From e7e59715d867424d217044d9e660f7f0a698a9f5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?=
 <leon.schwarzaeugl@imba.oeaw.ac.at>
Date: Thu, 3 Apr 2025 17:43:15 +0200
Subject: [PATCH] feat: add govc qol env

---
 SwarselSystems.org              | 43 +++++++++++++++++++++++++--------
 modules/nixos/optional/work.nix | 43 +++++++++++++++++++++++++--------
 secrets/work/secrets.yaml       | 12 +++++++--
 3 files changed, 76 insertions(+), 22 deletions(-)

diff --git a/SwarselSystems.org b/SwarselSystems.org
index 904d6a9..dad3199 100644
--- a/SwarselSystems.org
+++ b/SwarselSystems.org
@@ -8016,16 +8016,31 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9
     };
   in
   {
-    sops = {
-      secrets = {
-        vcuser = {
-          inherit owner sopsFile;
-        };
-        vcpw = {
-          inherit owner sopsFile;
-        };
+    sops =
+      let
+        secretNames = [
+          "vcuser"
+          "vcpw"
+          "govcuser"
+          "govcpw"
+          "govcurl"
+          "govcdc"
+          "govcds"
+          "govchost"
+          "govcnetwork"
+          "govcpool"
+        ];
+      in
+      {
+        secrets = builtins.listToAttrs (
+          map
+            (name: {
+              inherit name;
+              value = { inherit owner sopsFile; };
+            })
+            secretNames
+        );
       };
-    };
 
     boot.initrd = {
       systemd.enable = lib.mkForce true; # make sure we are using initrd systemd even when not using Impermanence
@@ -8042,6 +8057,14 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9
       zsh.shellInit = ''
         export VSPHERE_USER="$(cat ${config.sops.secrets.vcuser.path})"
         export VSPHERE_PW="$(cat ${config.sops.secrets.vcpw.path})"
+        export GOVC_USERNAME="$(cat ${config.sops.secrets.govcuser.path})"
+        export GOVC_PASSWORD="$(cat ${config.sops.secrets.govcpw.path})"
+        export GOVC_URL="$(cat ${config.sops.secrets.govcurl.path})"
+        export GOVC_DATACENTER="$(cat ${config.sops.secrets.govcdc.path})"
+        export GOVC_DATASTORE="$(cat ${config.sops.secrets.govcds.path})"
+        export GOVC_HOST="$(cat ${config.sops.secrets.govchost.path})"
+        export GOVC_RESOURCE_POOL="$(cat ${config.sops.secrets.govcpool.path})"
+        export GOVC_NETWORK="$(cat ${config.sops.secrets.govcnetwork.path})"
       '';
 
       browserpass.enable = true;
@@ -8115,7 +8138,7 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9
       openssh = {
         enable = true;
         extraConfig = ''
-                    '';
+                          '';
       };
 
       syncthing = {
diff --git a/modules/nixos/optional/work.nix b/modules/nixos/optional/work.nix
index 5207bae..78d65fe 100644
--- a/modules/nixos/optional/work.nix
+++ b/modules/nixos/optional/work.nix
@@ -24,16 +24,31 @@ let
   };
 in
 {
-  sops = {
-    secrets = {
-      vcuser = {
-        inherit owner sopsFile;
-      };
-      vcpw = {
-        inherit owner sopsFile;
-      };
+  sops =
+    let
+      secretNames = [
+        "vcuser"
+        "vcpw"
+        "govcuser"
+        "govcpw"
+        "govcurl"
+        "govcdc"
+        "govcds"
+        "govchost"
+        "govcnetwork"
+        "govcpool"
+      ];
+    in
+    {
+      secrets = builtins.listToAttrs (
+        map
+          (name: {
+            inherit name;
+            value = { inherit owner sopsFile; };
+          })
+          secretNames
+      );
     };
-  };
 
   boot.initrd = {
     systemd.enable = lib.mkForce true; # make sure we are using initrd systemd even when not using Impermanence
@@ -50,6 +65,14 @@ in
     zsh.shellInit = ''
       export VSPHERE_USER="$(cat ${config.sops.secrets.vcuser.path})"
       export VSPHERE_PW="$(cat ${config.sops.secrets.vcpw.path})"
+      export GOVC_USERNAME="$(cat ${config.sops.secrets.govcuser.path})"
+      export GOVC_PASSWORD="$(cat ${config.sops.secrets.govcpw.path})"
+      export GOVC_URL="$(cat ${config.sops.secrets.govcurl.path})"
+      export GOVC_DATACENTER="$(cat ${config.sops.secrets.govcdc.path})"
+      export GOVC_DATASTORE="$(cat ${config.sops.secrets.govcds.path})"
+      export GOVC_HOST="$(cat ${config.sops.secrets.govchost.path})"
+      export GOVC_RESOURCE_POOL="$(cat ${config.sops.secrets.govcpool.path})"
+      export GOVC_NETWORK="$(cat ${config.sops.secrets.govcnetwork.path})"
     '';
 
     browserpass.enable = true;
@@ -123,7 +146,7 @@ in
     openssh = {
       enable = true;
       extraConfig = ''
-                  '';
+                        '';
     };
 
