From 5ea0d6e9e37dce5b61335369b2fb0f753d7e7486 Mon Sep 17 00:00:00 2001 From: Christoph Urlacher Date: Wed, 9 Jul 2025 03:30:37 +0200 Subject: [PATCH] Services: Update heidi and kopia to use agenix secrets --- home/modules/neovim/default.nix | 1 + system/services/heidi.nix | 4 +++- system/services/kopia.nix | 6 +++--- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/home/modules/neovim/default.nix b/home/modules/neovim/default.nix index c7f4e94b..710de5a4 100644 --- a/home/modules/neovim/default.nix +++ b/home/modules/neovim/default.nix @@ -1475,6 +1475,7 @@ in { }; }; + # TODO: Replace with neo-tree (or figure out how to multiselect and cut/paste) explorer = { enabled = true; replace_netrw = false; # Use yazi for that diff --git a/system/services/heidi.nix b/system/services/heidi.nix index 35ade07e..b3b6bfa9 100644 --- a/system/services/heidi.nix +++ b/system/services/heidi.nix @@ -19,7 +19,9 @@ ]; environment = { - DISCORD_TOKEN = (builtins.readFile ./heidi.discord_token); + # TODO: I can't do this because readFile obviously doesn't + # read at runtime but at buildtime, duh... + DISCORD_TOKEN = builtins.readFile config.age.secrets.heidi-discord-token.path; DOCKER = "True"; }; diff --git a/system/services/kopia.nix b/system/services/kopia.nix index 04bd413f..86d2a1a9 100644 --- a/system/services/kopia.nix +++ b/system/services/kopia.nix @@ -56,7 +56,7 @@ environment = { TZ = "Europe/Berlin"; USER = "christoph"; - KOPIA_PASSWORD = (builtins.readFile ./kopia.password); + KOPIA_PASSWORD = builtins.readFile config.age.secrets.kopia-user-password.path; }; entrypoint = "/bin/kopia"; @@ -67,8 +67,8 @@ "--disable-csrf-token-checks" "--insecure" "--address=0.0.0.0:51515" - "--server-username=christoph" - "--server-password=kopia" + "--server-username=${builtins.readFile config.age.secrets.kopia-server-username.path}" + "--server-password=${builtins.readFile config.age.secrets.kopia-server-password.path}" ]; extraOptions = [