so many sops

hosts/desktop/services.nix

@@ -106,7 +106,7 @@ in
         inhibitsSleep = true;
         environmentFile = config.sops.templates."restic.env".path;
         passwordFile = config.sops.secrets."desktop/restic/password".path;
-        repository = "rest:http://admin:BogieDudie1@10.0.1.18:8008";
+        repositoryFile = config.sops.secrets."desktop/restic/repo".path;
         paths = [
           "/home/matt"
         ];

hosts/desktop/sops.nix

@@ -40,6 +40,9 @@ in
       "desktop/restic/password" = {
         mode = "0600";
       };
+      "desktop/restic/repo" = {
+        mode = "0600";
+      };
       "wifi" = { };
 
       # ------------------------------

hosts/nas/apps/paperless/default.nix

@@ -84,6 +84,11 @@ in
         isReadOnly = true;
         mountPoint = "/run/secrets/jallen-nas/paperless";
       };
+      secret-env = {
+        hostPath = "/run/secrets/rendered/paperless.env";
+        isReadOnly = true;
+        mountPoint = "/run/secrets/rendered/paperless.env";
+      };
     };
   };
 

hosts/nas/home.nix

@@ -1,4 +1,4 @@
-{ ... }:
+{ pkgs,... }:
 let
   shellAliases = {
     ll = "ls -alh";
@@ -67,6 +67,20 @@ in
 
     btop.enable = true;
 
+    neovim = {
+      enable = true;
+      viAlias = true;
+      vimAlias = true;
+      defaultEditor = true;
+      plugins = [
+        pkgs.vimPlugins.nvim-tree-lua
+        {
+          plugin = pkgs.vimPlugins.vim-startify;
+          config = "let g:startify_change_to_vcs_root = 0";
+        }
+      ];
+    };
+
     zsh = {
       enable = true;
       enableCompletion = true;

hosts/nas/services.nix

@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 let
   enableDisplayManager = true;
 in
@@ -18,7 +18,7 @@ in
         enforce-whitelist = true;
         white-list = true;
         "enable-rcon" = true;
-        "rcon.password" = "BogieDudie1"; # todo
+        "rcon.password" = config.sops.secrets."jallen-nas/admin_password".path;
       };
       whitelist = {
         mjallen18 = "03d9fba9-4453-4ad1-afa6-c67738685189";

hosts/nas/sops.nix

@@ -107,6 +107,13 @@ in
       "jallen-nas/paperless/authentik-client-secret" = {
         restartUnits = [ "container@paperless.service" ];
       };
+      "jallen-nas/free-games/eg-email" = { };
+      "jallen-nas/free-games/eg-pass" = { };
+      "jallen-nas/free-games/eg-otp" = { };
+      "jallen-nas/free-games/pg-email" = { };
+      "jallen-nas/free-games/pg-pass" = { };
+      "jallen-nas/free-games/gog-email" = { };
+      "jallen-nas/free-games/gog-pass" = { };
       "ssh-keys-public/jallen-nas-root" = {
         path = "/root/.ssh/id_ed25519.pub";
         mode = "0600";
@@ -146,6 +153,22 @@ in
     };
 
     templates = {
+      "fgc.env" = {
+        content = ''
+          EG_EMAIL = ${config.sops.placeholder."jallen-nas/free-games/eg-email"}
+          EG_PASSWORD = ${config.sops.placeholder."jallen-nas/free-games/eg-pass"}
+          EG_OTPKEY = ${config.sops.placeholder."jallen-nas/free-games/eg-otp"}
+          PG_EMAIL = ${config.sops.placeholder."jallen-nas/free-games/pg-email"}
+          PG_PASSWORD = ${config.sops.placeholder."jallen-nas/free-games/pg-pass"}
+          GOG_EMAIL = ${config.sops.placeholder."jallen-nas/free-games/gog-email"}
+          GOG_PASSWORD = ${config.sops.placeholder."jallen-nas/free-games/gog-pass"}
+        '';
+        mode = "0650";
+        owner = config.users.users."${user}".name;
+        group = config.users.users."${user}".group;
+        restartUnits = [ "podman-free-games-claimer.service" ];
+      };
+
       "paperless.env" = {
         content = ''
           PAPERLESS_URL = "https://paperless.jallen.dev"

