gortium/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed age secrets

Browse Source
This commit is contained in:
Thierry Pouplier
2025-09-20 13:59:48 -04:00
parent e1cdb55940
commit ab6d6a8492
9 changed files with 206 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
doom/.config/doom/README.org
View File

@@ -43,14 +43,6 @@ they are implemented.
;;; $DOOMDIR/config.el -*- lexical-binding: t; -*-
#+end_src
** Secrets
#+begin_src emacs-lisp
(after! auth-source
(add-to-list 'auth-sources
`(:source ,(concat doom-private-dir "secrets.el.age") :type age)))
#+end_src
** User Info
Place your private configurations. It is optional.
@@ -709,7 +701,7 @@ Handles org-clock and context link capture for tasks."
;; Connecteam org-roam-dailies integration
(require 'request)
(defvar gortium/connecteam-api-key (auth-source-pick-first-password :host "connecteam") "Your Connecteam API Key")
(defvar gortium/connecteam-api-key (auth-source-passage-get 'secret "connecteam") "Your Connecteam API Key")
(defvar gortium/connecteam-user-id "9885891" "Your Connecteam User ID")
(defvar gortium/connecteam-clock-id "9335145" "Your Connecteam time clock ID used in API calls.")
@@ -1108,17 +1100,86 @@ numbers are disabled. For relative line numbers, set this to ~relative~.
#+end_src
** Age
Allow me to edit age file directly in emacs buffer.
#+begin_src emacs-lisp
(use-package! age
:demand t
:custom
(age-program "rage")
(age-default-identity "~/.ssh/gortium_ssh_key")
(age-default-recipient "~/.ssh/gortium_ssh_key.pub")
:config
(setq age-program "rage")
(setq age-default-identity "~/.ssh/gortium_ssh_key")
(setq age-default-recipient "~/.ssh/gortium_ssh_key.pub")
(age-file-enable))
#+end_src
#+begin_src emacs-lisp
(require 'notifications)
(require 'cl-lib)
(defun gortium/age-notify (msg &optional simple)
"Notify about AGE operations. SIMPLE uses `message` instead of desktop notification."
(if simple
(message "%s" msg)
(if (eq system-type 'gnu/linux)
(notifications-notify
:title "age.el"
:body msg
:urgency 'low
:timeout 800)
(message "%s" msg))))
(defun gortium/age-notify-decrypt (&rest args)
"Notification hook for age decryption."
(cl-destructuring-bind (context cipher) args
(gortium/age-notify (format "Decrypting %s" (age-data-file cipher)) t)))
(defun gortium/age-notify-encrypt (&rest args)
"Notification hook for age encryption."
(cl-destructuring-bind (context plain recipients) args
(gortium/age-notify (format "Encrypting %s" (age-data-file plain)) t)))
(defun gortium/age-toggle-decrypt-notifications ()
"Toggle notifications for age decryption."
(interactive)
(if (advice-member-p #'gortium/age-notify-decrypt #'age-start-decrypt)
(progn
(advice-remove #'age-start-decrypt #'gortium/age-notify-decrypt)
(message "Disabled age decrypt notifications."))
(advice-add #'age-start-decrypt :before #'gortium/age-notify-decrypt)
(message "Enabled age decrypt notifications.")))
(defun gortium/age-toggle-encrypt-notifications ()
"Toggle notifications for age encryption."
(interactive)
(if (advice-member-p #'gortium/age-notify-encrypt #'age-start-encrypt)
(progn
(advice-remove #'age-start-encrypt #'gortium/age-notify-encrypt)
(message "Disabled age encrypt notifications."))
(advice-add #'age-start-encrypt :before #'gortium/age-notify-encrypt)
(message "Enabled age encrypt notifications.")))
;; enable notifications by default
(gortium/age-toggle-decrypt-notifications)
(gortium/age-toggle-encrypt-notifications)
#+end_src
** Passage
Allow retrieval of password from age file formatted like passwordstore
#+begin_src emacs-lisp
(use-package! passage
:demand t
:config
;; rebind function value for pass to passage
(fset #'pass (lambda () (interactive) (passage)))
(setq age-program "rage")
