From 7c1519881a3ab994ab56cb40cd9dadcd562ee392 Mon Sep 17 00:00:00 2001 From: Evan Reichard Date: Sat, 2 May 2026 15:48:15 -0400 Subject: [PATCH] refactor(llama-swap): generate sops secrets from apiKeys list --- modules/nixos/services/llama-swap/default.nix | 21 +++++++------------ secrets/common/llama-swap.yaml | 5 +++-- 2 files changed, 11 insertions(+), 15 deletions(-) diff --git a/modules/nixos/services/llama-swap/default.nix b/modules/nixos/services/llama-swap/default.nix index 9ebf267..b006d13 100644 --- a/modules/nixos/services/llama-swap/default.nix +++ b/modules/nixos/services/llama-swap/default.nix @@ -5,7 +5,9 @@ , ... }: let - inherit (lib) mkIf mkEnableOption recursiveUpdate; + inherit (lib) mkIf mkEnableOption recursiveUpdate listToAttrs; + + apiKeys = [ "evan" "pi" "aethera" ]; cfg = config.${namespace}.services.llama-swap; llama-swap = pkgs.reichard.llama-swap; @@ -88,26 +90,19 @@ in # Create Config sops = { - secrets = { - "llama_swap_api_keys/evan" = { + secrets = listToAttrs (map (name: { + name = "llama_swap_api_keys/${name}"; + value = { sopsFile = lib.snowfall.fs.get-file "secrets/common/llama-swap.yaml"; }; - }; - secrets = { - "llama_swap_api_keys/pi" = { - sopsFile = lib.snowfall.fs.get-file "secrets/common/llama-swap.yaml"; - }; - }; + }) apiKeys); templates."llama-swap.json" = { owner = "llama-swap"; group = "llama-swap"; mode = "0400"; content = builtins.toJSON ( recursiveUpdate cfg.config { - apiKeys = [ - config.sops.placeholder."llama_swap_api_keys/pi" - config.sops.placeholder."llama_swap_api_keys/evan" - ]; + apiKeys = map (name: config.sops.placeholder."llama_swap_api_keys/${name}") apiKeys; } ); }; diff --git a/secrets/common/llama-swap.yaml b/secrets/common/llama-swap.yaml index f179c04..685d320 100644 --- a/secrets/common/llama-swap.yaml +++ b/secrets/common/llama-swap.yaml @@ -1,6 +1,7 @@ #ENC[AES256_GCM,data:GdmmcWLHlE3LJvl9VfzbuEgZyGGqlKcrtNa+78/FFKO5coPf0n27eKwfo6UGuhf3ln++ePv37Eg=,iv:M+DWl7AZeQXJ0z4l6LHJBYrI/jW5NFY6b2tW9QnL9jM=,tag:fdy4feWIvKPCHbAcNZ6mmQ==,type:comment] llama_swap_api_keys: pi: ENC[AES256_GCM,data:7Cw7RPQemcf5/zO7uazjA+dzpQu2MQo/Nbe3K3/CJ+OeQR90SJx4Z0TZudFugZoIHWR+sPEGQxUk8ne5xcfY6GSHJA==,iv:B5fX93BtSNwIDUdWTXr3ZhBQ4AuUqDHjeeVbkcCk7HI=,tag:6RMyFEF5872waHzxUCUh0Q==,type:str] + aethera: ENC[AES256_GCM,data:IcVya8MVZ/tzFchSWp8mkaLJfUqMgDsWQL4gZsZZmppXZ0+xOTRf5vjMc3sGNuRvOixU5nLaeTaESqoWfoq5gDNMfQ==,iv:WYFbAaNiSrHxJ4e8PU1hEyKGYKgWdFg72CSAQJmXaHw=,tag:X45Y7h0ME1e7Yryl6ES9SQ==,type:str] evan: ENC[AES256_GCM,data:QKoFxv0gnDd1TZn9a+hFxu/J,iv:rje8Pk4ko8kjt1za/LOiLkoid4mmR5NtHCk0QX6rakg=,tag:MYTTE3KfWvfv2i98rTZUhQ==,type:str] sops: age: @@ -76,7 +77,7 @@ sops: SmpMYnNBTWVYTENWSUQvWXMrZXVqbncK6KtP4pOEBDM8gK26uYp3a/WRP4TrkyWV 4ugL2Y7sGkVrWz0Cvr3Jp9QDuPh3xs4jZyEvB8RbxQDMFJzdOEBv2A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-05-02T10:31:38Z" - mac: ENC[AES256_GCM,data:ZF8NYaDKP42HHkfQ5Nr9uazFwEVZzzahq6mqybf16fQ7Rq9CXd+gCdD7Ie6Dq6gtEpNcCnKDWZwAgUYw5WSl1qzLFK3G5EMfvYvPdcggKuH7Tfxw8Ar6QA3Il/sEnQZgyuW77shXP0ma2XAFGaEXp5WuMIg1ZD8T0TKWeEr9L+Q=,iv:HaKd6MxlJvVYI9wMzuG7Dd656SUDl3moR/L65xQpmX4=,tag:Bo575jGyZ9UabUki9Yvtvg==,type:str] + lastmodified: "2026-05-02T19:41:27Z" + mac: ENC[AES256_GCM,data:uL+15e31xhsZ3p1h3HqkWxjnEbwI3NuV9g+Apt/lw/1Q9IB29ViNl9H11qAptcJNz9gjTi9k2J9ITLgOqUkP2+3Saz1fK+QLJ11W91cQxAeLVSWdDwpJKrTL6tbWwH1+Ri/p5odyC1tqwwUX3AHy7WMYNq3f20+SJKbCBNc3k3I=,iv:H74r14tlmpJZzaFRGIkoM9UVMSDnyWgrhPpDAw5/rIQ=,tag:O67E2OZ2+HLrlEkvfTrQyA==,type:str] unencrypted_suffix: _unencrypted version: 3.12.1