     syncthing = {
diff --git a/secrets/work/secrets.yaml b/secrets/work/secrets.yaml
index e616fed..d7345a3 100644
--- a/secrets/work/secrets.yaml
+++ b/secrets/work/secrets.yaml
@@ -1,5 +1,13 @@
 vcuser: ENC[AES256_GCM,data:M2LmjWGI6boQtOdTZz3dZ9Qb,iv:/KAC1RF0bqviHzPFP8F8GlX32f/8Qp07iXz2Yz5UO5o=,tag:rYzeylJIWtoQrSGy8OZqQg==,type:str]
 vcpw: ENC[AES256_GCM,data:bgqPbdJMVZXPWXiNsr9GxFRE1Q==,iv:5HuagCnNWLBvw7Z+nmLhCfMFV6b9mOd+afqCBUvWjNc=,tag:LfMOFvQZtNUh+7z6a+mpZA==,type:str]
+govcuser: ENC[AES256_GCM,data:4uJfzjBYgFJhskgxr4hN4GjlsOQyTRPF5Vmxlfs=,iv:/XsJeDUxvxjYythNKcEztmuKaC8yJALCV2N9ni2q46k=,tag:rtC/7SZlJsRQ2uMJs0nZXw==,type:str]
+govcpw: ENC[AES256_GCM,data:qNscuAkxb4cp0AJneh7oSfCO0PQL4g==,iv:Ch9vlo4B6dYmF3jg7Bi9FhQNlGHmMizFIhmijBP5cnA=,tag:HD4wMsH57+dBFAAS9DPN8A==,type:str]
+govcurl: ENC[AES256_GCM,data:vjYrQLIY7z0XS20NUDx+g4KFVbSXVIJMdFpS9NU+z7U=,iv:lQJkDAPBKvsf48V/w0pPSyYaueNR6rwEGIX0TGVXIV4=,tag:7rjFW180OUJ4zDaiHinA2Q==,type:str]
+govcdc: ENC[AES256_GCM,data:I2sL,iv:ORJ4/fKYgc2CqfC93+soNBVqnh5++E4xVataKfGKJ38=,tag:eUUBBMS1iZaTb62C0pZmlg==,type:str]
+govcds: ENC[AES256_GCM,data:X5R+N9A1ZkCMGJb4yNiAcfPxzQ==,iv:8Yx06B/R/9p6oTOnqPodNPRjadRhhxHbKiXGfavG1aU=,tag:PjVsbCBgdmbX8+TyDr1L3Q==,type:str]
+govchost: ENC[AES256_GCM,data:l/5kcvUQkT/4TYl1j7Ws,iv:Lc+D4ukKkTrIIg8sKy/9NYX1D6xMgL8oEGWZ9DzJtFM=,tag:MuvEJEVYNchT1iDTRPwvbQ==,type:str]
+govcnetwork: ENC[AES256_GCM,data:Hevnb0fAMbXTrg1CCmAgwZbJ+sxaTUgJLRc=,iv:UoNyPYuKnACv/euoE5SGlsF4/0ni32+ysLc7nM/pCrQ=,tag:jSHYFecVUvmTKr6AmNLbgw==,type:str]
+govcpool: ENC[AES256_GCM,data:sfglbCi3,iv:UdvDgyI8AAFdfOxKD1sVYCof7rXFPavq8eYDaK6Kp2I=,tag:iMn7XPf0rmql2EiaqsAn8w==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -15,8 +23,8 @@ sops:
             Z0dpTnpXcnRub2NWU21PblBtUnBXTnMKfmW5I2G+XhXEi8ssdnlavppxhgI4G56B
             555YBJ8mLRXKINtd37nUyfydEUYiM4zUbTFlJ+83VVF//+4KUeOCYw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-21T17:17:55Z"
-    mac: ENC[AES256_GCM,data:6jF3PUfhVaLe1pIlCYlGHOqXhetWij1WijaSt63x/9m81QIcPlrlihpL3jN6d8P57PpnQU0ZHk6vwotmzDH3fsqiYzBaNK7oPuJFQotnm1eHR2NVLCO8zQLY47XN2kjuOSl6N2WNociux0oiOssw5BTFym0uInDlX9Lt9+/YlHI=,iv:J40e5Aoi++2oTrx7JpUL8HdVumWrnLRDsbBfp8YjzCA=,tag:jiHu4mG5PLrrB3FGekpKYw==,type:str]
+    lastmodified: "2025-04-03T15:35:39Z"
+    mac: ENC[AES256_GCM,data:SKVgG2bNNYik+oUpJehJaWSjZb9ltl8MEAFmbUu2ZfPN4GEarXcscvMuoRdYa58xWRnzpDg23/85+cKhK2MpXjfe5r7oE43xZbPyUA1aCy0XoygcezNbcS7kYx6vyWaBIJEnVGM1EXWrD+f45SmNc3jT0yUdQS+H0Tt1hWNmleQ=,iv:zpEGVcLsjo7PEEiFyM4W+JeT6ODJ4xXV0ToFACnom6o=,tag:rFWZTs8pPTJza/PyLckvug==,type:str]
     pgp:
         - created_at: "2024-12-17T11:38:28Z"
           enc: |-