(setq auth-source-passage-filename (expand-file-name "~/ExoKortex/2-Areas/IT/dotfiles/secrets"))
(setenv "PASSAGE_IDENTITIES_FILE" (expand-file-name age-default-identity))
(setenv "PASSAGE_RECIPIENTS_FILE" (expand-file-name age-default-recipient))
(setenv "PASSAGE_AGE" "rage")
(setenv "PASSAGE_DIR" (expand-file-name "~/ExoKortex/2-Areas/IT/dotfiles/secrets"))
)
#+end_src
* Terminal
** EEE
@@ -1160,21 +1221,21 @@ numbers are disabled. For relative line numbers, set this to ~relative~.
(setq gptel-expert-commands t
gptel-default-mode 'org-mode
;; gptel-model 'OpenRouter:deepseek/deepseek-chat-v3-0324:free
gptel-api-key (auth-source-pick-first-password :host "openrouter"))
gptel-api-key (auth-source-passage-get 'secret "openrouter"))
(require 'gptel-integrations)
(gptel-make-openai "OpenRouter"
:host "openrouter.ai"
:endpoint "/api/v1/chat/completions"
:stream t
:key (auth-source-pick-first-password :host "openrouter")
:key (auth-source-passage-get 'secret "openrouter")
:models '(deepseek/deepseek-r1-0528-qwen3-8b:free
google/gemini-2.0-flash-exp:free
deepseek/deepseek-chat-v3-0324:free
meta-llama/llama-4-maverick:free
qwen/qwen3-coder:free))
(gptel-make-gemini "Gemini"
:key (auth-source-pick-first-password :host "gemini")
:key (auth-source-passage-get 'secret "gemini")
:stream t
:models '(gemini-2.5-pro
gemini-2.5-flash))
@@ -1186,7 +1247,7 @@ numbers are disabled. For relative line numbers, set this to ~relative~.
(gptel-make-openai "OpenWebUI"
:host "ai.aziworkhorse.duckdns.org"
:curl-args '("--insecure") ; needed for self-signed certs
:key (auth-source-pick-first-password :host "openwebui")
:key (auth-source-passage-get 'secret "openwebui")
:endpoint "/api/chat/completions"
:stream t
:models '("orieg/gemma3-tools:1b"))
@@ -1231,7 +1292,7 @@ Emigo - Aidermacs 2.0
;; Encourage using OpenRouter with Deepseek
(emigo-model "openrouter/deepseek/deepseek-chat-v3-0324:free")
(emigo-base-url "https://openrouter.ai/api/v1")
(emigo-api-key (auth-source-pick-first-password :host "openrouter")))
(emigo-api-key (auth-source-passage-get 'secret "openrouter")))
;; Enable line wrapping in Emigo chat buffers
(add-hook 'emigo-mode-hook
@@ -1256,7 +1317,7 @@ Emigo - Aidermacs 2.0
;; Set API_KEY in .bashrc, that will automatically picked up by aider or in elisp
;; (setenv "ANTHROPIC_API_KEY" "sk-...")
;; defun my-get-openrouter-api-key yourself elsewhere for security reasons
(setenv "OPENROUTER_API_KEY" (auth-source-pick-first-password :host "openrouter"))
(setenv "OPENROUTER_API_KEY" (auth-source-passage-get 'secret "openrouter"))
:custom
;; See the Configuration section below
(aidermacs-use-architect-mode t)
@@ -1296,11 +1357,11 @@ Emigo - Aidermacs 2.0
(setopt ellama-providers
'(
("deepseek-r1" . (make-llm-openai-compatible
:key (auth-source-pick-first-password :host "openrouter")
:key (auth-source-passage-get 'secret "openrouter")
:url "https://openrouter.ai/api/v1"
:chat-model "deepseek/deepseek-chat-v3-0324:free"))
("gemini-2.0-flash" . (make-llm-openai-compatible
:key (auth-source-pick-first-password :host "openrouter")
:key (auth-source-passage-get 'secret "openrouter")
:url "https://openrouter.ai/api/v1"
:chat-model "google/gemini-2.0-flash-exp:free"))
)
@@ -1350,7 +1411,7 @@ Emigo - Aidermacs 2.0
(require 'llm-openai)
(setopt elisa-chat-provider
(make-llm-openai-compatible
:key (auth-source-pick-first-password :host "openrouter")
:key (auth-source-passage-get 'secret "openrouter")
:url "https://openrouter.ai/api/v1"
:chat-model "deepseek/deepseek-chat-v3-0324:free")
llm-warn-on-nonfree nil)
@@ -1607,7 +1668,7 @@ www.tdnde.com \\\\
:tls t
:nick "gortium"
:sasl-username "gortium"
:sasl-password (auth-source-pick-first-password :host "irc")
:sasl-password (auth-source-passage-get 'secret "irc")
:channels ("#emacs-circe")
)))
)

