playing with filesystems for remote mounts

2025-02-11 21:33:46 -05:00 · 2025-02-11 21:33:46 -05:00 · 7685f865f8
commit 7685f865f8
parent b6c81fd346
4 changed files with 50 additions and 8 deletions
--- a/flake.nix
+++ b/flake.nix
@ -135,6 +135,7 @@
            inputs.kmonad.nixosModules.default
            inputs.musnix.nixosModules.musnix
            inputs.niri.nixosModules.niri
+            inputs.sops-nix.nixosModules.sops

            ./hosts/eddie/configuration.nix

--- a/hosts/eddie/configuration.nix
+++ b/hosts/eddie/configuration.nix
@ -62,6 +62,32 @@
    };
  };

+  sops = {
+    age.keyFile = "/home/emenel/.config/sops/age/keys.txt"; # must have no password!
+    defaultSopsFile = ./secrets.yaml;
+    secrets = {
+      filez = {};
+    };
+    templates."smb-secrets".content = ''
+                             username=admin
+                             password=${config.sops.placeholder.filez}
+                             '';
+  };
+
+
+  environment.etc = {
+    "nixos/smb-secrets".source = config.sops.templates."smb-secrets".path;
+  };
+
+  fileSystems."/mnt/media" = {
+    device = "//100.70.114.113";
+    fsType = "cifs";
+    options = let
+      automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
+    in ["${automount_opts},credentials=/etc/nixos/smb-secrets"];
+  };
+
+
  environment.systemPackages = with pkgs; [
    wget
    libGL
@ -630,12 +656,6 @@
    ];
  };

-  # fileSystems."/mnt/media" = {
-  #   device = "//filez.local/Media";
-  #   type = "cifs";
-
-  # };
-
  #do not change
  system.stateVersion = "24.05";

--- a/hosts/eddie/secrets.yaml
+++ b/hosts/eddie/secrets.yaml
@ -0,0 +1,21 @@
+filez: ENC[AES256_GCM,data:pOnl/B+dFc+Fks7Yb3c=,iv:V99CfTUmFq9ijFHU88OIvySvKw91a9hx0fXLikaAOdY=,tag:L1E2Wur2yVYaGeY+3Ku1WA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age10k8v6pfm3p7cmsgn6wu5ufpcquqgpvqh76l23xf326et55dacc0qlr8fe8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFS1BoNnpoWnZGNGQreXVZ
+            RjNGUWhoYmJPbWplcFIwOU1mdlNOYmhkblU0CmFkNkg1ZDVxU1FNbnlUMXpKWXR1
+            elZ0RFZaRDRsMkVjcFhkMXU4Q1RYTDQKLS0tIHBRZlovWlFJUDFidzBnby9VNzlm
+            OFJGS2ljaTVFcWJDL3h2S0tLR3pyekkKBY4veCtc5cmVxoDeFf1LufbFhMHnYu7U
+            jWaEgDUHHPpiR7+4XZI+Es71kyM+0q2UK0KSU5227eDCLkFvRN5uYg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-02-12T01:06:05Z"
+    mac: ENC[AES256_GCM,data:H6vfNxeGOBFtKpQr/sdtbbUX6WmV7dFN37QdAhfYJlVnUJbJqhzuyfVKUCceTwZVf18MIXKJAaGzoDUr0bL5ljA2immqmvWGSVAhmztHueRXIzWbOQVYLP5djSvFzp0yWttzG9W7j9hANkyaLsyrC9PArucWnvrwQuFf9ZA0TGM=,iv:4KcjbarJFpUcNUE06jiA43cMGGYE4GY8DgPMsnNn3iY=,tag:MWn+q4SwxWltNEfFN6HZgQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.4
--- a/modules/home/hypridle.nix
+++ b/modules/home/hypridle.nix
@ -13,7 +13,7 @@
      listener = [
        {
          timeout = "30";
-          on-timeout = "systemd-ac-power || light -S 0 && light -s razer/0003:1532:02B6.0003/backlight -S 0";
+          on-timeout = "systemd-ac-power || light -O && light -S 0 && light -s razer/0003:1532:02B6.0003/backlight -S 0";
          on-resume = "systemd-ac-power || light -I && light -s razer/0003:1532:02B6.0003/backlight -S 40";
        }

@ -30,7 +30,7 @@
        # ac power timers
        {
          timeout = "60";
-          on-timeout = "systemd-ac-power && light -S 0 && light -s razer/0003:1532:02B6.0003/backlight -S 0";
+          on-timeout = "systemd-ac-power && light -O && light -S 0 && light -s razer/0003:1532:02B6.0003/backlight -S 0";
          on-resume = "systemd-ac-power && light -I && light -s razer/0003:1532:02B6.0003/backlight -S 40";
        }