From 397186558aeaaf2cb149ef9d146994a52cb94e5b Mon Sep 17 00:00:00 2001 From: ooks-io Date: Tue, 13 Feb 2024 19:17:48 +1300 Subject: [PATCH] feat: init sops-nix config --- .sops.yaml | 7 ++++ flake.lock | 38 +++++++++++++++++++ flake.nix | 5 +++ .../desktop/media/music/tui/default.nix | 37 +++++++++++++++++- home/profile/base/default.nix | 3 ++ home/secrets/default.nix | 24 ++++++++++++ home/secrets/secrets.yaml | 22 +++++++++++ home/user/ooks/ooksdesk/default.nix | 2 + home/user/ooks/ookst480s/default.nix | 2 + 9 files changed, 139 insertions(+), 1 deletion(-) create mode 100644 .sops.yaml create mode 100644 home/secrets/default.nix create mode 100644 home/secrets/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..b495e9a --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,7 @@ +keys: + - &ooks age16ecqs0u4h4qvnp7nr2rdhd0d2qrw7x5kk60u473d6988a0amsass4d5a22 +creation_rules: + - path_regex: secrets/secrets.yaml$ + key_groups: + - age: + - *ooks diff --git a/flake.lock b/flake.lock index 54cfe4c..d9fb3d6 100644 --- a/flake.lock +++ b/flake.lock @@ -582,6 +582,22 @@ "type": "github" } }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1707603439, + "narHash": "sha256-LodBVZ3+ehJP2azM5oj+JrhfNAAzmTJ/OwAIOn0RfZ0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d8cd80616c8800feec0cab64331d7c3d5a1a6d98", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1703637592, @@ -713,6 +729,7 @@ "nix-gaming": "nix-gaming", "nixpkgs": "nixpkgs_4", "nixvim": "nixvim", + "sops-nix": "sops-nix", "zjstatus": "zjstatus" } }, @@ -766,6 +783,27 @@ "type": "github" } }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1707620614, + "narHash": "sha256-gfAoB9dGzBu62NoAoM945aok7+6M+LFu+nvnGwAsTp4=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "2eb7c4ba3aa75e2660fd217eb1ab64d5b793608e", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 028a987..17a0b6b 100644 --- a/flake.nix +++ b/flake.nix @@ -10,6 +10,11 @@ nix-colors.url = "github:misterio77/nix-colors"; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nixvim = { url = "github:nix-community/nixvim"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/home/modules/desktop/media/music/tui/default.nix b/home/modules/desktop/media/music/tui/default.nix index b0e8a80..545f6c1 100644 --- a/home/modules/desktop/media/music/tui/default.nix +++ b/home/modules/desktop/media/music/tui/default.nix @@ -1,4 +1,4 @@ -{ pkgs, config, lib, ... }: +{ pkgs, config, lib, inputs, ... }: let inherit (config.colorscheme) colors; @@ -7,6 +7,8 @@ let in { + + config = lib.mkIf cfg.enable { home.packages = with pkgs; [ termusic @@ -29,6 +31,39 @@ in }; }; }; + xdg.configFile."spotify-player/app.toml".text = /* toml */ '' + theme = "default" + client_id = "fc4c3656d7cc4a7ea70c6080965f8b1a" + client_port = 8080 + tracks_playback_limit = 50 + playback_format = "{track} • {artists}\n{album}\n{metadata}" + notify_format = { summary = "{track} • {artists}", body = "{album}" } + app_refresh_duration_in_ms = 32 + playback_refresh_duration_in_ms = 0 + page_size_in_rows = 20 + enable_media_control = false + enable_streaming = "Always" + enable_notify = true + enable_cover_image_cache = false + notify_streaming_only = false + default_device = "${config.home.sessionVariables.HN}" + play_icon = "▶" + pause_icon = "▌▌" + liked_icon = "♥" + playback_window_position = "Top" + cover_img_length = 9 + cover_img_width = 5 + playback_window_width = 6 + + [device] + name = "${config.home.sessionVariables.HN}" + device_type = "speaker" + volume = 100 + bitrate = 320 + audio_cache = false + normalization = false + ''; + xdg.configFile."zellij/layouts/music.kdl".text = lib.mkIf zellij.enable /* kdl */ '' layout { default_tab_template { diff --git a/home/profile/base/default.nix b/home/profile/base/default.nix index 29a83a0..e6f975b 100644 --- a/home/profile/base/default.nix +++ b/home/profile/base/default.nix @@ -8,6 +8,7 @@ in imports = [ inputs.nix-colors.homeManagerModule ../../modules + ../../secrets ] ++ (builtins.attrValues outputs.homeManagerModules); config = lib.mkIf cfg.enable { @@ -31,6 +32,7 @@ in home-manager.enable = true; git.enable = true; }; + home.packages = with pkgs; [ sops ]; home = { username = lib.mkDefault "ooks"; @@ -46,6 +48,7 @@ in xdg.portal.enable = true; homeModules = { + sops.enable = true; console = { editor.helix = { enable = true; diff --git a/home/secrets/default.nix b/home/secrets/default.nix new file mode 100644 index 0000000..443254f --- /dev/null +++ b/home/secrets/default.nix @@ -0,0 +1,24 @@ +{ lib, config, inputs, ... }: + +let + cfg = config.homeModules.sops; +in + +{ + + imports = [ + inputs.sops-nix.homeManagerModules.sops + ]; + options.homeModules.sops.enable = lib.mkEnableOption "Enable sops"; + + config = lib.mkIf cfg.enable { + sops = { + age.keyFile = "/home/ooks/.config/sops/age/keys.txt"; + defaultSopsFile = ./secrets.yaml; + + secrets = { + spotifyClientId = { }; + }; + }; + }; +} diff --git a/home/secrets/secrets.yaml b/home/secrets/secrets.yaml new file mode 100644 index 0000000..f975207 --- /dev/null +++ b/home/secrets/secrets.yaml @@ -0,0 +1,22 @@ +spotifyClientId: ENC[AES256_GCM,data:T9OJK/xEr87HdeOKadpIY1Oe5fJzqVjhOU6W/DHeYvc=,iv:oweEMqRAPf0WwPADSgB+lDldj23KOlueLyNIgtfWzbo=,tag:/pUN92uMWB+j0okvjYJUGg==,type:str] +spotifyUserId: ENC[AES256_GCM,data:MeowarV/Wg==,iv:Guqwg3rulJCuMwuSeluMPiQnjaQxDEmYEgDffzkGyqc=,tag:hdkZS5Uj733EcODZxJAxaw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age16ecqs0u4h4qvnp7nr2rdhd0d2qrw7x5kk60u473d6988a0amsass4d5a22 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZT3Z5NnJKaE1SMGVvZEk1 + cFlYYkNUQW4zVFdqQ1MyY1gyOGxhNCt5K21FCmlKMlQzWTJ0K1NqNVEwY2k4bW9z + NmhEejRBeGNUQ3ZSUTNHVE0wUEJnL0EKLS0tIFVhc0l3ZjYyYnY5M2ZJdnZ4VTRU + cHZyWXZHd29UU05xdTBOVnhiUFdoNlkKzLFZ6bf8Ap7Tkd8sr+U9OmpX88WGvOC7 + 4XxfEq5iFaYZemIGtdNJzURN8pdB6su8dG9ChV7m89If5SC9VXYmEg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-02-12T10:19:55Z" + mac: ENC[AES256_GCM,data:uFJWneNsB9652npOK0bq+8fCHrU4xFMhxpSr1G9fZevP2+NJ3SWNTOQomigmLpSszaj0sf7y6VuHZE2DFun8BCy13yR1PJtM8vQTfAJ+HMyps1YT4jcraZwFyZx5skuVvEDd7xV7+8tQwHR+c7GXrib+92/2wKFS/wbhn6l9qYY=,iv:GZDdkc527os5e2QKsQqsXYGvdJ+ymoiFnihghzMtTOY=,tag:YEoJQ+zNawIYfmPQlawbBw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/home/user/ooks/ooksdesk/default.nix b/home/user/ooks/ooksdesk/default.nix index 3de4e35..1ccb13a 100644 --- a/home/user/ooks/ooksdesk/default.nix +++ b/home/user/ooks/ooksdesk/default.nix @@ -7,6 +7,8 @@ activeProfiles = ["base" "hyprland"]; + home.sessionVariables.HN = "ooksdesk"; + homeModules.console.editor.nvim = { enable = true; plugins = { diff --git a/home/user/ooks/ookst480s/default.nix b/home/user/ooks/ookst480s/default.nix index 6a0e715..ae951a8 100644 --- a/home/user/ooks/ookst480s/default.nix +++ b/home/user/ooks/ookst480s/default.nix @@ -7,6 +7,8 @@ activeProfiles = ["base" "hyprland"]; + home.sessionVariables.HN = "ookst480s"; + homeModules.console.editor.nvim = { enable = true; plugins = {