feat: init sops-nix config

2024-02-13 19:17:48 +13:00 · 2024-02-13 19:17:48 +13:00 · 397186558a
commit 397186558a
parent e0f46323bc
9 changed files with 139 additions and 1 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -0,0 +1,7 @@
 keys:
  - &ooks age16ecqs0u4h4qvnp7nr2rdhd0d2qrw7x5kk60u473d6988a0amsass4d5a22
 creation_rules:
  - path_regex: secrets/secrets.yaml$
    key_groups:
    - age:
        - *ooks
--- a/flake.lock
+++ b/flake.lock
@ -582,6 +582,22 @@
        "type": "github"
      }
    },
    "nixpkgs-stable": {
      "locked": {
        "lastModified": 1707603439,
        "narHash": "sha256-LodBVZ3+ehJP2azM5oj+JrhfNAAzmTJ/OwAIOn0RfZ0=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "d8cd80616c8800feec0cab64331d7c3d5a1a6d98",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "release-23.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1703637592,
@ -713,6 +729,7 @@
        "nix-gaming": "nix-gaming",
        "nixpkgs": "nixpkgs_4",
        "nixvim": "nixvim",
        "sops-nix": "sops-nix",
        "zjstatus": "zjstatus"
      }
    },
@ -766,6 +783,27 @@
        "type": "github"
      }
    },
    "sops-nix": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ],
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
        "lastModified": 1707620614,
        "narHash": "sha256-gfAoB9dGzBu62NoAoM945aok7+6M+LFu+nvnGwAsTp4=",
        "owner": "Mic92",
        "repo": "sops-nix",
        "rev": "2eb7c4ba3aa75e2660fd217eb1ab64d5b793608e",
        "type": "github"
      },
      "original": {
        "owner": "Mic92",
        "repo": "sops-nix",
        "type": "github"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
--- a/flake.nix
+++ b/flake.nix
@ -10,6 +10,11 @@
    nix-colors.url = "github:misterio77/nix-colors";
    sops-nix = {
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nixvim = {
      url = "github:nix-community/nixvim";
      inputs.nixpkgs.follows = "nixpkgs";
--- a/home/modules/desktop/media/music/tui/default.nix
+++ b/home/modules/desktop/media/music/tui/default.nix
@ -1,4 +1,4 @@
-{ pkgs, config, lib, ... }:
+{ pkgs, config, lib, inputs, ... }:
 let
  inherit (config.colorscheme) colors;
@ -7,6 +7,8 @@ let
 in
 {
  config = lib.mkIf cfg.enable {
    home.packages = with pkgs; [
      termusic
@ -29,6 +31,39 @@ in
        };
      };
    };
    xdg.configFile."spotify-player/app.toml".text =  /* toml */ ''
      theme = "default"
      client_id = "fc4c3656d7cc4a7ea70c6080965f8b1a"
      client_port = 8080
      tracks_playback_limit = 50
      playback_format = "{track} • {artists}\n{album}\n{metadata}"
      notify_format = { summary = "{track} • {artists}", body = "{album}" }
      app_refresh_duration_in_ms = 32
      playback_refresh_duration_in_ms = 0
      page_size_in_rows = 20
      enable_media_control = false
      enable_streaming = "Always"
      enable_notify = true
      enable_cover_image_cache = false
      notify_streaming_only = false
      default_device = "${config.home.sessionVariables.HN}"
      play_icon = "▶"
      pause_icon = "▌▌"
      liked_icon = "♥"
      playback_window_position = "Top"
      cover_img_length = 9
      cover_img_width = 5
      playback_window_width = 6
