{"id":30104115,"url":"https://github.com/numtide/nix-auth","last_synced_at":"2025-10-03T15:13:13.460Z","repository":{"id":302487173,"uuid":"1012364987","full_name":"numtide/nix-auth","owner":"numtide","description":"Nix access-token management tool","archived":false,"fork":false,"pushed_at":"2025-07-10T17:13:40.000Z","size":3076,"stargazers_count":22,"open_issues_count":3,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-07-29T03:05:08.721Z","etag":null,"topics":["buildbot-numtide"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/numtide.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-02T08:14:56.000Z","updated_at":"2025-07-21T21:34:53.000Z","dependencies_parsed_at":"2025-07-02T17:23:36.467Z","dependency_job_id":"ca99804f-b510-4dd1-87c9-cba92db1dae8","html_url":"https://github.com/numtide/nix-auth","commit_stats":null,"previous_names":["numtide/nix-auth"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/numtide/nix-auth","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/numtide%2Fnix-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/numtide%2Fnix-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/numtide%2Fnix-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/numtide%2Fnix-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/numtide","download_url":"https://codeload.github.com/numtide/nix-auth/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/numtide%2Fnix-auth/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269647292,"owners_count":24453185,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-09T02:00:10.424Z","response_time":111,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["buildbot-numtide"],"created_at":"2025-08-09T22:15:33.450Z","updated_at":"2025-10-03T15:13:08.424Z","avatar_url":"https://github.com/numtide.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# nix-auth\n\nTired of hitting rate limits when running `nix flake update`? Trying to\nfetch a private repository in your flake inputs or builtin fetchers?\n\nNix supports setting access-tokens in your Nix config. This tool makes it easy\nto get those tokens in the right place.\n\n## Features\n\n- OAuth device flow authentication when possible (no manual token creation needed)\n- Support for multiple providers (GitHub, GitHub Enterprise, GitLab, Gitea, and Forgejo)\n- Secure token storage in separate `~/.config/nix/access-tokens.conf` file with restricted permissions\n- Token validation and status checking\n- Automatic backup creation before modifying configuration\n\n## Installation\n\n### Using Nix Flakes\n\nRun directly without installation:\n\n```bash\nnix run github:numtide/nix-auth -- login\n```\n\nInstall into your profile:\n\n```bash\nnix profile install github:numtide/nix-auth\n```\n\nOr add to your system configuration:\n\n```nix\n{\n  inputs.nix-auth.url = \"github:numtide/nix-auth\";\n\n  # In your system packages\n  environment.systemPackages = [\n    inputs.nix-auth.packages.${system}.default\n  ];\n}\n```\n\n### Using Go\n\n```bash\ngo install github.com/numtide/nix-auth@latest\n```\n\n### From Source\n\n```bash\ngit clone https://github.com/numtide/nix-auth\ncd nix-auth\ngo build .\n```\n\n## Usage\n\n### Login\n\nAuthenticate with a provider:\n\n```bash\n# Using provider aliases\nnix-auth login                        # defaults to github\nnix-auth login github\nnix-auth login gitlab\nnix-auth login gitea\nnix-auth login codeberg\n\n# Using hosts with auto-detection\nnix-auth login github.com\nnix-auth login gitlab.company.com     # auto-detects provider type\nnix-auth login gitea.company.com      # auto-detects provider type\n\n# Explicit provider specification\nnix-auth login git.company.com --provider forgejo\nnix-auth login github.company.com --provider github --client-id \u003cyour-client-id\u003e\nnix-auth login gitlab.company.com --provider gitlab --client-id \u003cyour-application-id\u003e\n```\n\nThe tool will:\n1. Display a one-time code\n2. Open your browser to the provider's device authorization page\n3. Wait for you to authorize the application\n4. Save the token to `~/.config/nix/access-tokens.conf` (with restricted 0600 permissions)\n\n**Note for self-hosted instances**:\n- **GitHub Enterprise**: You'll need to create an OAuth App and provide the client ID via `--client-id`\n- **GitLab self-hosted**: You'll need to create an OAuth application and provide the client ID via `--client-id`\n- **Gitea/Forgejo**: Uses Personal Access Token flow instead of OAuth device flow (these platforms don't support device flow yet)\n\nThe tool will guide you through this process if the client ID is not provided.\n\n### Check Status\n\nView all configured tokens:\n\n```bash\nnix-auth status\n```\n\nView specific tokens by host:\n\n```bash\nnix-auth status github.com                    # Check a single host\nnix-auth status github.com gitlab.com         # Check multiple hosts\n```\n\n### Logout\n\nRemove a token interactively:\n\n```bash\nnix-auth logout\n```\n\nRemove a specific provider's token:\n\n```bash\nnix-auth logout github\n```\n\nRemove a token for a specific host:\n\n```bash\nnix-auth logout --host github.company.com\n```\n\n## How It Works\n\nThe tool manages access tokens in a secure, separate configuration file that is included by your main Nix configuration. This allows Nix to authenticate when fetching flake inputs from private repositories or builtins fetchers, and avoiding rate limits.\n\nThe tool automatically:\n1. Creates `~/.config/nix/access-tokens.conf` with restricted permissions (0600)\n2. Adds an include directive to your `~/.config/nix/nix.conf`:\n   ```\n   !include access-tokens.conf\n   ```\n3. Stores tokens in the secure file:\n   ```\n   access-tokens = github.com=ghp_xxxxxxxxxxxxxxxxxxxx gitlab.com=glpat-xxxxxxxxxxxx\n   ```\n\nThis separation ensures your tokens are stored with proper security permissions while keeping your main configuration readable.\n\n## Security\n\n- Tokens are stored in a separate file (`access-tokens.conf`) with restricted permissions (0600)\n- The tool creates automatic backups before modifying your configuration\n- Automatically migrates existing tokens from `nix.conf` to the secure token file\n- Uses OAuth device flow for secure authentication\n- Minimal required permissions (only necessary scopes for accessing repositories)\n\n## Future Plans\n\n- Support for more providers (Bitbucket, etc.)\n- Token expiration notifications\n- Integration with system keychains for secure storage (will require patching\n    Nix)\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnumtide%2Fnix-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnumtide%2Fnix-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnumtide%2Fnix-auth/lists"}