adding sops for taskchamp

2025-03-29 14:07:48 -04:00 · 2025-03-29 14:07:48 -04:00 · 09890eae60
commit 09890eae60
parent 6caa8ebc32
9 changed files with 56 additions and 38 deletions
--- a/flake.lock
+++ b/flake.lock
@ -70,11 +70,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1743184222,
+        "lastModified": 1743239789,
-        "narHash": "sha256-B2R43Vsz7NgcaMZQRLQkklosgW1Uo1Z5AS+8R6f1s/A=",
+        "narHash": "sha256-WvJj6PCAdBmWx69OYvAUVtLG9gFdChMteHZTaYrADqQ=",
        "owner": "nix-community",
        "repo": "emacs-overlay",
-        "rev": "849cd4920ec9a1976dc916b192f7f2401ec13c5b",
+        "rev": "2ac7be36de0ef1e6936c7ba89fbf8d2ae87f4ddd",
        "type": "github"
      },
      "original": {
@ -357,11 +357,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1743136572,
+        "lastModified": 1743259333,
-        "narHash": "sha256-uwaVrKgi6g1TUq56247j6QvvFtYHloCkjCrEpGBvV54=",
+        "narHash": "sha256-2Fi3K++co4IGbeOLGXdRA6VEfbzQzMgcuBaPTyjfj0s=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "1efd2503172016a6742c87b47b43ca2c8145607d",
+        "rev": "1f679ed2a2ebe3894bad9f89fb0bd9f141c28a68",
        "type": "github"
      },
      "original": {
@ -1075,11 +1075,11 @@
    },
    "nixpkgs_5": {
      "locked": {
-        "lastModified": 1742889210,
+        "lastModified": 1743095683,
-        "narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=",
+        "narHash": "sha256-gWd4urRoLRe8GLVC/3rYRae1h+xfQzt09xOfb0PaHSk=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "698214a32beb4f4c8e3942372c694f40848b360d",
+        "rev": "5e5402ecbcb27af32284d4a62553c019a3a49ea6",
        "type": "github"
      },
      "original": {
--- a/homes/emenel/default.nix
+++ b/homes/emenel/default.nix
@ -79,7 +79,15 @@
      borg_url = {
        path = "${config.sops.defaultSymlinkPath}/borg_url";
      };
      taskchamp-id = {};
      taskchamp-key = {};
    };
    templates."taskchamp".content =
        ''
 sync.server.client_id = ${config.sops.placeholder.taskchamp-id}
 sync.encryption_secret = ${config.sops.placeholder.taskchamp-key}
 '';
  };
  programs = {
--- a/homes/emenel/secrets.yaml
+++ b/homes/emenel/secrets.yaml
@ -18,8 +18,8 @@ sops:
            RTk5RGdrZ3dGaXJIait5VG45bTFpQVkKFvq2714fyXnUlQ2ovZGVl55Wq9m/uvpC
            Q7k9SEOdSMNqioG5TR7yhGS+cCbcO+zV7WXxKB+mpwUmhkc13H0w5A==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-01-06T20:09:39Z"
+    lastmodified: "2025-03-29T18:07:28Z"
-    mac: ENC[AES256_GCM,data:lZB6blCUm/QXMbK05z65vIxbVm3diXaNXKmGc8c2as8MqEcFwP5twB9GlX/Kpn/3aEFvH5FpavOfUzId5eOVVZJnZYIuTELqXpNGWUD6dMbCmIL0sfOsp49rgmKr+mkoi7kfhM7dMCoximBS2ubLOVIyPAHmrnKI1St/cs/J+PE=,iv:xCerqV4zPVj6LRnWQwNUWTz9F0tJRAF+0b9QcNbHwJ4=,tag:6ew+Loe4iiqMgM2SrhIVpQ==,type:str]
+    mac: ENC[AES256_GCM,data:o9wEs1KqNUthQpBqTJ4qB2v8o4AneWro6Zk2KsPCZN4UsnJGj87MAtZLcbknXNs+2io+XkTfYf3P86jqPCMP6qA/74lpcbkE1HuIzTmmB+VOXRiXlLuxo6XveeLfPqua0YEyzvI/EouA+0w7NKawdmkID/ursR2SqL8VMQ26PzM=,iv:C8pF/pz7hmBg5uTb9oOnNvkH6l9uDYqda1YgegYoIfo=,tag:bkyHfZphQG2z9C6w5NVLYg==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
-    version: 3.9.2
+    version: 3.9.4
--- a/homes/media/default.nix
+++ b/homes/media/default.nix
@ -28,10 +28,32 @@
      "/home/media/.local/state/nix/profiles/home-manager/home-path/bin/"
    ];
    sessionVariables = {
      LISTEN = 33034;
      DATA_DIR = "/home/media/.local/share/task-sync";
    };
    stateVersion = "25.05";
  };
  sops = {
    age.keyFile = "/home/media/.config/sops/age/keys.txt"; # must have no password!
