cschmatzler/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(opencode): add workstation API key secret

Browse Source
This commit is contained in:
Christoph Schmatzler
2026-03-23 08:59:42 +00:00
parent c859f5e41e
commit 4adc8329a1
5 changed files with 61 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
modules/ai-tools.nix
View File

@@ -1,9 +1,12 @@
{inputs, ...}: { {inputs, ...}: {
den.aspects.ai-tools.homeManager = { den.aspects.ai-tools.homeManager = {
lib,
pkgs, pkgs,
inputs', inputs',
... ...
}: { }: let
opencodeSecretPath = "/run/secrets/opencode-api-key";
in {
home.packages = [ home.packages = [
inputs'.llm-agents.packages.claude-code inputs'.llm-agents.packages.claude-code
inputs'.llm-agents.packages.pi inputs'.llm-agents.packages.pi
@@ -11,6 +14,13 @@
pkgs.cog-cli pkgs.cog-cli
]; ];
programs.nushell.extraEnv =
lib.mkAfter ''
if ("${opencodeSecretPath}" | path exists) {
$env.OPENCODE_API_KEY = (open --raw "${opencodeSecretPath}" | str trim)
}
'';
home.file = { home.file = {
"AGENTS.md".source = ./_ai-tools/AGENTS.md; "AGENTS.md".source = ./_ai-tools/AGENTS.md;
".pi/agent/extensions/pi-elixir" = { ".pi/agent/extensions/pi-elixir" = {

7
modules/hosts/chidi.nix
View File

@@ -17,6 +17,13 @@
networking.hostName = "chidi"; networking.hostName = "chidi";
networking.computerName = "chidi"; networking.computerName = "chidi";
sops.secrets.opencode-api-key = {
sopsFile = ../../secrets/opencode-api-key;
format = "binary";
owner = "cschmatzler";
path = "/run/secrets/opencode-api-key";
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
slack slack
]; ];

7
modules/hosts/jason.nix
View File

@@ -15,6 +15,13 @@
darwin = {...}: { darwin = {...}: {
networking.hostName = "jason"; networking.hostName = "jason";
networking.computerName = "jason"; networking.computerName = "jason";
sops.secrets.opencode-api-key = {
sopsFile = ../../secrets/opencode-api-key;
format = "binary";
owner = "cschmatzler";
path = "/run/secrets/opencode-api-key";
};
}; };
}) })
]; ];

6
modules/hosts/tahani.nix
View File

@@ -37,6 +37,12 @@
networking.hostName = "tahani"; networking.hostName = "tahani";
sops.secrets = { sops.secrets = {
opencode-api-key = {
sopsFile = ../../secrets/opencode-api-key;
format = "binary";
owner = "cschmatzler";
path = "/run/secrets/opencode-api-key";
};
tahani-paperless-password = { tahani-paperless-password = {
sopsFile = ../../secrets/tahani-paperless-password; sopsFile = ../../secrets/tahani-paperless-password;
format = "binary"; format = "binary";

