From 7275edb740367c1e2ef3817817135af81621c775 Mon Sep 17 00:00:00 2001
From: Mark Nipper <nipsy@bitgnome.net>
Date: Mon, 14 Oct 2024 02:27:19 -0700
Subject: Add nix GitHub access token for root@arrakis

---
 home/root/arrakis.nix          | 13 +++++++++++++
 home/root/secrets/arrakis.yaml | 30 ++++++++++++++++++++++++++++++
 2 files changed, 43 insertions(+)
 create mode 100644 home/root/secrets/arrakis.yaml

(limited to 'home')

diff --git a/home/root/arrakis.nix b/home/root/arrakis.nix
index c78c958..f7600df 100644
--- a/home/root/arrakis.nix
+++ b/home/root/arrakis.nix
@@ -72,4 +72,17 @@
       '';
     };
   };
+
+  nix.extraOptions = ''
+    !include ${config.sops.secrets."nix-access-token-github".path}
+  '';
+
+  sops = {
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    defaultSopsFile = ./secrets/arrakis.yaml;
+
+    secrets = {
+      "nix-access-token-github" = {};
+    };
+  };
 }
diff --git a/home/root/secrets/arrakis.yaml b/home/root/secrets/arrakis.yaml
new file mode 100644
index 0000000..6b5b3b5
--- /dev/null
+++ b/home/root/secrets/arrakis.yaml
@@ -0,0 +1,30 @@
+nix-access-token-github: ENC[AES256_GCM,data:xZYk/BVSRuQKZpBXWotT2yHthhYE3ZmiLJfoVeSkiRlDuPhZEbPYhHmDqqSeb/1jsERmKqmMMVUyXnjsrZ3CJvvZDQU=,iv:0p7A3Ke6IgLzp259JPaGNJ5Kb8E41c1//s/2MBIoAYU=,tag:scowbHsFxjww5rmuHaB/4g==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1mkqxkwse7hrnxtcgqe0wdzhhrxk55syx2wpcngemecz0d7hugsnqupw3de
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqSmR3ZDYzSGJYY3NYeVhJ
+            RUUwQU1nRWhxa0NPdU85V0RDZmc2NC9nRFcwCmE3TTlidWRFUENMd0NFWjJ1NldZ
+            REgyRnRsOFl4MHRRL0dibDkrN2psS0UKLS0tIG04MFlkTERzU284VUtnWHVYSzV4
+            ZjJCUDJZNFo2MHVEQ1F5K3J1cVpkQWcKNQOTCwMghAxEEPje8QkGzJ8Wnsng9iCO
+            e8K9kgDYnf78ZtM0JFVeLal7WjeKbq3dn1rjX00w8d5ByR3oQEDyFg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXelNsTGlhcXF5dERGdHB3
+            NmNhN0pkTWNmczBjVlRDT3NSYjAvendtbWk4CjRQWjNzTS9COXhOTW9tempjS2wy
+            c3hMTnFCdmlLd01ZbjdMcHkxa0xCK0kKLS0tIEF3NWh0RTJPZkNqb2J0cWlSaGxv
+            MUJsWEc0U3BjWW5RcGlQazBGbkM2MzQKs04xzaPXbgWARenoMmdMzy3MijR/Ln5r
+            wmwC6eaWU0TxKPHhyZDFdRXc8ec+5aUjfVeTOlOUBaoHPNCFeB9UHw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-10-14T09:18:10Z"
+    mac: ENC[AES256_GCM,data:/IWjv0OO4YCl4fjNfbW9MnlSM2fOoH9gvEOoyer1G1QSfLkNDd4/xgdCNif/kV3QkHzXom5eKUoSEOFS47l0xj+ZSlP1ZzA26a0MPxoC7wnTQuCbu9m268r7nUhVzPFhyLxtvKa+urSZGgRBWSFh1RrFccEZbgOV4Bhq3ljc6bI=,iv:81lOQWbx049bsGq8E+Q1P2YDjLAkxXxDhPJUqavfXPo=,tag:MP4RB7yvCQzB/W+tusqwOA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.1
-- 
cgit v1.2.3