From 38a2fd5eab00e3256558b651cc21fc2909184264 Mon Sep 17 00:00:00 2001
From: coolneng <akasroua@gmail.com>
Date: Mon, 9 Aug 2021 23:15:57 +0100
Subject: [PATCH] Use git-crypt for Soundcloud API key

---
 .gitattributes                 |   1 +
 configuration.nix              |   5 +----
 modules/audio.nix              |   6 ++++--
 modules/software.nix           |   1 +
 secrets/secrets.nix            |   5 +----
 secrets/soundcloud_api_key.age |   7 -------
 secrets/soundcloud_token       | Bin 0 -> 56 bytes
 7 files changed, 8 insertions(+), 17 deletions(-)
 create mode 100644 .gitattributes
 delete mode 100644 secrets/soundcloud_api_key.age
 create mode 100644 secrets/soundcloud_token

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..d65a898
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+secrets/soundcloud_token filter=git-crypt diff=git-crypt
diff --git a/configuration.nix b/configuration.nix
index b827ee4..a30d1b8 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -98,10 +98,7 @@
   };
 
   # Specify secrets
-  age.secrets = {
-    soundcloud_api_key.file = secrets/soundcloud_api_key.age;
-    wireguard.file = secrets/wireguard.age;
-  };
+  age.secrets.wireguard.file = secrets/wireguard.age;
 
   # Import other configuration modules
   imports = [
diff --git a/modules/audio.nix b/modules/audio.nix
index 602b2bf..be54bc1 100644
--- a/modules/audio.nix
+++ b/modules/audio.nix
@@ -1,6 +1,8 @@
 { config, lib, pkgs, ... }:
 
-{
+let soundcloud_token = builtins.readFile ../secrets/soundcloud_token;
+
+in {
   # Configure pipewire as sound server
   services.pipewire = {
     enable = true;
@@ -64,7 +66,7 @@
 
       [soundcloud]
       enabled = true
-      auth_token = ${config.age.secrets.soundcloud_api_key.path}
+      auth_token = ${soundcloud_token}
       explore_songs = 100
 
       [m3u]
diff --git a/modules/software.nix b/modules/software.nix
index ac6fa10..97fcd38 100644
--- a/modules/software.nix
+++ b/modules/software.nix
@@ -17,6 +17,7 @@ in {
     passff-host
     gitAndTools.pass-git-helper
     inputs.agenix.defaultPackage.x86_64-linux
+    git-crypt
     # Browsers
     firefox
     ungoogled-chromium
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 04487f3..7e3d289 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,7 +1,4 @@
 let
   coolneng =
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC57m1j/G6iQyi2EpU3nj3+df5Z4PL/XbiOmDcqA7ODg";
-in {
-  "soundcloud_api_key.age".publicKeys = [ coolneng ];
-  "wireguard.age".publicKeys = [ coolneng ];
-}
+in { "wireguard.age".publicKeys = [ coolneng ]; }
diff --git a/secrets/soundcloud_api_key.age b/secrets/soundcloud_api_key.age
deleted file mode 100644
index d357c03..0000000
--- a/secrets/soundcloud_api_key.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 G5UUhw tVGNxVkibTRSr8c2l7Wmo3pMhnyI6JHBZzddC93sv2E
-0NOlI4vaBZz+Wg7LDji6CRrNsBPVhQ5rFyjPUe+ekg0
--> *NFvF-grease b1zp>
-TIRHkh0
---- Y9Rt0ibteW6VSuzIGt4EenoFoOmRnvIUeFbJkqkL5m4
-P��}��7�}t�vː|T[c#ib�C��i|�ε?%%ؼ�l��D��ɱ��r�I�y,Z{��_
\ No newline at end of file
diff --git a/secrets/soundcloud_token b/secrets/soundcloud_token
new file mode 100644
index 0000000000000000000000000000000000000000..00e9d88757b365988068b9286ed4e6096f2cacd3
GIT binary patch
literal 56
zcmV-80LT9TM@dveQdv+`0DwGs85A|Nf^IB4am_{hF`UU6Ot1(%-n|?_1a=76-aD<}
OK19Lj`R&#Abt<4p+8CMu

literal 0
HcmV?d00001