evan/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(llama-swap): generate sops secrets from apiKeys list

Browse Source
This commit is contained in:
Evan Reichard
2026-05-02 15:48:15 -04:00
parent f00edb620c
commit 7c1519881a
2 changed files with 11 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
modules/nixos/services/llama-swap/default.nix
View File

@@ -5,7 +5,9 @@
, ... , ...
}: }:
let let
inherit (lib) mkIf mkEnableOption recursiveUpdate; inherit (lib) mkIf mkEnableOption recursiveUpdate listToAttrs;
apiKeys = [ "evan" "pi" "aethera" ];
cfg = config.${namespace}.services.llama-swap; cfg = config.${namespace}.services.llama-swap;
llama-swap = pkgs.reichard.llama-swap; llama-swap = pkgs.reichard.llama-swap;
@@ -88,26 +90,19 @@ in
# Create Config # Create Config
sops = { sops = {
secrets = { secrets = listToAttrs (map (name: {
"llama_swap_api_keys/evan" = { name = "llama_swap_api_keys/${name}";
value = {
sopsFile = lib.snowfall.fs.get-file "secrets/common/llama-swap.yaml"; sopsFile = lib.snowfall.fs.get-file "secrets/common/llama-swap.yaml";
}; };
}; }) apiKeys);
secrets = {
"llama_swap_api_keys/pi" = {
sopsFile = lib.snowfall.fs.get-file "secrets/common/llama-swap.yaml";
};
};
templates."llama-swap.json" = { templates."llama-swap.json" = {
owner = "llama-swap"; owner = "llama-swap";
group = "llama-swap"; group = "llama-swap";
mode = "0400"; mode = "0400";
content = builtins.toJSON ( content = builtins.toJSON (
recursiveUpdate cfg.config { recursiveUpdate cfg.config {
apiKeys = [ apiKeys = map (name: config.sops.placeholder."llama_swap_api_keys/${name}") apiKeys;
config.sops.placeholder."llama_swap_api_keys/pi"
config.sops.placeholder."llama_swap_api_keys/evan"
];
} }
); );
}; };

5
secrets/common/llama-swap.yaml
View File

@@ -1,6 +1,7 @@
#ENC[AES256_GCM,data:GdmmcWLHlE3LJvl9VfzbuEgZyGGqlKcrtNa+78/FFKO5coPf0n27eKwfo6UGuhf3ln++ePv37Eg=,iv:M+DWl7AZeQXJ0z4l6LHJBYrI/jW5NFY6b2tW9QnL9jM=,tag:fdy4feWIvKPCHbAcNZ6mmQ==,type:comment] #ENC[AES256_GCM,data:GdmmcWLHlE3LJvl9VfzbuEgZyGGqlKcrtNa+78/FFKO5coPf0n27eKwfo6UGuhf3ln++ePv37Eg=,iv:M+DWl7AZeQXJ0z4l6LHJBYrI/jW5NFY6b2tW9QnL9jM=,tag:fdy4feWIvKPCHbAcNZ6mmQ==,type:comment]
llama_swap_api_keys: llama_swap_api_keys:
pi: ENC[AES256_GCM,data:7Cw7RPQemcf5/zO7uazjA+dzpQu2MQo/Nbe3K3/CJ+OeQR90SJx4Z0TZudFugZoIHWR+sPEGQxUk8ne5xcfY6GSHJA==,iv:B5fX93BtSNwIDUdWTXr3ZhBQ4AuUqDHjeeVbkcCk7HI=,tag:6RMyFEF5872waHzxUCUh0Q==,type:str] pi: ENC[AES256_GCM,data:7Cw7RPQemcf5/zO7uazjA+dzpQu2MQo/Nbe3K3/CJ+OeQR90SJx4Z0TZudFugZoIHWR+sPEGQxUk8ne5xcfY6GSHJA==,iv:B5fX93BtSNwIDUdWTXr3ZhBQ4AuUqDHjeeVbkcCk7HI=,tag:6RMyFEF5872waHzxUCUh0Q==,type:str]
aethera: ENC[AES256_GCM,data:IcVya8MVZ/tzFchSWp8mkaLJfUqMgDsWQL4gZsZZmppXZ0+xOTRf5vjMc3sGNuRvOixU5nLaeTaESqoWfoq5gDNMfQ==,iv:WYFbAaNiSrHxJ4e8PU1hEyKGYKgWdFg72CSAQJmXaHw=,tag:X45Y7h0ME1e7Yryl6ES9SQ==,type:str]
evan: ENC[AES256_GCM,data:QKoFxv0gnDd1TZn9a+hFxu/J,iv:rje8Pk4ko8kjt1za/LOiLkoid4mmR5NtHCk0QX6rakg=,tag:MYTTE3KfWvfv2i98rTZUhQ==,type:str] evan: ENC[AES256_GCM,data:QKoFxv0gnDd1TZn9a+hFxu/J,iv:rje8Pk4ko8kjt1za/LOiLkoid4mmR5NtHCk0QX6rakg=,tag:MYTTE3KfWvfv2i98rTZUhQ==,type:str]
sops: sops:
age: age:
@@ -76,7 +77,7 @@ sops:
SmpMYnNBTWVYTENWSUQvWXMrZXVqbncK6KtP4pOEBDM8gK26uYp3a/WRP4TrkyWV SmpMYnNBTWVYTENWSUQvWXMrZXVqbncK6KtP4pOEBDM8gK26uYp3a/WRP4TrkyWV
4ugL2Y7sGkVrWz0Cvr3Jp9QDuPh3xs4jZyEvB8RbxQDMFJzdOEBv2A== 4ugL2Y7sGkVrWz0Cvr3Jp9QDuPh3xs4jZyEvB8RbxQDMFJzdOEBv2A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-02T10:31:38Z" lastmodified: "2026-05-02T19:41:27Z"
mac: ENC[AES256_GCM,data:ZF8NYaDKP42HHkfQ5Nr9uazFwEVZzzahq6mqybf16fQ7Rq9CXd+gCdD7Ie6Dq6gtEpNcCnKDWZwAgUYw5WSl1qzLFK3G5EMfvYvPdcggKuH7Tfxw8Ar6QA3Il/sEnQZgyuW77shXP0ma2XAFGaEXp5WuMIg1ZD8T0TKWeEr9L+Q=,iv:HaKd6MxlJvVYI9wMzuG7Dd656SUDl3moR/L65xQpmX4=,tag:Bo575jGyZ9UabUki9Yvtvg==,type:str] mac: ENC[AES256_GCM,data:uL+15e31xhsZ3p1h3HqkWxjnEbwI3NuV9g+Apt/lw/1Q9IB29ViNl9H11qAptcJNz9gjTi9k2J9ITLgOqUkP2+3Saz1fK+QLJ11W91cQxAeLVSWdDwpJKrTL6tbWwH1+Ri/p5odyC1tqwwUX3AHy7WMYNq3f20+SJKbCBNc3k3I=,iv:H74r14tlmpJZzaFRGIkoM9UVMSDnyWgrhPpDAw5/rIQ=,tag:O67E2OZ2+HLrlEkvfTrQyA==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.12.1 version: 3.12.1