nix: sops-nix

2025-12-21 16:53:00 +00:00 · 2025-11-04 08:48:21 +00:00 · 2025-11-04 08:48:21 +00:00 · a32917bd22
commit a32917bd22
parent 050799b77f
6 changed files with 118 additions and 103 deletions
--- a/nixcfgs/users/js0ny/programs/sops.nix
+++ b/nixcfgs/users/js0ny/programs/sops.nix
@ -0,0 +1,27 @@
+{config, ...}: {
+  sops = {
+    # enable = true;
+    defaultSopsFile = ../../secrets/secrets.yaml;
+    age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
+    age.generateKey = true;
+    secrets = {
+      "OPENROUTER_API_KEY" = {
+        key = "openrouter_api";
+      };
+    };
+  };
+
+  # home.sessionVariables = {
+  #   OPENROUTER_API_KEY = config.sops.secrets."OPENROUTER_API_KEY".path;
+  # };
+
+  systemd.user.services.sops-envvar = {
+    Unit.Description = "[sops-envvar] Auto-source environment variables defined via sops-nix";
+    Service = {
+      ExecStart = pkgs.writeShellScript "start" ''
+        export OPENROUTER_API_KEY=$(cat ${config.sops.secrets."OPENROUTER_API_KEY".path})
+      '';
+    };
+    Install.WantedBy = ["default.target"];
+  };
+}
--- a/nixcfgs/users/js0ny/zephyrus.nix
+++ b/nixcfgs/users/js0ny/zephyrus.nix
@ -1,5 +1,9 @@
 # ~/.config/nixcfgs/users/js0ny/default.nix
-{...}: {
+{
+  pkgs,
+  config,
+  ...
+}: {
  imports = [
    # General config
    ./default.nix
@ -56,5 +60,25 @@
    ../../modules/home/dev/verilog.nix
  ];

+  home.packages = with pkgs; [
+    rose-pine-cursor
+  ];
+
+  sops = {
+    # enable = true;
+    defaultSopsFile = ../../secrets/secrets.yaml;
+    age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
+    age.generateKey = true;
+    secrets = {
+      "OPENROUTER_API_KEY" = {
+        key = "openrouter_api";
+      };
+    };
+  };
+
+  home.sessionVariables = {
+    OPENROUTER_API_KEY = "$(cat ${config.sops.secrets."OPENROUTER_API_KEY".path})";
+  };
+
  home.stateVersion = "25.05";
 }