From c817a13e220c2fd418df24d41a99aeb35f3154eb Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 26 Jan 2025 13:27:10 +0100
Subject: bump

---
 modules/nix-access-tokens/default.nix | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 modules/nix-access-tokens/default.nix

(limited to 'modules/nix-access-tokens/default.nix')

diff --git a/modules/nix-access-tokens/default.nix b/modules/nix-access-tokens/default.nix
new file mode 100644
index 00000000..a3b7abfa
--- /dev/null
+++ b/modules/nix-access-tokens/default.nix
@@ -0,0 +1,24 @@
+{ lib, config, hostName ,... }:
+
+let
+  cfg = config.nix.includeAccessTokens;
+in {
+  options = {
+    nix.includeAccessTokens.enable = lib.mkEnableOption "including access tokens in nix.conf" // { default = lib.elem hostName ["sif" "surtr" "vidhar"]; };
+  };
+
+  config = lib.mkIf cfg.enable {
+    nix = {
+      extraOptions = ''
+        !include ${config.sops.secrets.nixAccessTokens.path}
+      '';
+    };
+
+    sops.secrets.nixAccessTokens = {
+      format = "binary";
+      sopsFile = ./nix.conf;
+      mode = "0440";
+      group = "wheel";
+    };
+  };
+}
-- 
cgit v1.2.3