Use statically generated env file rather than dynamic
The original approach ensured secrets were always up to date but really slowed down cd'ing into the directory or opening files in emacs.
This commit is contained in:
parent
d47b2e90ea
commit
e07c3921f4
8
.env.age
Normal file
8
.env.age
Normal file
|
@ -0,0 +1,8 @@
|
|||
age-encryption.org/v1
|
||||
-> piv-p256 Vmeusg Apk0u/z04skt4ktJsHDslOrOrwEVcBFzcORCAhbCS48I
|
||||
WbCYJz5qY0fWslurJUKUc5Coa1mnZejTd9iNubBYWv8
|
||||
-> hxTct-grease F
|
||||
Nsg4ckSmYxQxGekmQjq6ipcIKgxvRoh4S8Jud45XOjKKQG4vLvdrFtwhf+5MqgjP
|
||||
SbvzIs9J1w
|
||||
--- acYQQSnX0IY7NpTZiPQrtR5S7SIY5PrKrRbBRZl7Glo
|
||||
Z²\Vl;Øýá³<C3A1>håò<C3A5>»ÿÚ‚G¨ehÖo„‰Þu¯Ó\ðåg+“ÈkP1+"ziŽI\Æ<01>nùJr´ÚOÂOÙ4íYÐËèÇ3:MAÚèµÌ®á‘õ˜ÄÜ©N·Ë®q=gЈ¦¿³i4‹P§‡ÝpMQµâÆðXD<Ò1@èM¨™9ˆô9‚çd$2ÔKtâî¡ÝRÙ<52>c"1”Nèžl4+J÷Ç<10>wÆ/³N_\«„M·UÇ©(·ÞÖba?0[†sÑCq¸Û@•C`"cXçË,WúªÌî2[ˆÛ²=ç|Í•"šÎ½Æp<y"Náco’Šéqø7ê²<C3AA>kÕÌò”rÝ;=KQu¬ÉÏ=Œ–~ÛMØÁ>÷T
|
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -41,3 +41,4 @@ terraform.rc
|
|||
output/
|
||||
result
|
||||
.direnv/
|
||||
.env
|
||||
|
|
10
flake.nix
10
flake.nix
|
@ -14,13 +14,9 @@
|
|||
devShells.default = pkgs.mkShell {
|
||||
shellHook =
|
||||
''
|
||||
bw sync
|
||||
export BW_SESSION=$(bw unlock --raw)
|
||||
export VERCEL_API_TOKEN=$(bw list items --search "Vercel API" | jq -r '.[0].notes')
|
||||
export HCLOUD_TOKEN=$(bw list items --search "Hetzner" | jq -r '.[0].fields[] | select(.name | contains("API")) | .value')
|
||||
export TF_VAR_tailscale_key=$(bw list items --search "Tailscale Key" | jq -r '.[0].notes')
|
||||
export CLOUDFLARE_API_TOKEN=$(bw list items --search "CloudFlare" | jq -r '.[0].fields[] | select(.name | contains("Zone API Key")) | .value')
|
||||
# alias terraform='terraform -chdir=terraform'
|
||||
set -o allexport
|
||||
source .env set
|
||||
+o allexport
|
||||
'';
|
||||
nativeBuildInputs = [
|
||||
pkgs.jq
|
||||
|
|
Loading…
Reference in a new issue