From 5c151296f6526f556ba6632473e3d6f2ec563ad6 Mon Sep 17 00:00:00 2001 From: lightly-toasted Date: Sat, 6 Sep 2025 01:30:11 +0900 Subject: [PATCH] fix(gemini): correctly load github token for mcp server - Switched to github-mcp-server binary instead of npx, since Node.js was removed in commit 58490c36fe195a6183e0d541be7b1ee6f142d8a2 - Added wrapper script for github-mcp-server binary as a workaround - Updated GitHub PAT key in secrets --- home/modules/cli/gemini.nix | 14 +++++++++----- secrets/secrets.yaml | 6 +++--- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/home/modules/cli/gemini.nix b/home/modules/cli/gemini.nix index c071d58..4853f3f 100644 --- a/home/modules/cli/gemini.nix +++ b/home/modules/cli/gemini.nix @@ -1,5 +1,12 @@ { pkgs, config, ... }: +let + # HACK: Gemini CLI did not read settings.json or .env, so export vars in a wrapper script + wrapped-github-mcp-server = pkgs.writeShellScriptBin "github-mcp-server" '' + export GITHUB_PERSONAL_ACCESS_TOKEN=$(cat ${config.sops.secrets.github_token.path}) + exec ${pkgs.github-mcp-server}/bin/github-mcp-server "$@" + ''; +in { sops.secrets.github_token = { }; home.packages = with pkgs; [ @@ -13,9 +20,9 @@ "httpUrl": "https://mcp.context7.com/mcp" }, "github": { - "command": "npx", + "command": "${wrapped-github-mcp-server}/bin/github-mcp-server", "args": [ - "@modelcontextprotocol/server-github" + "stdio" ], "timeout": 10000, "trust": false @@ -24,7 +31,4 @@ "preferredEditor": "neovim" } ''; - home.file.".gemini/.env".text = '' - GITHUB_TOKEN=$(cat ${config.sops.secrets.github_token.path}) - ''; } diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 4895604..1ab03bb 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,6 +1,6 @@ tailscale: authkey: ENC[AES256_GCM,data:ssxd13QKzXbezZs9ewR0CRsN0T6FMzQjGyJ5czjv4lHP6ODM1hAkS728vInfgq2hwUwVzs17I0C4017MGg==,iv:r/M4WtjrQZLdqidlFNUvY9NQhDSntNka2iYOAu+RQc8=,tag:kycZLagUboZ31ryQ3exi3w==,type:str] -github_token: ENC[AES256_GCM,data:UUe3GfG3iqi0X1m+Bp27MVV8wWKtxOowxRpEtTkf0uET316JkozrBg==,iv:j42ZkKxCBkCZU3fiyP3vELFk0a6w4uW9XB8FmDWJaiw=,tag:ApIfHqgqgwWDWoyq0+uRRQ==,type:str] +github_token: ENC[AES256_GCM,data:3LoIlgJTmCfMwPcTz1Q+exe8QV8XaYuYu6pAQp6yKq0aSspTo12G5w==,iv:cwhF34tcoiss/Oy/N5SdTHo4ZEbPeVZYm8PgoD29YSk=,tag:PItjK2ZPMSKVa4AsNnkhPw==,type:str] restic: password: ENC[AES256_GCM,data:CaWwS1Pm2LoeLHWtZv7fahpyJu4vgGgNo5E88tDXK767UH39naxcJuejq1l2Bb2OM5x8+zsIUPz8mPYAJD/Yaw==,iv:zJSZKliRzGdTlBMXk6wG9aVeR3xFQP2chcHm3LrNfjk=,tag:z90vqLU29EPgczL4X/XG4g==,type:str] rclone-config: ENC[AES256_GCM,data:HAuuawWALDQzsn6wJxQIbh57OaJnqwfm4tfhVJJ61wUgC3Kg3a/butjTCX6Q9DVQ7ygK2KH/29p4/lzSeQTGpMx7evOYi8qHQmvW+XMepx0+DEN6+y8iMRw3HG2/cctWoLDcf1RPw+eQdhDPSd/TnU26gNNdxEfTkEKPxQ5ctlLMmyGmUy2UCMarG5I6F88M2y608syTMDfbF22YHpLCBcofKbpvN9rOvqmrM8KxZ8m4JVDcbA23/X36dVkWYKrBuTW8Y2Wuo1o7dAesHIXsxW0KstnJomn/2bDNVjbsiaAlT7Vt4WVm0Gmg8ost2IrAqOeQdevw3V2SYhfCtCEJSmtpvR7KFO0e/Jsj0kF1xFdVQR7QyYO2IsyAyAozpD9pILVNOrfZ6LT8TYI+p1RnR504lumo1VPXKoRE6nnyaZWb1ABuSqXhiOVQcHN2Kg9WWEk6d3XhoIcVob1MFLvgoFttMn5dMUFqtpmpKm+E7/jxGP7wg19pmWanfr2lsbt/vnobkqKFLWFevfuK9u6atRXYo4PyONPo2KDwpI7+7WBBD49pbiklxyNUGYgYpIsLrvaG1fVnCxgdGKI7vdtBK9uLVIEP2t0cZqGs2SjEfBhJrGgU76vSTQrRm0RqA8B1WKXHOrqwaujhVzeaCf4tqRGR1StTtqTeMQ7rKi14oPFXOPTXElSVXvWlFi3yForFpUSptcGJEj5HyHwuzxOww6K2bvOltznOWO0OvI6yVMS0VfagcQBWkV7Gy6qPR98o5v18ZBfDIh8OpcnDwZ2SotTzQfkIUXWzzNTs71cWNCuQexufOzKYk/Afb8kZk1msa3q2jKZj9I3/B0siyE0X6pKgoKuV7t27PSXuDyaFSkd8+E2SLM/GPEBOXy22UwOMvcGbB+s=,iv:MXTKIls+iKS9zAm09acTBmh2imzrjIo5ojLiFW3nGuY=,tag:Z0sDuGYaz/3ZdvVqCY1m/g==,type:str] @@ -15,7 +15,7 @@ sops: Z0crWElZcVFMVUd0VytoTHFqbkRDck0KY8nsRThk1hCA/yDNy5JJ0T6pTUwRZhYW j8grD6JYvauuYa+3tSIwqy2RPiKltx696n9nXy9iPnFUO0QY/rQGVg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-24T13:21:07Z" - mac: ENC[AES256_GCM,data:uOnsBcPN2DXUaxexPVdI9LxZKHu6VObZiDYwM0PW7sZr3sUFcHsXmNB3M82MvKu87UIXs7v3eBB+u0NQG80e9bJObPyezykzNfvFE7ow3fF4IINwVFe4vu6+4Z+Mw1CZZ1ljoofvPd2rHtQsWiCDlT7q5RgRFZYdOq3FfxdS9cA=,iv:o82Xso6Ryjlw9vYaucEklG5neI5ND//byEnFcUtTssw=,tag:B+hb/mddbe0eCEUB5s5zBg==,type:str] + lastmodified: "2025-09-05T13:34:51Z" + mac: ENC[AES256_GCM,data:9EhGt8+28jbkRorgA8aaemk8pSw79BcLajKcqpGoqQ1cegBih1Bpc0ZgetY29mQ0pcMUNMEgwbDpFe/2uRXj5K0vwbXYyS9NOIsha7Ii957AoVtQx2SbV8xX/J3NhzWtvepRw8L3X7OtoSN3y1z7eJjj98V6zGLfQBGnqrfEWFA=,iv:a1vmRzH/ibClI3nVSKL8NrjFAG92wXPahJmuK1jMx8Y=,tag:LYXcRZyAhxi0jRv9YhYwtQ==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2