diff --git a/.envrc b/.envrc index 27f67a0..100d7b9 100644 --- a/.envrc +++ b/.envrc @@ -1,4 +1,6 @@ -export VAULT_CACERT=./ansible/files/vault-ca.crt -export VAULT_CLIENT_CERT=./ansible/files/vault-client-user.crt -export VAULT_CLIENT_KEY=./ansible/files/vault-client-user.key -export CONSUL_HTTP_TOKEN=$(pass services/consul/tokens/terraform) +if ! has nix_direnv_version || ! nix_direnv_version 3.0.6; then + source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.6/direnvrc" "sha256-RYcUJaRMf8oF5LznDrlCXbkOQrywm0HDv1VjYGaJGdM=" +fi + +source .envrc.secrets +use flake diff --git a/.envrc.secrets b/.envrc.secrets new file mode 100644 index 0000000..47b85c1 --- /dev/null +++ b/.envrc.secrets @@ -0,0 +1,5 @@ +export VAULT_CACERT=./ansible/files/vault-ca.crt +export VAULT_CLIENT_CERT=./ansible/files/vault-client-user.crt +export VAULT_CLIENT_KEY=./ansible/files/vault-client-user.key +export VAULT_ADDR=https://vault-api.infra.status.im:8200 +export CONSUL_HTTP_TOKEN=$(pass services/consul/tokens/terraform) diff --git a/.gitignore b/.gitignore index 28c4dfb..3402f73 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,7 @@ *.tfstate.d/ *.tfstate.backup *.retry +.direnv/ ansible/files/* __pycache__ diff --git a/flake.nix b/flake.nix index 6adfbcb..632bc2c 100644 --- a/flake.nix +++ b/flake.nix @@ -40,8 +40,6 @@ shellHook = '' ./ansible/roles.py --check || \ echo -e '\nWARNING: Your role versions appear to be incorrect!' >&2 - eval "$(direnv hook bash)" - direnv allow . ''; }; });