emenel/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

adding sops for taskchamp

Browse source
This commit is contained in:
Matt Nish-Lapidus 2025-03-29 14:07:48 -04:00
parent 6caa8ebc32
commit 09890eae60
9 changed files with 56 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

18
flake.lock generated
View file

@ -70,11 +70,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1743184222,
"narHash": "sha256-B2R43Vsz7NgcaMZQRLQkklosgW1Uo1Z5AS+8R6f1s/A=",
"lastModified": 1743239789,
"narHash": "sha256-WvJj6PCAdBmWx69OYvAUVtLG9gFdChMteHZTaYrADqQ=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "849cd4920ec9a1976dc916b192f7f2401ec13c5b",
"rev": "2ac7be36de0ef1e6936c7ba89fbf8d2ae87f4ddd",
"type": "github"
},
"original": {
@ -357,11 +357,11 @@
]
},
"locked": {
"lastModified": 1743136572,
"narHash": "sha256-uwaVrKgi6g1TUq56247j6QvvFtYHloCkjCrEpGBvV54=",
"lastModified": 1743259333,
"narHash": "sha256-2Fi3K++co4IGbeOLGXdRA6VEfbzQzMgcuBaPTyjfj0s=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "1efd2503172016a6742c87b47b43ca2c8145607d",
"rev": "1f679ed2a2ebe3894bad9f89fb0bd9f141c28a68",
"type": "github"
},
"original": {
@ -1075,11 +1075,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1742889210,
"narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=",
"lastModified": 1743095683,
"narHash": "sha256-gWd4urRoLRe8GLVC/3rYRae1h+xfQzt09xOfb0PaHSk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "698214a32beb4f4c8e3942372c694f40848b360d",
"rev": "5e5402ecbcb27af32284d4a62553c019a3a49ea6",
"type": "github"
},
"original": {

8
homes/emenel/default.nix
View file

@ -79,7 +79,15 @@
borg_url = {
path = "${config.sops.defaultSymlinkPath}/borg_url";
};
taskchamp-id = {};
taskchamp-key = {};
};
templates."taskchamp".content =
''
sync.server.client_id = ${config.sops.placeholder.taskchamp-id}
sync.encryption_secret = ${config.sops.placeholder.taskchamp-key}
'';
};
programs = {

6
homes/emenel/secrets.yaml
View file

@ -18,8 +18,8 @@ sops:
RTk5RGdrZ3dGaXJIait5VG45bTFpQVkKFvq2714fyXnUlQ2ovZGVl55Wq9m/uvpC
Q7k9SEOdSMNqioG5TR7yhGS+cCbcO+zV7WXxKB+mpwUmhkc13H0w5A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-06T20:09:39Z"
mac: ENC[AES256_GCM,data:lZB6blCUm/QXMbK05z65vIxbVm3diXaNXKmGc8c2as8MqEcFwP5twB9GlX/Kpn/3aEFvH5FpavOfUzId5eOVVZJnZYIuTELqXpNGWUD6dMbCmIL0sfOsp49rgmKr+mkoi7kfhM7dMCoximBS2ubLOVIyPAHmrnKI1St/cs/J+PE=,iv:xCerqV4zPVj6LRnWQwNUWTz9F0tJRAF+0b9QcNbHwJ4=,tag:6ew+Loe4iiqMgM2SrhIVpQ==,type:str]
lastmodified: "2025-03-29T18:07:28Z"
mac: ENC[AES256_GCM,data:o9wEs1KqNUthQpBqTJ4qB2v8o4AneWro6Zk2KsPCZN4UsnJGj87MAtZLcbknXNs+2io+XkTfYf3P86jqPCMP6qA/74lpcbkE1HuIzTmmB+VOXRiXlLuxo6XveeLfPqua0YEyzvI/EouA+0w7NKawdmkID/ursR2SqL8VMQ26PzM=,iv:C8pF/pz7hmBg5uTb9oOnNvkH6l9uDYqda1YgegYoIfo=,tag:bkyHfZphQG2z9C6w5NVLYg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2
version: 3.9.4

24
homes/media/default.nix
View file

@ -28,10 +28,32 @@
"/home/media/.local/state/nix/profiles/home-manager/home-path/bin/"
];
sessionVariables = {
LISTEN = 33034;
DATA_DIR = "/home/media/.local/share/task-sync";
};
stateVersion = "25.05";
};
sops = {
age.keyFile = "/home/media/.config/sops/age/keys.txt"; # must have no password!
defaultSopsFile = ../emenel/secrets.yaml;
secrets = {
taskchamp-id = {};
taskchamp-key = {};
};
templates."taskchamp".content =
''
sync.server.client_id = ${config.sops.placeholder.taskchamp-id}
sync.encryption_secret = ${config.sops.placeholder.taskchamp-key}
'';
};
programs = {
home-manager.enable = true;
password-store.enable = true;
@ -41,7 +63,7 @@
enable = true;
startServices = "sd-switch"; # auto reload services when home is rebuilt
};
#custom script executables
home.file.".local/bin" = {
source = ../emenel/dotfiles/dot_local/bin;

