From eb5b9be545eaf552ba9021a81227a43d3422c5b6 Mon Sep 17 00:00:00 2001
From: Gabe Dunn <gabe@sent.at>
Date: Mon, 1 Apr 2024 03:25:47 -0700
Subject: [PATCH] add cachix secrets to home manager

---
 home/gabe/features/cli/fish.nix |  2 ++
 home/gabe/global/sops.nix       | 17 +++++++++--------
 home/gabe/secrets.yaml          |  6 ++++--
 3 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/home/gabe/features/cli/fish.nix b/home/gabe/features/cli/fish.nix
index 202e549d..bc062240 100644
--- a/home/gabe/features/cli/fish.nix
+++ b/home/gabe/features/cli/fish.nix
@@ -415,5 +415,7 @@ in {
   xdg.configFile."fish/env.secrets.fish".text = ''
     set --export YOUTUBE_API_KEY "$(${pkgs.coreutils}/bin/cat ${config.sops.secrets.youtube.path})"
     set --export BW_SESSION "$(${pkgs.coreutils}/bin/cat ${config.sops.secrets.bw.path})"
+    set --export CACHIX_AUTH_TOKEN "$(${pkgs.coreutils}/bin/cat ${config.sops.secrets.cachix.path})"
+    set --export CACHIX_ACTIVATE_TOKEN "$(${pkgs.coreutils}/bin/cat ${config.sops.secrets.cachix-activate.path})"
   '';
 }
diff --git a/home/gabe/global/sops.nix b/home/gabe/global/sops.nix
index 79851d25..686c2548 100644
--- a/home/gabe/global/sops.nix
+++ b/home/gabe/global/sops.nix
@@ -6,14 +6,15 @@
     age.sshKeyPaths = lib.mkDefault [ "/home/gabe/.ssh/id_ed25519" ];
 
     secrets = {
-      bw = { path = "${config.xdg.configHome}/secrets/bw.txt"; };
-      youtube = { path = "${config.xdg.configHome}/secrets/youtube.txt"; };
-      openweathermap = {
-        path = "${config.xdg.configHome}/secrets/openweathermap.txt";
-      };
-      "adguardian.fish" = {
-        path = "${config.xdg.configHome}/secrets/adguardian.fish";
-      };
+      bw.path = "${config.xdg.configHome}/secrets/bw.txt";
+      cachix.path = "${config.xdg.configHome}/secrets/cachix.txt";
+      cachix-activate.path =
+        "${config.xdg.configHome}/secrets/cachix-activate.txt";
+      youtube.path = "${config.xdg.configHome}/secrets/youtube.txt";
+      openweathermap.path =
+        "${config.xdg.configHome}/secrets/openweathermap.txt";
+      "adguardian.fish".path =
+        "${config.xdg.configHome}/secrets/adguardian.fish";
     };
   };
 }
diff --git a/home/gabe/secrets.yaml b/home/gabe/secrets.yaml
index f592db2b..00dc3a3e 100644
--- a/home/gabe/secrets.yaml
