From 38a2fd5eab00e3256558b651cc21fc2909184264 Mon Sep 17 00:00:00 2001
From: coolneng <akasroua@gmail.com>
Date: Mon, 9 Aug 2021 23:15:57 +0100
Subject: [PATCH] Use git-crypt for Soundcloud API key
---
.gitattributes | 1 +
configuration.nix | 5 +----
modules/audio.nix | 6 ++++--
modules/software.nix | 1 +
secrets/secrets.nix | 5 +----
secrets/soundcloud_api_key.age | 7 -------
secrets/soundcloud_token | Bin 0 -> 56 bytes
7 files changed, 8 insertions(+), 17 deletions(-)
create mode 100644 .gitattributes
delete mode 100644 secrets/soundcloud_api_key.age
create mode 100644 secrets/soundcloud_token
diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..d65a898
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+secrets/soundcloud_token filter=git-crypt diff=git-crypt
diff --git a/configuration.nix b/configuration.nix
index b827ee4..a30d1b8 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -98,10 +98,7 @@
};
# Specify secrets
- age.secrets = {
- soundcloud_api_key.file = secrets/soundcloud_api_key.age;
- wireguard.file = secrets/wireguard.age;
- };
+ age.secrets.wireguard.file = secrets/wireguard.age;
# Import other configuration modules
imports = [
diff --git a/modules/audio.nix b/modules/audio.nix
index 602b2bf..be54bc1 100644
--- a/modules/audio.nix
+++ b/modules/audio.nix
@@ -1,6 +1,8 @@
{ config, lib, pkgs, ... }:
-{
+let soundcloud_token = builtins.readFile ../secrets/soundcloud_token;
+
+in {
# Configure pipewire as sound server
services.pipewire = {
enable = true;
@@ -64,7 +66,7 @@
[soundcloud]
enabled = true
- auth_token = ${config.age.secrets.soundcloud_api_key.path}
+ auth_token = ${soundcloud_token}
explore_songs = 100
[m3u]
diff --git a/modules/software.nix b/modules/software.nix
index ac6fa10..97fcd38 100644
--- a/modules/software.nix
+++ b/modules/software.nix
@@ -17,6 +17,7 @@ in {
passff-host
gitAndTools.pass-git-helper
inputs.agenix.defaultPackage.x86_64-linux
+ git-crypt
# Browsers
firefox
ungoogled-chromium
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 04487f3..7e3d289 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,7 +1,4 @@
let
coolneng =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC57m1j/G6iQyi2EpU3nj3+df5Z4PL/XbiOmDcqA7ODg";
-in {
- "soundcloud_api_key.age".publicKeys = [ coolneng ];
- "wireguard.age".publicKeys = [ coolneng ];
-}
+in { "wireguard.age".publicKeys = [ coolneng ]; }
diff --git a/secrets/soundcloud_api_key.age b/secrets/soundcloud_api_key.age
deleted file mode 100644
index d357c03..0000000
--- a/secrets/soundcloud_api_key.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 G5UUhw tVGNxVkibTRSr8c2l7Wmo3pMhnyI6JHBZzddC93sv2E
-0NOlI4vaBZz+Wg7LDji6CRrNsBPVhQ5rFyjPUe+ekg0
--> *NFvF-grease b1zp>
-TIRHkh0
---- Y9Rt0ibteW6VSuzIGt4EenoFoOmRnvIUeFbJkqkL5m4
-�P��}��7�}�t�vː|T[c#ib�C��i|�ε?%%ؼ��l��D���ɱ����r�I�y,�Z{���_
\ No newline at end of file
diff --git a/secrets/soundcloud_token b/secrets/soundcloud_token
new file mode 100644
index 0000000000000000000000000000000000000000..00e9d88757b365988068b9286ed4e6096f2cacd3
GIT binary patch
literal 56
zcmV-80LT9TM@dveQdv+`0DwGs85A|Nf^IB4am_{hF`UU6Ot1(%-n|?_1a=76-aD<}
OK19Lj`R&#Abt<4p+8CMu
literal 0
HcmV?d00001