From 09890eae60f7c20c5af86833cbdadcfff0cf930a Mon Sep 17 00:00:00 2001
From: Matt Nish-Lapidus <matt@emenel.ca>
Date: Sat, 29 Mar 2025 14:07:48 -0400
Subject: [PATCH] adding sops for taskchamp

---
 flake.lock                           | 18 +++++++++---------
 homes/emenel/default.nix             |  8 ++++++++
 homes/emenel/secrets.yaml            |  6 +++---
 homes/media/default.nix              | 24 +++++++++++++++++++++++-
 hosts/eddie/configuration.nix        |  2 +-
 hosts/media-server/configuration.nix | 15 ---------------
 modules/home/taskwarrior.nix         |  4 +++-
 modules/system/secrets.yaml          |  4 ++--
 modules/system/sops-config.nix       | 13 +++++++------
 9 files changed, 56 insertions(+), 38 deletions(-)

diff --git a/flake.lock b/flake.lock
index 354638a..309393c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -70,11 +70,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1743184222,
-        "narHash": "sha256-B2R43Vsz7NgcaMZQRLQkklosgW1Uo1Z5AS+8R6f1s/A=",
+        "lastModified": 1743239789,
+        "narHash": "sha256-WvJj6PCAdBmWx69OYvAUVtLG9gFdChMteHZTaYrADqQ=",
         "owner": "nix-community",
         "repo": "emacs-overlay",
-        "rev": "849cd4920ec9a1976dc916b192f7f2401ec13c5b",
+        "rev": "2ac7be36de0ef1e6936c7ba89fbf8d2ae87f4ddd",
         "type": "github"
       },
       "original": {
@@ -357,11 +357,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1743136572,
-        "narHash": "sha256-uwaVrKgi6g1TUq56247j6QvvFtYHloCkjCrEpGBvV54=",
+        "lastModified": 1743259333,
+        "narHash": "sha256-2Fi3K++co4IGbeOLGXdRA6VEfbzQzMgcuBaPTyjfj0s=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "1efd2503172016a6742c87b47b43ca2c8145607d",
+        "rev": "1f679ed2a2ebe3894bad9f89fb0bd9f141c28a68",
         "type": "github"
       },
       "original": {
@@ -1075,11 +1075,11 @@
     },
     "nixpkgs_5": {
       "locked": {
-        "lastModified": 1742889210,
-        "narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=",
+        "lastModified": 1743095683,
+        "narHash": "sha256-gWd4urRoLRe8GLVC/3rYRae1h+xfQzt09xOfb0PaHSk=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "698214a32beb4f4c8e3942372c694f40848b360d",
+        "rev": "5e5402ecbcb27af32284d4a62553c019a3a49ea6",
         "type": "github"
       },
       "original": {
diff --git a/homes/emenel/default.nix b/homes/emenel/default.nix
index 156f8bc..02d8aaa 100644
--- a/homes/emenel/default.nix
+++ b/homes/emenel/default.nix
@@ -79,7 +79,15 @@
       borg_url = {
         path = "${config.sops.defaultSymlinkPath}/borg_url";
       };
+      taskchamp-id = {};
+      taskchamp-key = {};
     };
+
+    templates."taskchamp".content =
+        ''
+sync.server.client_id = ${config.sops.placeholder.taskchamp-id}
+sync.encryption_secret = ${config.sops.placeholder.taskchamp-key}
+'';
   };
 