+++ b/home/gabe/secrets.yaml
@@ -1,4 +1,6 @@
 bw: ENC[AES256_GCM,data:F+OHjhYVz363CC5Jo0gwrik1UEbfETLMRYW7Ue02W/ZeHscyExrdNwuCQScBRS9BIdMqCl4XKcoxAPKLI+9u3ef9Fwsb7+KMQ0U0bC7XpdFU3bD3cUEytQ==,iv:j153ZS90fvxOZW+nCt/dP04Hyh6Me4SAAZqek96Sxd4=,tag:LGq3LmTx2a1u8np2x2DnRQ==,type:str]
+cachix: ENC[AES256_GCM,data:aIC9YKUgiewgL9RBp8SjJ1UbvSbu9yR6eqr8D6rS2vTUIayX7eM44pKuHQp+BSJol0PzD80xzRTCo9fw7ohvn1K2j8unwOsnxkUmHagAmMUSi7yCxTf0db1BmT6FQu2DsddUknmTQ9ePAjKqsELZWzLScsLSTPBsD5v062xiUeG7RsiLFUK5vfPHYN6oJ9xIVGBYEVg=,iv:nGDNglal8grUIV6VR7Uqk9TG57oI8XHuF5cZzuoSPRc=,tag:5CbmbNyIvPNJcb9sgl5xHA==,type:str]
+cachix-activate: ENC[AES256_GCM,data:KofCeNaqHzE7pHnnONEY/zKPeZYOwYqztEO9K5f4ugnuyA0WQmSd9buHfKg8/5IC9F0t+42qkFNGo4zZz5gD87k755Gnyc4xV1Htp1FiZ1BKCIq21fQRWCLZq7AT35MAq3Hql5eiHjty+kH5uq+USpz5Pq57gOjz6zK3fp3GauZ247fsPb4v7vOpr0vnE+z1b5+zY+2CdlnU,iv:rk+6HH4PqumkieAsbnRUvN0/Lm6DxkIV8dyELKYF15U=,tag:i7rYfYzRwaiLWzHBkbhq9g==,type:str]
 openweathermap: ENC[AES256_GCM,data:k7Q2SWE11GDOtUCLaBlpv6Mt9LDrBj+2XDQdiYMDTbw=,iv:kGWahajATUkzMgv8v9AtaBZlEH3+YegXpkmZSlDjuEg=,tag:C2LBv1eQueKBE/4q2KRrNQ==,type:str]
 spotify: ENC[AES256_GCM,data:59wzvktIj+fLIm44O2G5Iw==,iv:rDWX9ho4UV7lD7KZV2xZ9VIoG4/qos1uDrej5sPkdd0=,tag:ywRRE1VKIi5keovpZIvjFQ==,type:str]
 youtube: ENC[AES256_GCM,data:lx4x8ZQB68A6X9P39I/XWcUl4q7tT+n2AoTGKF18Dz5es9KRQdkD,iv:vCV3ewwkDU2MnvOXzfeJ+BSQvkiu18NSruX8CQuPFRE=,tag:dsj1zaEtCORMZLJV6Ktalg==,type:str]
@@ -27,8 +29,8 @@ sops:
             SlF3dGJHSGpPdG9IVXZzY3dJN28xOGcK0xYMC5dpGmj+qakNZaLpYgqeCWc8Zzc9
             ShA2ox2c6yMyYiaw+K2adjIEzSLqpwmCKma6EfauABsNfGO0wr0KkA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-03-09T11:15:31Z"
-    mac: ENC[AES256_GCM,data:tq6RVt1/oI4gFD6KB0HVM2TOjnVUcdApT68yHX4ZsVFTRvCjAy3IaVS32tJRMetTZ1wqt3ghoJq4NtWbkNyw6wiAabJDtpiiTMviDZaUSczofMCZVnXRp39SvExqval5OMKhhNAaaWQjJK8+s/s0Z5T3Xpw86KkypeFAWRyZA4U=,iv:6diQ2JJHukLQO8OkUHBD1v4bsQkuqrgfpL42C4bRmMs=,tag:kEEnH+5DvFMHORCBO7Ni5g==,type:str]
+    lastmodified: "2024-04-01T10:22:38Z"
+    mac: ENC[AES256_GCM,data:cdM1R4WLNhp3R2d1IdS1j/VTyhWvvjyRjbv8GDpe60rdqSNxySlDsBZgYcwIYfSsPxBNM7IGIKo1dyVFNL/cdVnUWY8nwtEACyS6JQiMBLXP8yYr+v6VAgEPSn/iMiyCFvSs+xLvyZq6ZDYLtDqkPVFmv4MtFxGKDNispvpyJWg=,iv:wRVEKEFVSkN6ivmK3AdPjanEyGmVBcgdXcK973Sz6JM=,tag:qEI3ZQ5FOsd0iZZ41iw9bw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1