1 files changed, 24 insertions, 0 deletions
diff --git a/modules/nix-access-tokens/default.nix b/modules/nix-access-tokens/default.nix
new file mode 100644
index 00000000..a3b7abfa
--- /dev/null
+++ b/modules/nix-access-tokens/default.nix
@@ -0,0 +1,24 @@
+{ lib, config, hostName ,... }:
+let
+  cfg = config.nix.includeAccessTokens;
+in {
+  options = {
+    nix.includeAccessTokens.enable = lib.mkEnableOption "including access tokens in nix.conf" // { default = lib.elem hostName ["sif" "surtr" "vidhar"]; };
+  };
+  config = lib.mkIf cfg.enable {
+    nix = {
+      extraOptions = ''
+        !include ${config.sops.secrets.nixAccessTokens.path}
+      '';
+    };
+    sops.secrets.nixAccessTokens = {
+      format = "binary";
+      sopsFile = ./nix.conf;
+      mode = "0440";
+      group = "wheel";
+    };
+  };
+}

diff --git a/modules/nix-access-tokens/default.nix b/modules/nix-access-tokens/default.nix new file mode 100644 index 00000000..a3b7abfa --- /dev/null +++ b/modules/nix-access-tokens/default.nix
@@ -0,0 +1,24 @@
	1	{ lib, config, hostName ,... }:
	2
	3	let
	4	cfg = config.nix.includeAccessTokens;
	5	in {
	6	options = {
	7	nix.includeAccessTokens.enable = lib.mkEnableOption "including access tokens in nix.conf" // { default = lib.elem hostName ["sif" "surtr" "vidhar"]; };
	8	};
	9
	10	config = lib.mkIf cfg.enable {
	11	nix = {
	12	extraOptions = ''
	13	!include ${config.sops.secrets.nixAccessTokens.path}
	14	'';
	15	};
	16
	17	sops.secrets.nixAccessTokens = {
	18	format = "binary";
	19	sopsFile = ./nix.conf;
	20	mode = "0440";
	21	group = "wheel";
	22	};
	23	};
	24	}