sam/nixos-4screen
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: harden NixOS config and strip secrets from generated_home.nix

Browse Source 
Co-authored-by: aider (openrouter/openai/gpt-5.2) <aider@aider.chat>
This commit is contained in:
sam rolfe
2026-02-08 13:58:05 +11:00
parent 45f457156a
commit 73bae4f9b9
2 changed files with 44 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
results/generated_home.nix
View File

@@ -90,14 +90,18 @@
# ---
# 5. ENVIRONMENT & API KEYS
# ---
# WARNING: Storing secrets in plain text is a security risk.
# Consider using a tool like sops-nix for production environments.
home.sessionVariables = {
OPENAI_API_KEY = "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";
TAVILY_API_KEY = "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";
DEEPSEEK_API_KEY = "sk-26c66e4dd5b34017bd66f7aef748c625";
};
# SECURITY: Do NOT store secrets in git-tracked Nix files.
# Use a local-only file such as:
# ~/.config/environment.d/10-secrets.conf
# or adopt sops-nix / agenix later.
#
# Example (DO NOT COMMIT):
# home.sessionVariables = {
# OPENAI_API_KEY = "…";
# TAVILY_API_KEY = "…";
# DEEPSEEK_API_KEY = "…";
# };
# Add custom binary paths to your environment
home.sessionPath = [
# For the 'opencode' CLI tool
@@ -117,4 +121,3 @@
# This section is a placeholder for linking config files from a Git repo.
# e.g., home.file.".config/nvim/init.vim".source = ./config/nvim/init.vim;
}