=,tag:WpUNpH6/8jDvQA8zRGrdKg==,type:comment] emacs-radicale-pw: ENC[AES256_GCM,data:BIORG0geX8s1WOA=,iv:SeoVn8xHlqQGxZzHrm5I5LITMoutRnz3OygswDc96ew=,tag:C3S4a8IEvCjHgAyRrCaaRw==,type:str] +#ENC[AES256_GCM,data:qsBNKxd3Ng==,iv:1fNMDJt7vgKFSdghYBZsuDoZ1sWvzj1Zu8NmkjX6Zh8=,tag:0D7EsgN8B1z7/y4iZS/PtQ==,type:comment] +github-nixpkgs-review-token: ENC[AES256_GCM,data:/4ssZAEwEc9fZeR69GCvLMm4eRv4uabyDbGDGqfRUllO5DVSbZxO+A==,iv:mcARvAyPAB9pyCGFy2A/6qeZbSepHyWVNyusaQ5ze3I=,tag:o7AP6g8XHkPUaCnXK3CFig==,type:str] sops: age: - recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 @@ -87,8 +89,8 @@ sops: SjV6L3crUkdLWTlsNFgyRHBla2FFam8KILYsNbLdCirfoC/Vex8yEYpS2G4O0EQP wa1xzPk3Ue0/g67dv5UZFhUn0ZB2XGFC3kEPWpptTj0VL+9Z/r0zKA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-22T05:16:03Z" - mac: ENC[AES256_GCM,data:CoOd5ki9DoSBzwTeTw3JDGPReJD4th+v20AItwIZBLX15eLb1KXANdz5ekHeFZ6ntHq4ij0FUH63W6ojpBdvzJS7GgboQyAThkyJSmqtr7lN9rTa3XZSIKDTZCKm4wrG60q17vUIZXPLxM+NN1Fp2oEyCwt1s7SHM11xJ3JdyBk=,iv:ofyAhu4pjzNAJguU5Z5H9Capqcky/mTMXHEYS/qhvNs=,tag:L9tZRzd5VgbB7lyCkT6yTA==,type:str] + lastmodified: "2025-08-05T09:33:50Z" + mac: ENC[AES256_GCM,data:rMtrDQtYsDyNqqVYKY9vg7fDGJjO2zQ+boN3j0dmYKyr5zzbbJAeCxAs3H/rNkgc3ril7sCfyAvP8n9KtYO6xmQuvu3Qgj2oqBiyvolfmYCArT0l7n+ImnNUGnFOfeugYPEIxvhDcEDK6dKiBMlEuyhtJ0hbVfvE4POQZi/jvMM=,iv:imWVUiFAbgzhPN/RNecx2LzCC5MJFg5nAIvGDCN2k0I=,tag:z0P180ZKj5p/g/E38CUjAQ==,type:str] pgp: - created_at: "2025-07-10T23:51:26Z" enc: |-