Use statically generated env file rather than dynamic

The original approach ensured secrets were always up to date but really slowed down cd'ing into the directory or opening files in emacs.
2023-07-15 12:01:59 +01:00 · 2023-07-15 12:01:59 +01:00 · e07c3921f4
parent d47b2e90ea
commit e07c3921f4
3 changed files with 12 additions and 7 deletions
--- a/.env.age
+++ b/.env.age
@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> piv-p256 Vmeusg Apk0u/z04skt4ktJsHDslOrOrwEVcBFzcORCAhbCS48I
+WbCYJz5qY0fWslurJUKUc5Coa1mnZejTd9iNubBYWv8
+-> hxTct-grease F
+Nsg4ckSmYxQxGekmQjq6ipcIKgxvRoh4S8Jud45XOjKKQG4vLvdrFtwhf+5MqgjP
+SbvzIs9J1w
+--- acYQQSnX0IY7NpTZiPQrtR5S7SIY5PrKrRbBRZl7Glo
+Z²\Vl;Øýá³<C3A1>håò<C3A5>»ÿÚ‚G¨ehÖo„‰Þu¯Ó\ðåg+“ÈkP1+"ziŽI\Æ<01>nùJr´ÚOÂOÙ4íYÐËèÇ3:MAÚèµÌ®á‘õ˜ÄÜ©N·Ë®q=gÐˆ¦¿³i4‹P§‡ÝpMQµâÆðXD<Ò1@èM¨™9ˆô9‚çd$2ÔKtâî¡ÝRÙ<52>c"1”Nèžl4+J÷Ç<10>wÆ/³N_\«„M·UÇ©(·ÞÖba?0[†sÑCq¸Û@•C`"cXçË,WúªÌî2[ˆÛ²=ç|Í•"šÎ½Æp<y"Náco’Šéqø7ê²<C3AA>kÕÌò”rÝ;=KQu¬ÉÏ=Œ–~ÛMØÁ>÷T
--- a/.gitignore
+++ b/.gitignore
@ -41,3 +41,4 @@ terraform.rc
 output/
 result
 .direnv/
+.env
--- a/flake.nix
+++ b/flake.nix
@ -14,13 +14,9 @@
      devShells.default = pkgs.mkShell {
        shellHook =
          ''
-            bw sync
-            export BW_SESSION=$(bw unlock --raw)
-            export VERCEL_API_TOKEN=$(bw list items --search "Vercel API" | jq -r '.[0].notes')
-            export HCLOUD_TOKEN=$(bw list items --search "Hetzner" | jq -r '.[0].fields[] | select(.name | contains("API")) | .value')
-            export TF_VAR_tailscale_key=$(bw list items --search "Tailscale Key" | jq -r '.[0].notes')
-            export CLOUDFLARE_API_TOKEN=$(bw list items --search "CloudFlare" | jq -r '.[0].fields[] | select(.name | contains("Zone API Key")) | .value')
-            # alias terraform='terraform -chdir=terraform'
+            set -o allexport
+            source .env  set
+            +o allexport
          '';
        nativeBuildInputs = [
          pkgs.jq