87
doom/.config/doom/config.el
View File

@@ -1,9 +1,5 @@
;;; $DOOMDIR/config.el -*- lexical-binding: t; -*-
(after! auth-source
(add-to-list 'auth-sources
`(:source ,(concat doom-private-dir "secrets.el.age") :type age)))
(setq user-full-name "Thierry Pouplier"
user-mail-address "tpouplier@tdnde.com")
@@ -527,7 +523,7 @@ Handles org-clock and context link capture for tasks."
;; Connecteam org-roam-dailies integration
(require 'request)
(defvar gortium/connecteam-api-key (auth-source-pick-first-password :host "connecteam") "Your Connecteam API Key")
(defvar gortium/connecteam-api-key (auth-source-passage-get 'secret "connecteam") "Your Connecteam API Key")
(defvar gortium/connecteam-user-id "9885891" "Your Connecteam User ID")
(defvar gortium/connecteam-clock-id "9335145" "Your Connecteam time clock ID used in API calls.")
@@ -765,7 +761,7 @@ Handles org-clock and context link capture for tasks."
(krl-format-buffer)))
;; Uncomment the next line to enable auto-formatting on save
;; (add-hook 'before-save-hook 'krl-format-before-save)
(add-hook 'before-save-hook 'krl-format-before-save)
(use-package! hledger-mode
:config
@@ -807,13 +803,74 @@ Handles org-clock and context link capture for tasks."
(use-package! age
:demand t
:custom
(age-program "rage")
(age-default-identity "~/.ssh/gortium_ssh_key")
(age-default-recipient "~/.ssh/gortium_ssh_key.pub")
:config
(setq age-program "rage")
(setq age-default-identity "~/.ssh/gortium_ssh_key")
(setq age-default-recipient "~/.ssh/gortium_ssh_key.pub")
(age-file-enable))
(require 'notifications)
(require 'cl-lib)
(defun gortium/age-notify (msg &optional simple)
"Notify about AGE operations. SIMPLE uses `message` instead of desktop notification."
(if simple
(message "%s" msg)
(if (eq system-type 'gnu/linux)
(notifications-notify
:title "age.el"
:body msg
:urgency 'low
:timeout 800)
(message "%s" msg))))
(defun gortium/age-notify-decrypt (&rest args)
"Notification hook for age decryption."
(cl-destructuring-bind (context cipher) args
(gortium/age-notify (format "Decrypting %s" (age-data-file cipher)) t)))
(defun gortium/age-notify-encrypt (&rest args)
"Notification hook for age encryption."
(cl-destructuring-bind (context plain recipients) args
(gortium/age-notify (format "Encrypting %s" (age-data-file plain)) t)))
(defun gortium/age-toggle-decrypt-notifications ()
"Toggle notifications for age decryption."
(interactive)
(if (advice-member-p #'gortium/age-notify-decrypt #'age-start-decrypt)
(progn
(advice-remove #'age-start-decrypt #'gortium/age-notify-decrypt)
(message "Disabled age decrypt notifications."))
(advice-add #'age-start-decrypt :before #'gortium/age-notify-decrypt)
(message "Enabled age decrypt notifications.")))
(defun gortium/age-toggle-encrypt-notifications ()
"Toggle notifications for age encryption."
(interactive)