    defaultSopsFile = ../emenel/secrets.yaml;
    secrets = {
      taskchamp-id = {};
      taskchamp-key = {};
    };
    templates."taskchamp".content =
        ''
 sync.server.client_id = ${config.sops.placeholder.taskchamp-id}
 sync.encryption_secret = ${config.sops.placeholder.taskchamp-key}
 '';
  };
  programs = {
    home-manager.enable = true;
    password-store.enable = true;
@ -41,7 +63,7 @@
    enable = true;
    startServices = "sd-switch"; # auto reload services when home is rebuilt
  };
-
+  
  #custom script executables
  home.file.".local/bin" = {
    source = ../emenel/dotfiles/dot_local/bin;
--- a/hosts/eddie/configuration.nix
+++ b/hosts/eddie/configuration.nix
@ -389,7 +389,7 @@
    enable = true;
    settings = {
      default_session = {
-        command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --sessions ${config.services.displayManager.sessionData.desktops}/share/xsessions:${config.services.displayManager.sessionData.desktops}/share/wayland-sessions --remember --remember-user-session --user-menu --window-padding 5 --asterisks --asterisks-char ^ --greeting '<~welcome~>' --theme 'button=yellow'";
+        command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --sessions /${config.services.displayManager.sessionData.desktops}/share/wayland-sessions --remember --remember-user-session --user-menu --window-padding 5 --asterisks --asterisks-char ^ --greeting '<~welcome~>' --theme 'button=yellow'";
        # --theme 'border=magenta;prompt=green;time=red;action=blue;button=yellow;container=black;input=red'";
        user = "greeter";
      };
--- a/hosts/media-server/configuration.nix
+++ b/hosts/media-server/configuration.nix
@ -234,21 +234,6 @@
    openFirewall = true;
  };
  # services.taskchampion-sync-server = {
  #   enable = true;
  #   openFirewall = true;
  #   snapshot.days = 1;
  # };
  # services.sabnzbd.configFile = ./sabnzbd.ini;
  # services.transmission = {
  #   user = lib.mkForce "media";
    # group = "media";
  # };
  systemd.targets.sleep.enable = false;
  systemd.targets.suspend.enable = false;
  systemd.targets.hibernate.enable = false;
--- a/modules/home/taskwarrior.nix
+++ b/modules/home/taskwarrior.nix
@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ config, pkgs, ... }:
 {
@ -25,7 +25,9 @@
      uda.completeRecurDue.label = "Com. Rec. Due";
      uda.completeRecurWait.type = "string";
      uda.completeRecurWait.label = "Com. Rec. Wait";
      sync.server.url = "http:\/\/media-server:33034";
    };
    extraConfig = "include ${config.sops.templates."taskchamp".path}";
  };
  home.file.".local/share/task/hooks" = {
--- a/modules/system/secrets.yaml
+++ b/modules/system/secrets.yaml
@ -15,8 +15,8 @@ sops:
            OFJGS2ljaTVFcWJDL3h2S0tLR3pyekkKBY4veCtc5cmVxoDeFf1LufbFhMHnYu7U
            jWaEgDUHHPpiR7+4XZI+Es71kyM+0q2UK0KSU5227eDCLkFvRN5uYg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-02-15T16:32:18Z"
+    lastmodified: "2025-03-29T17:49:46Z"
-    mac: ENC[AES256_GCM,data:drTH1sdk/KUXfeFXJVyB+21orb7maspVaDr2zZRT2z3PqLKtXVUHqSTaXKb7hETi052ibLqSfyrSCgpNcLMB4yAPrLz/u7nADcxvrnmugAkGgR/w4sK8YPNqw0F04Xx1GQV1SNcFi5lj2xBhRI862sUUiEkUEGM8UieVMgx5pFM=,iv:qBwza6BLls0WiW2DpDkb7PIt5vpjj3LmQaArDGgRXIo=,tag:W/REzW4zCNpptvbXDVCpCA==,type:str]
+    mac: ENC[AES256_GCM,data:+FWtcZRSIqseVHXkWqI4oMNKhdTmoOgfY3Qp+tn8m5akOOW2rpuaFDN5w2V5+ObKiep/rWriR98KPwPe2ISNFUG79axajXGaX2nMlnJPYntqdiSzJDXudUNz9+Qj+2LC46U+5WYv4vHvAjN5JTydzBqBDjgymCGKT7kBMcnntb8=,iv:GSD4nX8z5Q1xv/hftZ2gS9ECg5rkqjTnJO0+4/MbHI4=,tag:zxQy93ffSjjhw5Y3apy1gw==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.4
--- a/modules/system/sops-config.nix
+++ b/modules/system/sops-config.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
 let
  cfg = config.sops-config;
@ -19,25 +19,26 @@ in {
        filez = {};
        media-server = {};
      };
-      templates."media-server-secrets".content = ''
+
      templates."media-server-secrets".content =
        ''
 username=media
 password=${config.sops.placeholder.media-server}
 '';
-    templates."filez-secrets".content = ''
+
      templates."filez-secrets".content =
        ''
 username=admin
 password=${config.sops.placeholder.filez}
 '';
    };
    environment.etc = {
      "nixos/filez-secrets" = {
        source = config.sops.templates."filez-secrets".path;
        group = "users";
      };
      "nixos/media-server-secrets" = {
        source = config.sops.templates."media-server-secrets".path;
        group = "users";
      };
    };