30
secrets/opencode-api-key Normal file
View File

@@ -0,0 +1,30 @@
{
"data": "ENC[AES256_GCM,data:WJ5h0CfBuy4wQ8be8m126mAh8PZp/MQOUhgE5AhlyRx5ZMv3tZh5ZBqjeY9/mPeu5xDQ05/j6W+DYOY3Miv0ZBivAZE=,iv:xAepNlWUrUs8v9RfVWWGFuijrXrqroydUfr7+1oXzME=,tag:qdKmjo4urIznsgZdHUMqWA==,type:str]",
"sops": {
"age": [
{
"recipient": "age1xate984yhl9qk9d4q99pyxmzz48sq56nfhu8weyzkgum4ed5tc5shjmrs7",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1SktQSmxuSG5MY2ErNUEx\neEd0Q1RsSzhaUjgyQnViQ2hhd09UNDFzcVJBCjg0R0M4ZnB1UFBEcDNJQXFjWnlO\nQVhSeURHVnorcUVnczBtdU04WDhRODgKLS0tIEJxNm9teWIyUXhzbU1EY2l1WVBk\nZG9xUlh1cDhiQmdsYnZpNVNOTUY5ajAKPyt8ZIKTfu0azAFezj7rtSJX8X4rO712\n0w8MAvnLM8k5ij6nJtR3HylwLmZ9AfMSq4Aikl+oRu7rXs26JvPbZA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1njjegjjdqzfnrr54f536yl4lduqgna3wuv7ef6vtl9jw5cju0grsgy62tm",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSWU5qSDBNY2d2YnNvVHU4\ncElNT0s0R0N3U3pjYW9kVGxFV2thY3QzYTB3CkdGRUhVMUdvR1dwdVdnZ3o0M0ZH\neXV0VUZyaFRBbEN1RXR6RGJ6RmIySjgKLS0tIGZGc3Voa09CNDFoMXVyZTJmME1Z\neldyMVAyd3pTZzB4RVhTRzZVOGs3NVkKyP8sIk/Oy1GXxG0tw8Ocjerfze+eIrNW\n5XYA96ct/2M2jiPdTxg2yEI5a9wycDkzNIzE95Xyfl3LkY8864wAMQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age187jl7e4k9n4guygkmpuqzeh0wenefwrfkpvuyhvwjrjwxqpzassqq3x67j",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJVHF0N2hHTHprQlpSYW8r\nMmpIZmZIT2QzNXYxTE4vc05wcXhTQzQ5clg0CktzRGFpeEVYMXA4RnV4TVdJNk04\nM3ltL2ZyczloR3NNWm01cE16NmJNemsKLS0tIDBHczRiUVhnZHlrTmdocmNQY2NK\naU5VYWZ4QWFuK0h4cUZGOGxUL3QzQ0kKtsuW7yl1/t7q9kUhTtK0G5G950Bi5n5w\n7cxX/pfMtgPhOh3NMoeuTxc9sH4pTIthRmaLVJ+GzEc4KsMJhOp+rA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1ez6j3r5wdp0tjy7n5qzv5vfakdc2nh2zeu388zu7a80l0thv052syxq5e2",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLK0Z5UHpwdTFRM3dNL2FC\najdScHp1R1pHM0ZyMk1reENnTFlnTldVNTJJCmxVcVY1OHlrWExIeSs4bTBwQklE\nU0NkUnVmdlVuOHcrWjJpRFU4WTc5ZlEKLS0tIFhheExxWHBIcDBqL290WEpJK0sw\nRTZKbzRWMmJhVVVGT3A1UWJQUE1QS3cKp+jmuHUvZKbPx+/gxQUSz7QV1jLuIzP5\ne1jkJ2rJT2i8snAvihd8bsjRSFmoUnEg6kV8f0OteezNbkZoNhd30Q==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1tlymdmaukhwupzrhszspp26lgd8s64rw4vu9lwc7gsgrjm78095s9fe9l3",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzRmpkdloxdU1DRmF1Tzg4\nYSt3bks0Y21OQW5DS2JRU0ZMMHZJV2xLc0dRCmRORFliS3A0QTR1Uzc0ckd3cHA4\nRnNrdVBISG5NcjhrNDRoUnl4c2dPL1UKLS0tIHA5aW9GQkdXU0VNRHd6aEpoSzhJ\nSmd5OU1ESGJqMFVZdGhBMkdYTmlsRWsKLN36pDsdf06Rn9RLxfh46nX5u0dfyoe8\n/VvQiaWoj2/pv8NmwdFzdJQ0mTKkvEdxxY/Jk0YK+GQA/NGIVIIoWQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-03-23T09:09:07Z",
"mac": "ENC[AES256_GCM,data:phFpHUzJ/7rd1k1fr9YFD2FplXV3Qv5zFni00fAgG2VtVoIdFYeNRE0EEh2ulnKcIXjB/5lZuMss2bIoBt4i46BB2ZHTpnWksbeHowdgkHL+eXT1F7b11S1y9NEKc/ug3jarPwyj3usmVQJlllAzANCQHGrYQdBrFXvFae3cH40=,iv:4v3k4q0SxyTvHoqr2Abf6OhAcANCT9oWTa5Kwlb5GCs=,tag:Hn+fUEmOu7fWc7SSBe5yfA==,type:str]",
"version": "3.12.2"
}
}