Services: Update heidi and kopia to use agenix secrets

2025-07-09 03:30:37 +02:00
parent 4f6a4dea3e
commit 697bb0dd8b
3 changed files with 7 additions and 4 deletions
--- a/home/modules/neovim/default.nix
+++ b/home/modules/neovim/default.nix
@ -1475,6 +1475,7 @@ in {
                };
              };

+              # TODO: Replace with neo-tree (or figure out how to multiselect and cut/paste)
              explorer = {
                enabled = true;
                replace_netrw = false; # Use yazi for that
--- a/system/services/heidi.nix
+++ b/system/services/heidi.nix
@ -19,7 +19,9 @@
    ];

    environment = {
-      DISCORD_TOKEN = (builtins.readFile ./heidi.discord_token);
+      # TODO: I can't do this because readFile obviously doesn't
+      #       read at runtime but at buildtime, duh...
+      DISCORD_TOKEN = builtins.readFile config.age.secrets.heidi-discord-token.path;
      DOCKER = "True";
    };

--- a/system/services/kopia.nix
+++ b/system/services/kopia.nix
@ -56,7 +56,7 @@
    environment = {
      TZ = "Europe/Berlin";
      USER = "christoph";
-      KOPIA_PASSWORD = (builtins.readFile ./kopia.password);
+      KOPIA_PASSWORD = builtins.readFile config.age.secrets.kopia-user-password.path;
    };

    entrypoint = "/bin/kopia";
@ -67,8 +67,8 @@
      "--disable-csrf-token-checks"
      "--insecure"
      "--address=0.0.0.0:51515"
-      "--server-username=christoph"
-      "--server-password=kopia"
+      "--server-username=${builtins.readFile config.age.secrets.kopia-server-username.path}"
+      "--server-password=${builtins.readFile config.age.secrets.kopia-server-password.path}"
    ];

    extraOptions = [