From e07c3921f40de3ce1b72b5e541409ec09230c213 Mon Sep 17 00:00:00 2001 From: Gabriel Simmer Date: Sat, 15 Jul 2023 12:01:59 +0100 Subject: [PATCH] Use statically generated env file rather than dynamic The original approach ensured secrets were always up to date but really slowed down cd'ing into the directory or opening files in emacs. --- .env.age | 8 ++++++++ .gitignore | 1 + flake.nix | 10 +++------- 3 files changed, 12 insertions(+), 7 deletions(-) create mode 100644 .env.age diff --git a/.env.age b/.env.age new file mode 100644 index 0000000..ec24064 --- /dev/null +++ b/.env.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> piv-p256 Vmeusg Apk0u/z04skt4ktJsHDslOrOrwEVcBFzcORCAhbCS48I +WbCYJz5qY0fWslurJUKUc5Coa1mnZejTd9iNubBYWv8 +-> hxTct-grease F +Nsg4ckSmYxQxGekmQjq6ipcIKgxvRoh4S8Jud45XOjKKQG4vLvdrFtwhf+5MqgjP +SbvzIs9J1w +--- acYQQSnX0IY7NpTZiPQrtR5S7SIY5PrKrRbBRZl7Glo +Z\Vl;᳁hڂGehou\g+kP1+"ziI\nJrOO4Y3:MA̮ܩNˮq=gЈi4PpMQXD<1@M99d$2KtRٍc"1Nl4+Jw/N_\MU(ba?0[sCq@C`"cX,W2[۲=|͕"νpT \ No newline at end of file diff --git a/.gitignore b/.gitignore index edc989d..2d0e834 100644 --- a/.gitignore +++ b/.gitignore @@ -41,3 +41,4 @@ terraform.rc output/ result .direnv/ +.env diff --git a/flake.nix b/flake.nix index 6f61755..628d394 100644 --- a/flake.nix +++ b/flake.nix @@ -14,13 +14,9 @@ devShells.default = pkgs.mkShell { shellHook = '' - bw sync - export BW_SESSION=$(bw unlock --raw) - export VERCEL_API_TOKEN=$(bw list items --search "Vercel API" | jq -r '.[0].notes') - export HCLOUD_TOKEN=$(bw list items --search "Hetzner" | jq -r '.[0].fields[] | select(.name | contains("API")) | .value') - export TF_VAR_tailscale_key=$(bw list items --search "Tailscale Key" | jq -r '.[0].notes') - export CLOUDFLARE_API_TOKEN=$(bw list items --search "CloudFlare" | jq -r '.[0].fields[] | select(.name | contains("Zone API Key")) | .value') - # alias terraform='terraform -chdir=terraform' + set -o allexport + source .env set + +o allexport ''; nativeBuildInputs = [ pkgs.jq