      [device]
      name = "${config.home.sessionVariables.HN}"
      device_type = "speaker"
      volume = 100
      bitrate = 320
      audio_cache = false
      normalization = false
    '';
    xdg.configFile."zellij/layouts/music.kdl".text = lib.mkIf zellij.enable /* kdl */ ''
      layout {
      default_tab_template {
--- a/home/profile/base/default.nix
+++ b/home/profile/base/default.nix
@ -8,6 +8,7 @@ in
  imports = [
    inputs.nix-colors.homeManagerModule
    ../../modules
    ../../secrets
  ] ++ (builtins.attrValues outputs.homeManagerModules);
  config = lib.mkIf cfg.enable {
@ -31,6 +32,7 @@ in
      home-manager.enable = true;
      git.enable = true;
    };
    home.packages = with pkgs; [ sops ];
    home = {
      username = lib.mkDefault "ooks";
@ -46,6 +48,7 @@ in
    xdg.portal.enable = true;
    homeModules = {
      sops.enable = true;
      console = {
        editor.helix = {
          enable = true;
--- a/home/secrets/default.nix
+++ b/home/secrets/default.nix
@ -0,0 +1,24 @@
 { lib, config, inputs, ... }:
 let
  cfg = config.homeModules.sops;
 in
 {
  imports = [
    inputs.sops-nix.homeManagerModules.sops
  ];
  options.homeModules.sops.enable = lib.mkEnableOption "Enable sops";
  config = lib.mkIf cfg.enable {
    sops = {
      age.keyFile = "/home/ooks/.config/sops/age/keys.txt";
      defaultSopsFile = ./secrets.yaml;
      secrets = {
        spotifyClientId = { };
      };
    };
  };
 }
--- a/home/secrets/secrets.yaml
+++ b/home/secrets/secrets.yaml
@ -0,0 +1,22 @@
 spotifyClientId: ENC[AES256_GCM,data:T9OJK/xEr87HdeOKadpIY1Oe5fJzqVjhOU6W/DHeYvc=,iv:oweEMqRAPf0WwPADSgB+lDldj23KOlueLyNIgtfWzbo=,tag:/pUN92uMWB+j0okvjYJUGg==,type:str]
 spotifyUserId: ENC[AES256_GCM,data:MeowarV/Wg==,iv:Guqwg3rulJCuMwuSeluMPiQnjaQxDEmYEgDffzkGyqc=,tag:hdkZS5Uj733EcODZxJAxaw==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age16ecqs0u4h4qvnp7nr2rdhd0d2qrw7x5kk60u473d6988a0amsass4d5a22
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZT3Z5NnJKaE1SMGVvZEk1
            cFlYYkNUQW4zVFdqQ1MyY1gyOGxhNCt5K21FCmlKMlQzWTJ0K1NqNVEwY2k4bW9z
            NmhEejRBeGNUQ3ZSUTNHVE0wUEJnL0EKLS0tIFVhc0l3ZjYyYnY5M2ZJdnZ4VTRU
            cHZyWXZHd29UU05xdTBOVnhiUFdoNlkKzLFZ6bf8Ap7Tkd8sr+U9OmpX88WGvOC7
            4XxfEq5iFaYZemIGtdNJzURN8pdB6su8dG9ChV7m89If5SC9VXYmEg==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-02-12T10:19:55Z"
    mac: ENC[AES256_GCM,data:uFJWneNsB9652npOK0bq+8fCHrU4xFMhxpSr1G9fZevP2+NJ3SWNTOQomigmLpSszaj0sf7y6VuHZE2DFun8BCy13yR1PJtM8vQTfAJ+HMyps1YT4jcraZwFyZx5skuVvEDd7xV7+8tQwHR+c7GXrib+92/2wKFS/wbhn6l9qYY=,iv:GZDdkc527os5e2QKsQqsXYGvdJ+ymoiFnihghzMtTOY=,tag:YEoJQ+zNawIYfmPQlawbBw==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/home/user/ooks/ooksdesk/default.nix
+++ b/home/user/ooks/ooksdesk/default.nix
@ -7,6 +7,8 @@
  activeProfiles = ["base" "hyprland"];
  home.sessionVariables.HN = "ooksdesk";
  homeModules.console.editor.nvim = {
    enable = true;
    plugins = {
--- a/home/user/ooks/ookst480s/default.nix
+++ b/home/user/ooks/ookst480s/default.nix
@ -7,6 +7,8 @@
  activeProfiles = ["base" "hyprland"];
  home.sessionVariables.HN = "ookst480s";
  homeModules.console.editor.nvim = {
    enable = true;
    plugins = {