From 5bfa9f1e0984045c36eca54687217ddda5a492ca Mon Sep 17 00:00:00 2001 From: tux Date: Fri, 8 May 2026 05:31:18 +0530 Subject: [PATCH] refactor(config): standardize secret names for API keys --- modules/hm/shell/opencode.nix | 42 +++++++++++++++++++------------ modules/hosts/sirius/config.nix | 11 +++++--- modules/hosts/sirius/secrets.yaml | 12 ++++----- 3 files changed, 40 insertions(+), 25 deletions(-) diff --git a/modules/hm/shell/opencode.nix b/modules/hm/shell/opencode.nix index bc0f942..d519a0b 100644 --- a/modules/hm/shell/opencode.nix +++ b/modules/hm/shell/opencode.nix @@ -1,24 +1,34 @@ { - flake.modules.homeManager.shell = { - programs.opencode = { - enable = true; - tui = { - theme = "system"; - }; - settings = { - provider = { - openrouter = { - options = { - apiKey = "{file:/run/secrets/open_router_api_key}"; + flake.modules.homeManager.shell = + { + osConfig ? { }, + ... + }: + { + programs.opencode = { + enable = true; + tui = { + theme = "system"; + }; + settings = { + provider = { + google = { + options = { + apiKey = "{file:${osConfig.sops.secrets.gemini-api-key.path}}"; + }; }; - }; - opencode-go = { - options = { - apiKey = "{file:/run/secrets/open_code_go_api_key}"; + openrouter = { + options = { + apiKey = "{file:${osConfig.sops.secrets.openrouter-api-key.path}}"; + }; + }; + opencode-go = { + options = { + apiKey = "{file:${osConfig.sops.secrets.opencode-go-api-key.path}}"; + }; }; }; }; }; }; - }; } diff --git a/modules/hosts/sirius/config.nix b/modules/hosts/sirius/config.nix index 7f7aa4d..9b5d272 100644 --- a/modules/hosts/sirius/config.nix +++ b/modules/hosts/sirius/config.nix @@ -35,17 +35,22 @@ neededForUsers = true; }; - openrouter_api_key = { + gemini-api-key = { sopsFile = ./secrets.yaml; owner = userName; }; - opencode_go_api_key = { + openrouter-api-key = { sopsFile = ./secrets.yaml; owner = userName; }; - "vicinae.json" = { + opencode-go-api-key = { + sopsFile = ./secrets.yaml; + owner = userName; + }; + + vicinae-json = { sopsFile = ./secrets.yaml; owner = userName; }; diff --git a/modules/hosts/sirius/secrets.yaml b/modules/hosts/sirius/secrets.yaml index c1aee0c..e74d526 100644 --- a/modules/hosts/sirius/secrets.yaml +++ b/modules/hosts/sirius/secrets.yaml @@ -1,8 +1,8 @@ tux-password: ENC[AES256_GCM,data:EJFFMc0W1YvCLINg4kETlUbqMYSfRTsiRuoB5MybaVwl7bbBXyPFo/MspFFMXpAqSPrzRAPaM8Lxk9ndbjt7gZpSu1dPThq36Q==,iv:zn3UUMOcW09u6KTz87tDr1wfmsLMKIRBDpLfQhg0p14=,tag:AOs7NASXeo98mNKqsYP3Ww==,type:str] -gemini_api_key: ENC[AES256_GCM,data:agH39C8hXX1jKYq03Z70aHHfrKSbNnHJfndMB53YJgWEzban7uMA,iv:fnYOySXisW1n6Moad9xBoRQFtRa/J6zTcp0lAMEtguw=,tag:0ENL4uu+8OpNc9X+hy7SiQ==,type:str] -openrouter_api_key: ENC[AES256_GCM,data:VBhV4NcR+7O7X2/OpN2yAGnfcSS2o3Zbvr5g3LHjdUixNSq8OZupsT9SVJDGE/RJp6nunPnYo4K8qQP2+m3K3aeQYKIyT5KNTg==,iv:CVLnloUsobanpHOuP31eIGpGoJOODukGaEmQRF+RPGw=,tag:DdEtCHMPwIIbdwZis4lQgg==,type:str] -opencode_go_api_key: ENC[AES256_GCM,data:F7WXUHDX+pESqQJ4Sg5lNXqHLvsCd1bDFPZOutuacDFu3wLHs8i0kD/rLZ+m78OmRBRv2P3kf/gJsggtkvLC/PADYQ==,iv:23soYOeKC+CvLqwvP0M+uXICBKLsOs3z8g6iUhxzrpY=,tag:2EhgRFUaHsyNJ6TqYXJYzw==,type:str] -vicinae.json: ENC[AES256_GCM,data:qRv0EUwtS6bK9memOG3BqLf1uE5YNlpSC/p/05sb8Fw6skESaiymo584n5N8vkvGCn2Qjv/6ioJzwP4TieGtPoR1pHXkwTTGdzsnbRoU0bMuTUhD+NUBkjo2men7Yy3ljoNoopmgz9UFfps+EWuZSMmsNgIu/4sMXsNKcpDKcd8vLpXlPogwqUtbzuKw+u4RRzox0GB0QNEGcQ/F6dVKxJ2StDI8Bfy6qovEDUnK0snoCLhvAULwYwTKef8GpkCWVQRWxXk+dA4GjtgPuiABesv82gCsmsvzmfE3LLUqw+SfYgyQIXBL0IxFiULnkYZR7wmpUeWer3VCS1D8mv/0lvmcdvMqILgkV3UqXTrPqA==,iv:v7zh1tae6TFWOYms/7ihBdoJmw3z4jhcq9aV5y46aXc=,tag:2IKxst4I1XpAHp1wkOMYNA==,type:str] +gemini-api-key: ENC[AES256_GCM,data:Ehj/rDrYKqMcA8b49K7WGjWqTqnrphfFaT2H9dxSw3KyQNEbyTHG,iv:6Av7LlS5VT+9nLMlSfTjmiMx0pp44BPQW3mNmLi+uIE=,tag:Eta0moveaDoBL52DktPF+w==,type:str] +openrouter-api-key: ENC[AES256_GCM,data:v0wOsERSPpYnogfpbFqo1gQvOJlECKHHliIk3IXtQ3A043cK+X846qI9/MM3DSkvlFDTyc63Si8/zPuh3MGCsMrXxRmHCILDmA==,iv:C4Qk+23Vv0Q+Tl+BjwzS7aSUkQtY+mgLWfx8lprJ4CE=,tag:DhcVXKQxxBqvlr7lc5MRlg==,type:str] +opencode-go-api-key: ENC[AES256_GCM,data:34aVZvk6zHnh6iOKHZVvLT0qt3IFR9yu8fuVh7lubHL3YNdifbFoW/jJ3FIKWqU9HvTFhO6opIYI9h5Zpip+TbagLg==,iv:xQbeP8P0QutSC9iCRDeCupBYaJrDronl7RqNPJADkjw=,tag:upco9ewspSqJdV+aKqVnwA==,type:str] +vicinae-json: ENC[AES256_GCM,data:utkOJg/x89+AjQlc8WZ8Z0SmZET4yR16J6MgQ/LYt7galvHT9ybzjV3R7FoBG5GLNQYHAM13pc2290pJ3apivyodlFNBqoyuuDYP0t+HgHuOH67P6YXUHR5ROYRvW2GAZm/AcMrlHwCMUmgUtf4mXttskvqyuxQrIYhi0nfNa1mVY3df2x7RF+cJGWPLDF4K8YI5sFE4ctkLfREGI40OCGM0An0PJliwrFXgRZvYd5gohT1XAS/dEemB4uegGUJ6To/1KD2kI1tzsETflTPzrkSEcMt1MtDEjGKI+qdTSZQU2H66nqQ8TJKvR6WxnvXUR69vjgTSsPZ7Sk78gI1sbXe2cSc48lrP5Z1o7dqO0A==,iv:7REKeCdIQGXZWjuiTpZRpzG4wu3/+pO003gX62r5CRc=,tag:dWXji9Ub41dEKP4FXRodSg==,type:str] sops: age: - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4 @@ -23,7 +23,7 @@ sops: UGpKTHZTT2JZU0xaTHhhRjk2bEhaU1EKutUEk+TMTATHEoM9+MOdkUnIoBMeeDfu +GGKvInVKkAOtujBtSMj+xM8AEcfaHAFtwTgP/HEk3Hu6v7gp14oew== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-05-07T13:21:48Z" - mac: ENC[AES256_GCM,data:VWNmixzidftm4u0lUt5yL9rlvQXOXVT1+A6b/6IyO9WsWi5aM67t9l9phwRxLYad1lLL/epDmJyIJQ0ck01CzQ/hFm2mnMk87ofrwbph3GVdvrYj+2dDkzIBCwDUe/p4rkrTSo87FVJZ8NvrndbBLX3pq7Axjeo92b3Zxfxg+L8=,iv:IqCOBV5EICtO1hRO07Df0fgobO+/biS8O/4lva7NfEg=,tag:vPltr8g61OdKK4XXFyJdgQ==,type:str] + lastmodified: "2026-05-07T23:53:28Z" + mac: ENC[AES256_GCM,data:AGccISYxtma2i44KcG3y2pYP+toL/NC9crTR26M+BZs0lh0fbWxJyfOQITOaPo7VQb0nhgPDJm6M9oRvIQUYawOBMpPr1BtLfen3nKbs6cspQERZAEPv/vU98Vm0hGHbjjxteq5wX2eRjuCGRhthYJ0ppDE26QNEDesNpXH92mo=,iv:sDBjBFY4CFuSpU1HAfissqUB/7+K1VUWXhhGvF5xJNk=,tag:nNgYFMKs3/d5ZMOlJ08Amg==,type:str] unencrypted_suffix: _unencrypted version: 3.12.2