(if (advice-member-p #'gortium/age-notify-encrypt #'age-start-encrypt)
(progn
(advice-remove #'age-start-encrypt #'gortium/age-notify-encrypt)
(message "Disabled age encrypt notifications."))
(advice-add #'age-start-encrypt :before #'gortium/age-notify-encrypt)
(message "Enabled age encrypt notifications.")))
;; enable notifications by default
(gortium/age-toggle-decrypt-notifications)
(gortium/age-toggle-encrypt-notifications)
(use-package! passage
:demand t
:config
;; rebind function value for pass to passage
(fset #'pass (lambda () (interactive) (passage)))
(setq age-program "rage")
(setq auth-source-passage-filename (expand-file-name "~/ExoKortex/2-Areas/IT/dotfiles/secrets"))
(setenv "PASSAGE_IDENTITIES_FILE" (expand-file-name age-default-identity))
(setenv "PASSAGE_RECIPIENTS_FILE" (expand-file-name age-default-recipient))
(setenv "PASSAGE_AGE" "rage")
(setenv "PASSAGE_DIR" (expand-file-name "~/ExoKortex/2-Areas/IT/dotfiles/secrets"))
)
;; TUI tools in emacs
(after! eee
(setq ee-terminal-command "kitty")
@@ -840,21 +897,21 @@ Handles org-clock and context link capture for tasks."
(setq gptel-expert-commands t
gptel-default-mode 'org-mode
;; gptel-model 'OpenRouter:deepseek/deepseek-chat-v3-0324:free
gptel-api-key (auth-source-pick-first-password :host "openrouter"))
gptel-api-key (auth-source-passage-get 'secret "openrouter"))
(require 'gptel-integrations)
(gptel-make-openai "OpenRouter"
:host "openrouter.ai"
:endpoint "/api/v1/chat/completions"
:stream t
:key (auth-source-pick-first-password :host "openrouter")
:key (auth-source-passage-get 'secret "openrouter")
:models '(deepseek/deepseek-r1-0528-qwen3-8b:free
google/gemini-2.0-flash-exp:free
deepseek/deepseek-chat-v3-0324:free
meta-llama/llama-4-maverick:free
qwen/qwen3-coder:free))
(gptel-make-gemini "Gemini"
:key (auth-source-pick-first-password :host "gemini")
:key (auth-source-passage-get 'secret "gemini")
:stream t
:models '(gemini-2.5-pro
gemini-2.5-flash))
@@ -866,7 +923,7 @@ Handles org-clock and context link capture for tasks."
(gptel-make-openai "OpenWebUI"
:host "ai.aziworkhorse.duckdns.org"
:curl-args '("--insecure") ; needed for self-signed certs
:key (auth-source-pick-first-password :host "openwebui")
:key (auth-source-passage-get 'secret "openwebui")
:endpoint "/api/chat/completions"
:stream t
:models '("orieg/gemma3-tools:1b"))
@@ -1055,7 +1112,7 @@ www.tdnde.com \\\\
:tls t
:nick "gortium"
:sasl-username "gortium"
:sasl-password (auth-source-pick-first-password :host "irc")
:sasl-password (auth-source-passage-get 'secret "irc")
:channels ("#emacs-circe")
)))
)

3
doom/.config/doom/packages.el
View File

@@ -114,6 +114,9 @@
(package! age)
(package! passage
:recipe (:host github :repo "anticomputer/passage.el" :protocol ssh))
(package! krl-mode
:recipe (:host nil
:repo "ssh://code.lazyworkhorse.net:2222/gortium/krl-mode.git"