   programs = {
diff --git a/homes/emenel/secrets.yaml b/homes/emenel/secrets.yaml
index 447bca7..cd1ec46 100644
--- a/homes/emenel/secrets.yaml
+++ b/homes/emenel/secrets.yaml
@@ -18,8 +18,8 @@ sops:
             RTk5RGdrZ3dGaXJIait5VG45bTFpQVkKFvq2714fyXnUlQ2ovZGVl55Wq9m/uvpC
             Q7k9SEOdSMNqioG5TR7yhGS+cCbcO+zV7WXxKB+mpwUmhkc13H0w5A==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-01-06T20:09:39Z"
-    mac: ENC[AES256_GCM,data:lZB6blCUm/QXMbK05z65vIxbVm3diXaNXKmGc8c2as8MqEcFwP5twB9GlX/Kpn/3aEFvH5FpavOfUzId5eOVVZJnZYIuTELqXpNGWUD6dMbCmIL0sfOsp49rgmKr+mkoi7kfhM7dMCoximBS2ubLOVIyPAHmrnKI1St/cs/J+PE=,iv:xCerqV4zPVj6LRnWQwNUWTz9F0tJRAF+0b9QcNbHwJ4=,tag:6ew+Loe4iiqMgM2SrhIVpQ==,type:str]
+    lastmodified: "2025-03-29T18:07:28Z"
+    mac: ENC[AES256_GCM,data:o9wEs1KqNUthQpBqTJ4qB2v8o4AneWro6Zk2KsPCZN4UsnJGj87MAtZLcbknXNs+2io+XkTfYf3P86jqPCMP6qA/74lpcbkE1HuIzTmmB+VOXRiXlLuxo6XveeLfPqua0YEyzvI/EouA+0w7NKawdmkID/ursR2SqL8VMQ26PzM=,iv:C8pF/pz7hmBg5uTb9oOnNvkH6l9uDYqda1YgegYoIfo=,tag:bkyHfZphQG2z9C6w5NVLYg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.2
+    version: 3.9.4
diff --git a/homes/media/default.nix b/homes/media/default.nix
index 6b4dc7f..1ffb355 100644
--- a/homes/media/default.nix
+++ b/homes/media/default.nix
@@ -28,10 +28,32 @@
       "/home/media/.local/state/nix/profiles/home-manager/home-path/bin/"
     ];
 
+    sessionVariables = {
+      LISTEN = 33034;
+      DATA_DIR = "/home/media/.local/share/task-sync";
+    };
 
     stateVersion = "25.05";
   };
 
+  sops = {
+    age.keyFile = "/home/media/.config/sops/age/keys.txt"; # must have no password!
+
+    defaultSopsFile = ../emenel/secrets.yaml;
+
+    secrets = {
+      taskchamp-id = {};
+      taskchamp-key = {};
+    };
+
+    templates."taskchamp".content =
+        ''
+sync.server.client_id = ${config.sops.placeholder.taskchamp-id}
+sync.encryption_secret = ${config.sops.placeholder.taskchamp-key}
+'';
+  };
+
+  
   programs = {
     home-manager.enable = true;
     password-store.enable = true;
@@ -41,7 +63,7 @@
     enable = true;
     startServices = "sd-switch"; # auto reload services when home is rebuilt
   };
-
+  
   #custom script executables
   home.file.".local/bin" = {
     source = ../emenel/dotfiles/dot_local/bin;
diff --git a/hosts/eddie/configuration.nix b/hosts/eddie/configuration.nix
index 7ef2f0e..6502913 100644
--- a/hosts/eddie/configuration.nix
+++ b/hosts/eddie/configuration.nix
@@ -389,7 +389,7 @@
     enable = true;
     settings = {
       default_session = {
-        command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --sessions ${config.services.displayManager.sessionData.desktops}/share/xsessions:${config.services.displayManager.sessionData.desktops}/share/wayland-sessions --remember --remember-user-session --user-menu --window-padding 5 --asterisks --asterisks-char ^ --greeting '<~welcome~>' --theme 'button=yellow'";
+        command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --sessions /${config.services.displayManager.sessionData.desktops}/share/wayland-sessions --remember --remember-user-session --user-menu --window-padding 5 --asterisks --asterisks-char ^ --greeting '<~welcome~>' --theme 'button=yellow'";
         # --theme 'border=magenta;prompt=green;time=red;action=blue;button=yellow;container=black;input=red'";
         user = "greeter";
       };
diff --git a/hosts/media-server/configuration.nix b/hosts/media-server/configuration.nix
index 80cb6a7..d5be670 100644
--- a/hosts/media-server/configuration.nix
+++ b/hosts/media-server/configuration.nix
@@ -234,21 +234,6 @@
     openFirewall = true;
   };
 
