New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

`nix.conf`: Handle `access-tokens` expiring. #44

Open

Lehmanator opened this issue Feb 28, 2024 · 0 comments

Assignees

Owner

Lehmanator commented Feb 28, 2024

Problems:

When a token specified in access-tokens in nix.conf expires, updating NixOS configs to use the new token becomes a pain because nixos-rebuild wants to fetch data from the GitHub API using the expired token, which fails.
Tokens stored in secrets, so we can't read as string into Nix configs.
Tokens secrets must be prefixed with access-tokens = github.com=

Possible Solutions:

Set environment variable before running nixos-rebuild
nixos-rebuild CLI flag/option to specify one of:
- new token directly?
- nix.conf option access-tokens
- nix.conf to run command with?

Module: nixosModules.git-tokens

Specify tokens, with their expiration date
Service to periodically test access-tokens for expiration/revocation before expiration date
Command/package to update access-tokens automatically. Terranix?
Activation script to warn user of upcoming expiration

Module: flakeModules.git-repo-self

Specify upstream git repo for flake.
Specify username on git forge.
Add/use repo secrets on GitHub / git forges
Wrap nixosConfigurations with configs to use the tokens/secrets.

The text was updated successfully, but these errors were encountered:

Lehmanator self-assigned this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment