From 17e11738d864a39e0d1a9c55d3a367ea1476175e Mon Sep 17 00:00:00 2001 From: Simon Gardling Date: Sun, 15 Sep 2024 13:31:57 -0400 Subject: [PATCH] more agenix --- nix/home-manager/flake.lock | 12 ++++++------ nix/home-manager/gui.nix | 4 ++-- nix/home-manager/progs/borg.nix | 5 ++--- nix/home-manager/secrets/borg-laptop-password.age | 10 ++++++++++ nix/home-manager/secrets/secrets.nix | 8 ++++++++ nix/home-manager/secrets/server-password.age | 9 +++++++++ nix/home-manager/system-mreow.nix | 11 ++++++++++- 7 files changed, 47 insertions(+), 12 deletions(-) create mode 100644 nix/home-manager/secrets/borg-laptop-password.age create mode 100644 nix/home-manager/secrets/server-password.age diff --git a/nix/home-manager/flake.lock b/nix/home-manager/flake.lock index c27ad46..27ef50d 100644 --- a/nix/home-manager/flake.lock +++ b/nix/home-manager/flake.lock @@ -153,11 +153,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1726404066, - "narHash": "sha256-Yt438MuAaZ3DEdRcY2qA3V/L2xCG4MoxR1ROv5PmTGU=", + "lastModified": 1726415038, + "narHash": "sha256-7fptKhYd09J570OF6NQxqun21A/dFPAq+hybtbURgEU=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "ed6c5c478bf87eddc276b192100cc16e76172383", + "rev": "c2f2fb469a999d3334523a157dfca025b9cea5d8", "type": "github" }, "original": { @@ -186,11 +186,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1726304152, - "narHash": "sha256-4YDrKMwXGVOBkeaISbxqf24rLuHvO98TnqxWYfgiSeg=", + "lastModified": 1726412705, + "narHash": "sha256-qRqGbvTpGRn3QhvjOyX0Sn/qPT1bLQUSSHz1vlW/7HE=", "owner": "YaLTeR", "repo": "niri", - "rev": "6a48728ffb1e638839b07f9ab2f06b2adb41dc61", + "rev": "6ee5b5afa784c76b1c31c371b59177136e558fa6", "type": "github" }, "original": { diff --git a/nix/home-manager/gui.nix b/nix/home-manager/gui.nix index 3c9876a..8d6fb46 100644 --- a/nix/home-manager/gui.nix +++ b/nix/home-manager/gui.nix @@ -9,7 +9,7 @@ { imports = [ ./no-gui.nix - ./progs/librewolf.nix + # ./progs/librewolf.nix ]; nixpkgs.config.allowUnfreePredicate = @@ -29,7 +29,7 @@ gnome-calculator #productivity stuff - libreoffice + # libreoffice hunspell # spellcheck hunspellDicts.en_US # spellcheck dictionary diff --git a/nix/home-manager/progs/borg.nix b/nix/home-manager/progs/borg.nix index 0493767..64534a0 100644 --- a/nix/home-manager/progs/borg.nix +++ b/nix/home-manager/progs/borg.nix @@ -1,4 +1,4 @@ -{ homeDirectory }: +{ homeDirectory, borgPasswordFile }: { home = { location = { @@ -32,8 +32,7 @@ }; storage = { - #super secret password location (maybe I should find a way to store secrets properly) - encryptionPasscommand = "cat ${homeDirectory}/Documents/secrets/borg_bak_pass"; + encryptionPasscommand = "cat ${borgPasswordFile}"; }; }; } diff --git a/nix/home-manager/secrets/borg-laptop-password.age b/nix/home-manager/secrets/borg-laptop-password.age new file mode 100644 index 0000000..abca559 --- /dev/null +++ b/nix/home-manager/secrets/borg-laptop-password.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 JlUYaQ 0zR1i7aaaTiNatQ64adSfLAes3mxyErq3kZUziRInVc +A8sfonsw2iodHRFsmYbmMNAviEUFSy9mkXuq6jefki8 +-> ssh-ed25519 dHDJgQ CmnVM06YvF+mzPNF1LsHdyL1hk+d/yH3HTBcdRlX/2c +79u1EAd+g/Cmb9TzAifO4VHqJZk5T88nP4DWfsJEuIw +-> >=ei241-grease co`|!7_c lx{qy +A6d8YS1s8NZojKmRVWhmJDzOOFT/AEO/IRZN0LI30QP3jImoTJ4EFDQUm4p+0IWk +dam3RKxF7XzF6dNigGDKKeIVXcSX1SiEgHyIo0+hPm2nZbM/p1IJ6fsACbTB6Q +--- /Za+90oVP7/fGDLBRr6s56UopJjz8f851js/htBcYWA +6e0YT0|`H>`b. XGXs1n.$o \ No newline at end of file diff --git a/nix/home-manager/secrets/secrets.nix b/nix/home-manager/secrets/secrets.nix index 7a30db5..b3bf8f1 100644 --- a/nix/home-manager/secrets/secrets.nix +++ b/nix/home-manager/secrets/secrets.nix @@ -7,4 +7,12 @@ in laptop desktop ]; + "server-password.age".publicKeys = [ + laptop + desktop + ]; + "borg-laptop-password.age".publicKeys = [ + laptop + desktop + ]; } diff --git a/nix/home-manager/secrets/server-password.age b/nix/home-manager/secrets/server-password.age new file mode 100644 index 0000000..1df1be5 --- /dev/null +++ b/nix/home-manager/secrets/server-password.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 JlUYaQ u9duGBEW7wp7aG5cqd1gfB8w+MDAirki9ZVSsotqtRM +9gyL9k29ytNJZ6Kp90309bDim1fZNqcLhPTVqs1py5s +-> ssh-ed25519 dHDJgQ ytHA01CSY/0dD6F8XC9ilzNaivZS84PsCmr5GFWAE1o +4jLi+spahOIExkrUyfpX8cYJFEKvWfErWskYJ2btBkw +-> Q-grease +n1QvV95VRYZ7CiOl6KOedEKr2L7tjTdj8aahF/DHOifCyWnc +--- iV/7+IbpWvsgrZIs2yPwOL0Xa6AlvkIfwbDotCh7iiQ +'Fh2mYiuL/D* :@;f 9v{2aǫ& \ No newline at end of file diff --git a/nix/home-manager/system-mreow.nix b/nix/home-manager/system-mreow.nix index 1c8323f..1e86a3b 100644 --- a/nix/home-manager/system-mreow.nix +++ b/nix/home-manager/system-mreow.nix @@ -39,11 +39,20 @@ #waybar for status bar programs.waybar = import ./progs/waybar.nix { inherit pkgs; }; + age.secrets.borg-laptop-password = { + file = ./secrets/borg-laptop-password.age; + path = "${homeDirectory}/.secrets/borg_bak_pass"; + }; + #backup utility programs.borgmatic = { enable = true; package = pkgs.borgmatic; - backups = import ./progs/borg.nix { inherit homeDirectory; }; + backups = + let + borgPasswordFile = config.age.secrets.borg-laptop-password.path; + in + import ./progs/borg.nix { inherit homeDirectory borgPasswordFile; }; }; # https://community.frame.work/t/speakers-sound-quality/1078/83