From 60c414fca11faadbee12e7ee68d6b5fad629919e Mon Sep 17 00:00:00 2001
From: Matt Nish-Lapidus <matt@emenel.ca>
Date: Sat, 29 Mar 2025 14:36:03 -0400
Subject: [PATCH] adding sops for taskchamp

---
 flake.lock                           | 12 ++++++------
 homes/emenel/secrets.yaml            |  6 ++++--
 homes/media/default.nix              | 17 +++++++++++++++--
 hosts/media-server/configuration.nix |  2 +-
 4 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/flake.lock b/flake.lock
index 309393c..aed9e06 100644
--- a/flake.lock
+++ b/flake.lock
@@ -70,11 +70,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1743239789,
-        "narHash": "sha256-WvJj6PCAdBmWx69OYvAUVtLG9gFdChMteHZTaYrADqQ=",
+        "lastModified": 1743268410,
+        "narHash": "sha256-JT3B9nidF+0PRVgHB4Vy/3pShCrU6lUK1Kjn8yoiSZM=",
         "owner": "nix-community",
         "repo": "emacs-overlay",
-        "rev": "2ac7be36de0ef1e6936c7ba89fbf8d2ae87f4ddd",
+        "rev": "93e148ba6bdd5db1a40878ab04f5901e263553f6",
         "type": "github"
       },
       "original": {
@@ -357,11 +357,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1743259333,
-        "narHash": "sha256-2Fi3K++co4IGbeOLGXdRA6VEfbzQzMgcuBaPTyjfj0s=",
+        "lastModified": 1743267068,
+        "narHash": "sha256-G7866vbO5jgqMcYJzgbxej40O6mBGQMGt6gM0himjoA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "1f679ed2a2ebe3894bad9f89fb0bd9f141c28a68",
+        "rev": "b431496538b0e294fbe44a1441b24ae8195c63f0",
         "type": "github"
       },
       "original": {
diff --git a/homes/emenel/secrets.yaml b/homes/emenel/secrets.yaml
index cd1ec46..53973fd 100644
--- a/homes/emenel/secrets.yaml
+++ b/homes/emenel/secrets.yaml
@@ -3,6 +3,8 @@ bw_api_key: ENC[AES256_GCM,data:Dwb++djM0lrkkmfVDNq46uhMxjbj1grmDwykk2v4,iv:JPy6
 ssh_key: ENC[AES256_GCM,data:gp/UO2dV5AFAj2AQ7MgWrBoi/jXWprPhNsuIfF7wrHilFDyWO9YCaG2waBfon6YltWRVoow6LRQs9JnoGkRsF79LDpIBRSMQmi2SEUpY0uLvZB0MUBkblqYiaAqNfoDL5JSsI7ePyEpSB6a3f1Rq5oVD6BSzqgl2gocV7/GlgiqBQ7ah/x90QLlfJjQ2NPFGCxXCxoPbpvlA9jvTzMVgxc6ziI3eH41Mg8iRw8K9WtSE+rvCrH1juY/d5aj1nc4b+r257kseuH7oU5di+10cJ7IMuvDEsBrMrCHpc9rETAEqtwXXmSXSxtOx1B9KnT+3KbvlTkOOgn4/jGb+CrVD0Ku61F82aP5sIiX47qiR6s+eyggHcDib8KwL4IbpKqJWKbybelrDz14JSm4yHWTOFwOwX7baNPc2l4awZ/7VnEtX2+GVxZA5jBQFqv2zeevPW8nURZt0ANAmN+gb2ebe8dKb7IL3KPYTht3AWxsovVuXClmLKW/zIWH48sbuGkqZXqOJqQewBb71frOmmAGC,iv:34riu5Fa+r2DG5kIEEPiQnOFZ1sUk0tqbVZZw0AA3QY=,tag:nyZkcBT2fz44J2MBptB0lA==,type:str]
 ssh_key_pub: ENC[AES256_GCM,data:MbEqSFSH52Ac1EgX66DohzlTa3CRellfgmGBolCuPIKn/0T7IN2+8iHpKB45/9VqzaWn6E4wPKGzKCP69/ne2+h4FPxWZv8OXGfvCvApWz6xkSRXL04mud3bJId3,iv:HxEA9fHRwSPdZ6QPIPjk6CDCcEiouoz2KED0MSW01Bk=,tag:e8GWCQfoFiT+2+KNPYdBpg==,type:str]
 borg_url: ENC[AES256_GCM,data:Ha/C+EInoNv6Wy/t7IRWmAlVsgEg/sh+LhM/8GmrvQsqfs/KO86i3QD66H0A+gN9,iv:/k8CIgdPg+Z5alVj4RnRypU8S1E/B/nLAlkhzMX1+uU=,tag:/Y6mUq00lRryUairXQMWwQ==,type:str]
+taskchamp-id: ENC[AES256_GCM,data:Aou7f+fj8oeC+w3dmCfj1MP7RvSPzF5eRRz6cw99Nb1hJJk2,iv:A0ILlMOkG8IBzk1ylWb0WEZ/sFrcn2MSRDZ2+VYQtZA=,tag:IEb4MZTVccaCXXyME4Egzg==,type:str]
+taskchamp-key: ENC[AES256_GCM,data:9MAT3Q3Olw8JDA==,iv:5JBugxClwi+loeP6/7taRHAOzdpXMDMn5elwqUSKJus=,tag:Kt2wjRW90h8q3Nia7mIT5g==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -18,8 +20,8 @@ sops:
             RTk5RGdrZ3dGaXJIait5VG45bTFpQVkKFvq2714fyXnUlQ2ovZGVl55Wq9m/uvpC
             Q7k9SEOdSMNqioG5TR7yhGS+cCbcO+zV7WXxKB+mpwUmhkc13H0w5A==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-29T18:07:28Z"
-    mac: ENC[AES256_GCM,data:o9wEs1KqNUthQpBqTJ4qB2v8o4AneWro6Zk2KsPCZN4UsnJGj87MAtZLcbknXNs+2io+XkTfYf3P86jqPCMP6qA/74lpcbkE1HuIzTmmB+VOXRiXlLuxo6XveeLfPqua0YEyzvI/EouA+0w7NKawdmkID/ursR2SqL8VMQ26PzM=,iv:C8pF/pz7hmBg5uTb9oOnNvkH6l9uDYqda1YgegYoIfo=,tag:bkyHfZphQG2z9C6w5NVLYg==,type:str]
+    lastmodified: "2025-03-29T18:32:50Z"
+    mac: ENC[AES256_GCM,data:2S3awJTt7aC9tM+4ah33gJF4CHB/Xjdii/PtVYoYYv0OXG3dUQVQvptg8PlEyBZSpJ1hgOI542cBV2lAfOObcL8MOsfir1IZs4FJoo/2w5SRSPvVZpAlmflrvskKdNy0vcvrPSLs3mSCKlC1aRsw7uR/SqJCM3fkI0FkPIw/RLE=,iv:3eaM5vVc5Jj0Ff01K/PjZsq49BNopGhkagpyROWYGNw=,tag:IGQyRbezQsVSFE8DcoAcIA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.4
diff --git a/homes/media/default.nix b/homes/media/default.nix
index 1ffb355..6d6695f 100644
--- a/homes/media/default.nix
+++ b/homes/media/default.nix
@@ -29,7 +29,7 @@
     ];
 
