UGA-Innovation-Factory/athenix
3
1
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

feat: USDA-dash now uses encrypted .env files
All checks were successful
CI / Format Check (push) Successful in 2s
Details
CI / Flake Check (push) Successful in 1m42s
Details
CI / Evaluate Key Configurations (nix-builder) (push) Successful in 14s
Details
CI / Evaluate Key Configurations (nix-desktop1) (push) Successful in 8s
Details
CI / Evaluate Key Configurations (nix-laptop1) (push) Successful in 9s
Details
CI / Evaluate Artifacts (installer-iso-nix-laptop1) (push) Successful in 20s
Details
CI / Evaluate Artifacts (lxc-nix-builder) (push) Successful in 13s
Details
CI / Build and Publish Documentation (push) Successful in 10s
Details

Browse Source
This commit is contained in:
UGA Innovation Factory
2026-01-30 23:19:38 +00:00
parent 7e6e8d5e0f
commit 7c07727150
4 changed files with 53 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
secrets/secrets.nix
View File

@@ -54,27 +54,10 @@ let
in
lenStr >= lenSuffix && lib.substring (lenStr - lenSuffix) lenSuffix str == suffix;
hasPrefix =
prefix: str:
let
lenPrefix = lib.stringLength prefix;
in
lib.stringLength str >= lenPrefix && lib.substring 0 lenPrefix str == prefix;
nameValuePair = name: value: { inherit name value; };
secretsPath = ./secrets;
# Helper to convert SSH public key content to age public key
sshToAge =
sshPubKey:
let
# This is a simple check - in practice, use ssh-to-age tool
# For now, we'll just use the keys as-is if they look like age keys
trimmed = lib.replaceStrings [ "\n" ] [ "" ] sshPubKey;
in
if lib.substring 0 4 trimmed == "age1" then trimmed else null; # Will need manual conversion with ssh-to-age
# Read all directories in secrets/
secretDirs = if lib.pathExists secretsPath then lib.readDir secretsPath else { };