-  
-  
-  # services.taskchampion-sync-server = {
-  #   enable = true;
-  #   openFirewall = true;
-  #   snapshot.days = 1;
-  # };
-
-  # services.sabnzbd.configFile = ./sabnzbd.ini;
-
-  # services.transmission = {
-  #   user = lib.mkForce "media";
-    # group = "media";
-  # };
-
   systemd.targets.sleep.enable = false;
   systemd.targets.suspend.enable = false;
   systemd.targets.hibernate.enable = false;
diff --git a/modules/home/taskwarrior.nix b/modules/home/taskwarrior.nix
index bf35759..c023e33 100644
--- a/modules/home/taskwarrior.nix
+++ b/modules/home/taskwarrior.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ config, pkgs, ... }:
 
 {
 
@@ -25,7 +25,9 @@
       uda.completeRecurDue.label = "Com. Rec. Due";
       uda.completeRecurWait.type = "string";
       uda.completeRecurWait.label = "Com. Rec. Wait";
+      sync.server.url = "http:\/\/media-server:33034";
     };
+    extraConfig = "include ${config.sops.templates."taskchamp".path}";
   };
 
   home.file.".local/share/task/hooks" = {
diff --git a/modules/system/secrets.yaml b/modules/system/secrets.yaml
index 695a5fd..09d2bf1 100644
--- a/modules/system/secrets.yaml
+++ b/modules/system/secrets.yaml
@@ -15,8 +15,8 @@ sops:
             OFJGS2ljaTVFcWJDL3h2S0tLR3pyekkKBY4veCtc5cmVxoDeFf1LufbFhMHnYu7U
             jWaEgDUHHPpiR7+4XZI+Es71kyM+0q2UK0KSU5227eDCLkFvRN5uYg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-02-15T16:32:18Z"
-    mac: ENC[AES256_GCM,data:drTH1sdk/KUXfeFXJVyB+21orb7maspVaDr2zZRT2z3PqLKtXVUHqSTaXKb7hETi052ibLqSfyrSCgpNcLMB4yAPrLz/u7nADcxvrnmugAkGgR/w4sK8YPNqw0F04Xx1GQV1SNcFi5lj2xBhRI862sUUiEkUEGM8UieVMgx5pFM=,iv:qBwza6BLls0WiW2DpDkb7PIt5vpjj3LmQaArDGgRXIo=,tag:W/REzW4zCNpptvbXDVCpCA==,type:str]
+    lastmodified: "2025-03-29T17:49:46Z"
+    mac: ENC[AES256_GCM,data:+FWtcZRSIqseVHXkWqI4oMNKhdTmoOgfY3Qp+tn8m5akOOW2rpuaFDN5w2V5+ObKiep/rWriR98KPwPe2ISNFUG79axajXGaX2nMlnJPYntqdiSzJDXudUNz9+Qj+2LC46U+5WYv4vHvAjN5JTydzBqBDjgymCGKT7kBMcnntb8=,iv:GSD4nX8z5Q1xv/hftZ2gS9ECg5rkqjTnJO0+4/MbHI4=,tag:zxQy93ffSjjhw5Y3apy1gw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.4
diff --git a/modules/system/sops-config.nix b/modules/system/sops-config.nix
index 75ae206..2bc1bcc 100644
--- a/modules/system/sops-config.nix
+++ b/modules/system/sops-config.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
 let
   cfg = config.sops-config;
 
@@ -19,25 +19,26 @@ in {
         filez = {};
         media-server = {};
       };
-      templates."media-server-secrets".content = ''
+
+      templates."media-server-secrets".content =
+        ''
 username=media
 password=${config.sops.placeholder.media-server}
 '';
-    templates."filez-secrets".content = ''
+
+      templates."filez-secrets".content =
+        ''
 username=admin
 password=${config.sops.placeholder.filez}
 '';
     };
 
-
     environment.etc = {
       "nixos/filez-secrets" = {
         source = config.sops.templates."filez-secrets".path;
-        group = "users";
       };
       "nixos/media-server-secrets" = {
         source = config.sops.templates."media-server-secrets".path;
-        group = "users";
       };
     };