     sessionVariables = {
-      LISTEN = 33034;
+      LISTEN = "media-server:33034";
       DATA_DIR = "/home/media/.local/share/task-sync";
     };
 
@@ -52,7 +52,6 @@ sync.server.client_id = ${config.sops.placeholder.taskchamp-id}
 sync.encryption_secret = ${config.sops.placeholder.taskchamp-key}
 '';
   };
-
   
   programs = {
     home-manager.enable = true;
@@ -62,6 +61,20 @@ sync.encryption_secret = ${config.sops.placeholder.taskchamp-key}
   systemd.user = {
     enable = true;
     startServices = "sd-switch"; # auto reload services when home is rebuilt
+
+    services.taskchampion-sync-server = {
+      Unit = {
+        Description = "taskchamp";
+        After = [ "network.target" ];
+      };
+      Install = {
+        WantedBy = [ "multi-user.target" ];
+      };
+      Service = {
+        Type = "simple";
+        ExecStart = "${pkgs.taskchampion-sync-server}/bin/taskchampion-sync-server --snapshot-days 1 --snapshot-versions 30";
+      };
+    };
   };
   
   #custom script executables
diff --git a/hosts/media-server/configuration.nix b/hosts/media-server/configuration.nix
index d5be670..9fe4ac9 100644
--- a/hosts/media-server/configuration.nix
+++ b/hosts/media-server/configuration.nix
@@ -110,7 +110,7 @@
   # enable the OpenSSH daemon.
   services.openssh.enable = true;
   programs.ssh.startAgent = true;
-
+    
   services.resolved = {
     enable = true;
     extraConfig = ''