✨ Store git secrets using libsecret

secrets, use apu-key in weather widget

.gitattributes

@@ -1 +1 @@
-home-manager/secrets/weather-api-key filter=git-crypt diff=git-crypt
+home-manager/secrets/* filter=git-crypt diff=git-crypt

home-manager/development/git.nix

@@ -1,7 +1,10 @@
 { pkgs, ... }:
 
 {
-  home.packages = with pkgs; [ git-crypt ];
+  home.packages = with pkgs; [
+    git-crypt
+    libsecret
+  ];
 
   programs.git = {
     enable = true;
@@ -22,6 +25,7 @@
     extraConfig = {
       push.autoSetupRemote = true;
       safe.directory = "/etc/nixos";
+      credential.helper = "${pkgs.git.override { withLibsecret = true; }}/bin/git-credential-libsecret";
     };
   };
 }

home-manager/hyprland/hyprpanel/default.nix

@@ -1,7 +1,13 @@
-{ pkgs, inputs, ... }:
+{
+  pkgs,
+  inputs,
+  lib,
+  ...
+}:
 let
   common = import ../../../common.nix;
   theme = import ../../../theme.nix;
+  loader = import ../../secretsLoader.nix lib;
 in
 {
   imports = [ inputs.hyprpanel.homeManagerModules.hyprpanel ];
@@ -74,7 +80,8 @@ in
           };
           weather = {
             unit = "metric";
-            location = "Bergen, Norway"; # TODO not working
+            location = "Bergen, Norway";
+            key = loader.loadSecret ../../secrets/weather-api-key;
           };
         };
 

home-manager/secretsLoader.nix

@@ -0,0 +1,6 @@
+lib:
+
+{
+  loadSecret =
+    filePath: lib.strings.trim (lib.strings.removeSuffix "\n" (builtins.readFile filePath));
+}

justfile

@@ -22,3 +22,9 @@ update:
     nix flake update
 
     just switch
+
+lock:
+    git-crypt lock
+
+unlock:
+    git-crypt unlock ~/.config/git/crypt-key