ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add secrets-bao and load litellm env from /run/secrets

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2026-01-06 23:44:39 -06:00
parent de0a6add72
commit 0390a6f8f0
2 changed files with 38 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

37
hosts/h001/flake.nix
View file

@ -21,6 +21,7 @@
secrets.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/secrets";
# beszel.url = "path:../../flakes/beszel";
beszel.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/beszel";
secrets-bao.url = "path:../../flakes/secrets-bao";
ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";
@ -80,6 +81,42 @@
};
})
inputs.secrets-bao.nixosModules.default
(
{ inputs, lib, ... }:
let
secrets = {
litellm-env = {
owner = "root";
group = "root";
mode = "0400";
path = "/run/secrets/litellm.env";
softDepend = [ "litellm" ];
template = ''
{{- with secret "kv/data/machines/home/openrouter" -}}OPENROUTER_API_KEY={{ .Data.data.api-key }}{{ end }}
{{- with secret "kv/data/machines/home/anthropic-claude" -}}
ANTHROPIC_API_KEY={{ .Data.data.api-key }}{{ end -}}
'';
};
};
in
lib.mkMerge [
{
ringofstorms.secretsBao = {
enable = true;
zitadelKeyPath = "/machine-key.json";
openBaoAddr = "https://sec.joshuabell.xyz";
jwtAuthMountPath = "auth/zitadel-jwt";
openBaoRole = "machines";
zitadelIssuer = "https://sso.joshuabell.xyz";
zitadelProjectId = "344379162166820867";
inherit secrets;
};
}
(inputs.secrets-bao.lib.applyConfigChanges secrets)
]
)
nixarr.nixosModules.default
./hardware-configuration.nix
./mods