2
hosts/eddie/configuration.nix
View file

@ -389,7 +389,7 @@
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --sessions ${config.services.displayManager.sessionData.desktops}/share/xsessions:${config.services.displayManager.sessionData.desktops}/share/wayland-sessions --remember --remember-user-session --user-menu --window-padding 5 --asterisks --asterisks-char ^ --greeting '<~welcome~>' --theme 'button=yellow'";
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --sessions /${config.services.displayManager.sessionData.desktops}/share/wayland-sessions --remember --remember-user-session --user-menu --window-padding 5 --asterisks --asterisks-char ^ --greeting '<~welcome~>' --theme 'button=yellow'";
# --theme 'border=magenta;prompt=green;time=red;action=blue;button=yellow;container=black;input=red'";
user = "greeter";
};

15
hosts/media-server/configuration.nix
View file

@ -234,21 +234,6 @@
openFirewall = true;
};
# services.taskchampion-sync-server = {
# enable = true;
# openFirewall = true;
# snapshot.days = 1;
# };
# services.sabnzbd.configFile = ./sabnzbd.ini;
# services.transmission = {
# user = lib.mkForce "media";
# group = "media";
# };
systemd.targets.sleep.enable = false;
systemd.targets.suspend.enable = false;
systemd.targets.hibernate.enable = false;

4
modules/home/taskwarrior.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }:
{ config, pkgs, ... }:
{
@ -25,7 +25,9 @@
uda.completeRecurDue.label = "Com. Rec. Due";
uda.completeRecurWait.type = "string";
uda.completeRecurWait.label = "Com. Rec. Wait";
sync.server.url = "http:\/\/media-server:33034";
};
extraConfig = "include ${config.sops.templates."taskchamp".path}";
};
home.file.".local/share/task/hooks" = {

4
modules/system/secrets.yaml
View file

@ -15,8 +15,8 @@ sops:
OFJGS2ljaTVFcWJDL3h2S0tLR3pyekkKBY4veCtc5cmVxoDeFf1LufbFhMHnYu7U
jWaEgDUHHPpiR7+4XZI+Es71kyM+0q2UK0KSU5227eDCLkFvRN5uYg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-15T16:32:18Z"
mac: ENC[AES256_GCM,data:drTH1sdk/KUXfeFXJVyB+21orb7maspVaDr2zZRT2z3PqLKtXVUHqSTaXKb7hETi052ibLqSfyrSCgpNcLMB4yAPrLz/u7nADcxvrnmugAkGgR/w4sK8YPNqw0F04Xx1GQV1SNcFi5lj2xBhRI862sUUiEkUEGM8UieVMgx5pFM=,iv:qBwza6BLls0WiW2DpDkb7PIt5vpjj3LmQaArDGgRXIo=,tag:W/REzW4zCNpptvbXDVCpCA==,type:str]
lastmodified: "2025-03-29T17:49:46Z"
mac: ENC[AES256_GCM,data:+FWtcZRSIqseVHXkWqI4oMNKhdTmoOgfY3Qp+tn8m5akOOW2rpuaFDN5w2V5+ObKiep/rWriR98KPwPe2ISNFUG79axajXGaX2nMlnJPYntqdiSzJDXudUNz9+Qj+2LC46U+5WYv4vHvAjN5JTydzBqBDjgymCGKT7kBMcnntb8=,iv:GSD4nX8z5Q1xv/hftZ2gS9ECg5rkqjTnJO0+4/MbHI4=,tag:zxQy93ffSjjhw5Y3apy1gw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

13
modules/system/sops-config.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, lib, ... }:
let
cfg = config.sops-config;
@ -19,25 +19,26 @@ in {
filez = {};
media-server = {};
};
templates."media-server-secrets".content = ''
templates."media-server-secrets".content =
''
username=media
password=${config.sops.placeholder.media-server}
'';
templates."filez-secrets".content = ''
templates."filez-secrets".content =
''
username=admin
password=${config.sops.placeholder.filez}
'';
};
environment.etc = {
"nixos/filez-secrets" = {
source = config.sops.templates."filez-secrets".path;
group = "users";
};
"nixos/media-server-secrets" = {
source = config.sops.templates."media-server-secrets".path;
group = "users";
};
};