Flakes: Provide GitHub API Token for rate limiting?

I’m trying to figure out how to write my first flake. Unfortunately, I’ve now been rate limited by GitHub for trying to build too many times this hour: https://docs.github.com/en/rest/reference/rate-limit

Is there some way to provide nix with a GitHub API token to help with this? It looks like niv has this option, but I’m not seeing anything with nix (sorry if I’ve just missed it).

There is an option, personally I set it in my users options:

$ cat ~/.config/nix/nix.conf
access-tokens = github.com=***censored***

Documented in the nix manual - nix.conf


Excellent, thank you.

Is there a way to do this with an environment variable?

Maybe with this? Common Environment Variables

EDIT: NIX_CONFIG=access_tokens=... perhaps?

1 Like

yes that should do it

It worked with NIX_CONFIG="access-tokens = github.com=ghp_***", thanks

1 Like

Don’t put tokens in environment variables! Those are readable by any software that you run.

Here’s the solution I’m using:

  age.secrets.nix-access-tokens-github.file =
  nix.extraOptions = ''
    !include ${config.age.secrets.nix-access-tokens-github.path}

Which would also result in a world readable token, as systems nix config has to be world readable as well.

Still, the environment is routinely scraped by “crash reporting” or other “usage metric” thingies.

Therefore the approach to load the token through the nix-config is much more safe and less prone to accidenteal leakage