19
doom/.config/doom/secret.el.age
View File

@@ -1,19 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEdoTUQ4QSBwbkNa
QmJFdVpLV1BOTXJXVmhTY3NZZmZsZ2wraWE3TEZ4d01zOVdoaERzClJCVG03YVIz
Q2pMK1ZHekViTzYzUjJ1cm52UnNRMDQvSE9yTnIva3E5aDAKLT4gcyxfLnw6Qy1n
cmVhc2UgUFogNUVoID5SCkpRVy9sU2hQYnl0MmlDdWdaamx0bEVrQ2Z2U0V3eUp2
dTU1ZFppL1pZWmNpRzMwZ0lkckl4ZFBTVkdmVlAyRzAKdWEzTC83RnVHZ1h4aXVV
aUE0azBzU3lEM25vZEh5awotLS0gN3p6Q1BpU0dQUEkza2h1cGVaTDc3NVNaQm1T
RGUxNExMcHBYNllyRFdNcwoxkC/nFDh5dBrdnmzhcqyNJA9ABDon4SgHIr7p+qZx
SG1vKOT2wlUdofhmlDNMTVD170gpiyyHX8WvWDvcgkabi8AJrfdpMNIYFWKLkmih
jTtvTp+h9dYy/Vb2Lt3wAR+4MNMUR0G7QGIoQat9EnbY10Lk0UTqgAvUshKNixgZ
Ld1ZCQhe3Gu49e7LR/f2St4pyao92DuHTPuROcaiPmB6wSReXjKkh0XQNbDnOd6a
rQDIqwewJ4iwv5qknyh6O3AMvun2c6+zl4XzZ8UySgArRACBVoyW2w4wWvyx7KFE
kUqWQ31HghleX4w+tX9/CRvdQMS1IzUC5bfhxxK53AolPfJmtwNu9wvuAQvvU4GF
7Ue9YAH7yxz/Q2zf3w67gpkZBNDu5ua/D2Dw4WUUYePG+Dt0BvqRiZKOAAIdgxX5
p1FBAHgAg971WUa9+zK489+rSl7ryKVpW0UjxBNa0YtdfBabj21sXMG+O8lU9d5P
HfVe/NWergbRBdW4LtdKiLWY5VS7uLGiBqpCSCjfkx9BDE1BzcC6TyWZ1HaLSISm
9d3KgQyK36Df5O9eAzpecPumUQCRniHLJ7dENJcIBprnQDXLGq0oyt8wOz0LCYtZ
0980yCVoNzODIpvdJ5fQ
-----END AGE ENCRYPTED FILE-----

8
secrets/connecteam.age Normal file
View File

@@ -0,0 +1,8 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEdoTUQ4QSByeHZa
eGZjcWJrbVhOQXBiRU4wdjFTMHVOZisxRzYvUTFKTnRuUTlWMWxjCnJGL1I3U0Nn
TkJQelRmcGFuVjU3aVJmWkoxWEtnUUdZTVdDam9DdDhFbGsKLT4gMDstZ3JlYXNl
CjQxVlY0c3J2RjZzCi0tLSBsNmJsWTU1bFVqc3h2TlNBOGF1RXFFcXVrUHVyd0p6
L2Z6RGtIWElhN2RZCh6YumB0j025dfLQDqboPSVITEwJQLb8L1X5HDy7i1cHr/E0
wv0yfp//2rRtp9X4ZFT8nG7BUPtigAma5bGJTEFKY633Iw==
-----END AGE ENCRYPTED FILE-----

10
secrets/gemini.age Normal file
View File

@@ -0,0 +1,10 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEdoTUQ4QSBxdXpL
VVg5RmNGNGxLcVByNjFpejlDejVtZTNQT0doVEdRL1U2VHhMT0hRCmJEaGdXTnFD
Ykw0QkQvR0NyQW1QV2pUS1BaZWw1RkxLQ1I1elpqRDMzVlkKLT4gbXE9X3gtZ3Jl
YXNlID84QFBWRSB4JiYnaWNJIE8/WUIKekQ0UkJnMGZKbFBzaVVCUHZ1aER4UU9r
alc5RG5jcVEwcGh5K2hETmtsTFY2K3RVRmliVmY2VQotLS0gaW5ZdU1CZXhCcjRz
TndZd0tCdy95by9kaGN1Zy85M2VZQ056eTFZdkdyTQqlnKkPs75J6J3b0pEIFMWt
SIx4FXPo1OadOWy4MQZ7A7DzrE7tJjcVQ19/4i28Ui10KuPaDH1KdZAVet3xhuRR
coqQfb8p3JQ=
-----END AGE ENCRYPTED FILE-----

