diff --git a/flake.nix b/flake.nix index 557938c..8f3a2c6 100644 --- a/flake.nix +++ b/flake.nix @@ -135,6 +135,7 @@ inputs.kmonad.nixosModules.default inputs.musnix.nixosModules.musnix inputs.niri.nixosModules.niri + inputs.sops-nix.nixosModules.sops ./hosts/eddie/configuration.nix diff --git a/hosts/eddie/configuration.nix b/hosts/eddie/configuration.nix index 3b01cd6..e184399 100644 --- a/hosts/eddie/configuration.nix +++ b/hosts/eddie/configuration.nix @@ -62,6 +62,32 @@ }; }; + sops = { + age.keyFile = "/home/emenel/.config/sops/age/keys.txt"; # must have no password! + defaultSopsFile = ./secrets.yaml; + secrets = { + filez = {}; + }; + templates."smb-secrets".content = '' + username=admin + password=${config.sops.placeholder.filez} + ''; + }; + + + environment.etc = { + "nixos/smb-secrets".source = config.sops.templates."smb-secrets".path; + }; + + fileSystems."/mnt/media" = { + device = "//100.70.114.113"; + fsType = "cifs"; + options = let + automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; + in ["${automount_opts},credentials=/etc/nixos/smb-secrets"]; + }; + + environment.systemPackages = with pkgs; [ wget libGL @@ -630,12 +656,6 @@ ]; }; - # fileSystems."/mnt/media" = { - # device = "//filez.local/Media"; - # type = "cifs"; - - # }; - #do not change system.stateVersion = "24.05"; diff --git a/hosts/eddie/secrets.yaml b/hosts/eddie/secrets.yaml new file mode 100644 index 0000000..6b58eec --- /dev/null +++ b/hosts/eddie/secrets.yaml @@ -0,0 +1,21 @@ +filez: ENC[AES256_GCM,data:pOnl/B+dFc+Fks7Yb3c=,iv:V99CfTUmFq9ijFHU88OIvySvKw91a9hx0fXLikaAOdY=,tag:L1E2Wur2yVYaGeY+3Ku1WA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age10k8v6pfm3p7cmsgn6wu5ufpcquqgpvqh76l23xf326et55dacc0qlr8fe8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFS1BoNnpoWnZGNGQreXVZ + RjNGUWhoYmJPbWplcFIwOU1mdlNOYmhkblU0CmFkNkg1ZDVxU1FNbnlUMXpKWXR1 + elZ0RFZaRDRsMkVjcFhkMXU4Q1RYTDQKLS0tIHBRZlovWlFJUDFidzBnby9VNzlm + OFJGS2ljaTVFcWJDL3h2S0tLR3pyekkKBY4veCtc5cmVxoDeFf1LufbFhMHnYu7U + jWaEgDUHHPpiR7+4XZI+Es71kyM+0q2UK0KSU5227eDCLkFvRN5uYg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-02-12T01:06:05Z" + mac: ENC[AES256_GCM,data:H6vfNxeGOBFtKpQr/sdtbbUX6WmV7dFN37QdAhfYJlVnUJbJqhzuyfVKUCceTwZVf18MIXKJAaGzoDUr0bL5ljA2immqmvWGSVAhmztHueRXIzWbOQVYLP5djSvFzp0yWttzG9W7j9hANkyaLsyrC9PArucWnvrwQuFf9ZA0TGM=,iv:4KcjbarJFpUcNUE06jiA43cMGGYE4GY8DgPMsnNn3iY=,tag:MWn+q4SwxWltNEfFN6HZgQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4 diff --git a/modules/home/hypridle.nix b/modules/home/hypridle.nix index 9a7fd40..78b7033 100644 --- a/modules/home/hypridle.nix +++ b/modules/home/hypridle.nix @@ -13,7 +13,7 @@ listener = [ { timeout = "30"; - on-timeout = "systemd-ac-power || light -S 0 && light -s razer/0003:1532:02B6.0003/backlight -S 0"; + on-timeout = "systemd-ac-power || light -O && light -S 0 && light -s razer/0003:1532:02B6.0003/backlight -S 0"; on-resume = "systemd-ac-power || light -I && light -s razer/0003:1532:02B6.0003/backlight -S 40"; } @@ -30,7 +30,7 @@ # ac power timers { timeout = "60"; - on-timeout = "systemd-ac-power && light -S 0 && light -s razer/0003:1532:02B6.0003/backlight -S 0"; + on-timeout = "systemd-ac-power && light -O && light -S 0 && light -s razer/0003:1532:02B6.0003/backlight -S 0"; on-resume = "systemd-ac-power && light -I && light -s razer/0003:1532:02B6.0003/backlight -S 40"; }