8
secrets/irc.age Normal file
View File

@@ -0,0 +1,8 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEdoTUQ4QSBhWER0
SG5jMVpSVWpDMUJKaENOeUd4cVNBeXR3R2RuZXl5cmFIaHU1aFc4Ckh0dmZHeVlp
bzhsUUlVa3J4Y3ZZbEl2K3hmalJvSm5FS05FOEt5dGRTTTQKLT4gZi1ncmVhc2UK
eFJJVDhNMXpMUXd3aWRNTjlSVCttWXlSRmd5a1hkZWVBYXcKLS0tIDZEeS82U1kz
c0FDZXd3NUZsVjhsTjFVK1hsWGNlSVJLblJnWDBrR3V4bncKXzz/LdYlVqSVLRWU
9ehBi6D1jCbK8y1W6AURWvOM2gqg/eDW1Rf10gqgUPg=
-----END AGE ENCRYPTED FILE-----

10
secrets/openrouter.age Normal file
View File

@@ -0,0 +1,10 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEdoTUQ4QSBHWncw
MnQ0b1NqKzFRMVJpaDhIZ1hTVE1YMFJITVRNV3c2ZjJuSXdlVGxnCkpCYXhOd2Z1
Q2M5VWw2MUVaeEFUdWlseWR0dVNyRWRuQitDSEZYcHlrN2MKLT4gKWQ5Skw7dC1n
cmVhc2UgZlIyTSpPfCApIFQyIFdkR1hpclovCkx1UXE1S0VwU0M1MWhYSGxsdwot
LS0gSnN0ZEwxMmlCU0hoVGlLN3lyVlhYZ3ZLSURYNkJDai9BN3hJL3pxSzhOMAoa
0dYMeWqxwkq/mgK4rqcuNLG/uT2aHzOqtMNTJyv6n/SaLio/LXkW+xtGLAOxkCBO
EEfs0G+mTrluJ/IO5NmzeMBhWC4/rfKG7rXeX3cfWNIx7K5FwOJkWh3zYQkKzFRP
q/V9qw8s41r3
-----END AGE ENCRYPTED FILE-----

11
secrets/openwebui.age Normal file
View File

@@ -0,0 +1,11 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEdoTUQ4QSBVdmND
MFlRWlh5TWgyZ2Z1bXRIT1RKYk9RTzB3RDVQN2VjZjVZek4rZm04CktncSt1eitI
eXZQL1kwNy9ndzJFMVhMZFdDRGd5Ym5ZUHM0UEhGQURVd0UKLT4gQWoyUS1ncmVh
c2UgOEJFIE53QHklKyA1dnEKbUNvczMxTUpuOGlNQWhjd0tpVnFyMDdyMkpyWGxz
UjNLRlFLczBIUmk5dmlGM1ozVENZV0pVbE9oL1VtN0U0YgpONm5SUlhrSTNSamt3
Y0c2MlBkbHNOT2hmeFh0RVVKL2RsbnFGVE15cS8zMWJicy93Y0JxaG9UcThXVQot
LS0gUzBZMU1ENmo4RWdDRit4QW9HNVR6YjZBUjd4Nkhsb01hSGZiT2ltdXg2TQqk
cltlcAYo7a7ZfsAI+4XxZAvIC4dv7XZyTKcfIetTap3aWRLYGEhajQQXUXJqTdYC
7X1er9Kz7FO79mMZlzrNnhhEMg==
-----END AGE ENCRYPTED FILE-----