modules/apps/free-games-claimer/default.nix

@@ -12,18 +12,11 @@ in
       image = cfg.image;
       ports = [ "${cfg.httpPort}:6080" ];
       volumes = [ "${cfg.dataPath}:/fgc/data" ];
+      environmentFiles = [ config.sops.templates."fgc.env".path ];
       environment = {
         PUID = cfg.puid;
         PGID = cfg.pgid;
         TZ = cfg.timeZone;
-        EG_EMAIL = "matt.l.jallen@gmail.com";
-        EG_PASSWORD = "NSu@nn^XeVHVjxRxWT2B";
-        EG_OTPKEY = "KRKU2UKDJBDE6R2JGRLFKRKEJ5DFKTCWKVEUUQSGKVKFSTKTKBDQ";
-        PG_EMAIL = "jalle008@proton.me";
-        PG_PASSWORD = "BogieDudie1";
-        GOG_EMAIL = "matt.l.jallen@gmail.com";
-        GOG_PASSWORD = "BogieDudie1";
-        # NOTIFY = "mailto://myemail:mypass@gmail.com";
       };
     };
   };

secrets/secrets.yaml

@@ -32,6 +32,14 @@ jallen-nas:
     wireguard:
         private: ENC[AES256_GCM,data:/nOkn5nMrEEeKi1ySo9fAp+r1lQL02k0FZA99hUIKq7THvVWNaQ/Z6paoJU=,iv:iCTfGSdjJ0wMwv/34dv2ygKSm3qAJq6czOErMaFqHtg=,tag:EJZzBlVB5FSvveo5MWtC1g==,type:str]
         public: ENC[AES256_GCM,data:rOmyhwpolxNV2JroLdh90gYAuCGNZu/gY5NBxkHHNJ+qEblmDsom9alNHMQ=,iv:bF+XCO9lPHopLCEILTT4gA349d/Sa5qReSKN70EA3d4=,tag:Yx2TL/37n5Uohlwnlx97vg==,type:str]
+    free-games:
+        eg-email: ENC[AES256_GCM,data:rWkO7hNn14VhHmgSXAYYEYLYtsaDE28=,iv:lTDG2L0LNb//qRuTUfXJkLp+MuDND+3lLdbfRZAYZO4=,tag:s/kH16mMr820nRzDTSt3fw==,type:str]
+        eg-pass: ENC[AES256_GCM,data:5mXYVO9frIj3YKkcEzFsOOjaQq0=,iv:fsJFZBg0JO4ilLQxCJFT/8Tjrv5g5Z5Vnk4nwu0nmQE=,tag:LgFIzoQMgje0x19HMp4SXA==,type:str]
+        eg-otp: ENC[AES256_GCM,data:lHFkMaFpXArXTaEifqQK1sdgs+t13PvXR+QD3AdeGMR4tIhgJ7NoLDJaffj+370ULjMznA==,iv:2Pf2gFdIKiKpbe0mog60yeGl+9Q1E7XmviYuuN9qFzs=,tag:5g1/uIs6EzwOB1K8CxJBcA==,type:str]
+        pg-email: ENC[AES256_GCM,data:Y2HKyBYtTSQt6rlqVw9jL2ut,iv:EnKpQnPFZDf2ent1oqDMgIMMW9YKqvAtdb9A4c5Z5XM=,tag:KRBwlleoRKGPjMe+Ecmctw==,type:str]
+        pg-pass: ENC[AES256_GCM,data:Xh8OM8GqSRE4VO8=,iv:sjVVjufk/dgvlYdp9drdtU1ogEE092bClI3kymtwWho=,tag:g1McB9hn66vRmv8q5bx0aA==,type:str]
+        gog-email: ENC[AES256_GCM,data:83cNvZgdkTyt8g9KxndzWFQuDl72Xl0=,iv:I7WUC+NKURh/Yi1s9c085dA5zBeRGJ7RWmrABN1spQY=,tag:CRswW9qRG/gHgOM7RdbwFQ==,type:str]
+        gog-pass: ENC[AES256_GCM,data:KhBcmXQfJMCqiCQ=,iv:+wJgrCS26luCJyeKNbDOPXBbxXtDbED5of3VWM5dDSg=,tag:El++owy9uegGZ9xDP2aYZw==,type:str]
     nix-serve:
         cache-priv-key-pem: ENC[AES256_GCM,data:PkScK3BDIT9YEh3dxnZDu98ofVzUInCU+3CDcAkIPB19mb4IdaCEEGF6op9afQlHfQBEQ0CEOhpzmko23rUKYSiCACA7lviaZRLIrGzR52SuMrzVQklEOJXxpr4i664vVX+MLnUf86u1g3Yp,iv:+0Xbq7+glJaCdeJk3xRIqYND77Qs2m3EWTDpe8EUx+o=,tag:dyS/hYnsDUQSvlOQXkbjqw==,type:str]
         cache-pub-key-pem: ENC[AES256_GCM,data:AUC8wUnUKGGqnISgPYS0XyvtLRiaBAv9z+Rva9+eqRdsY1ltdEm2oBeQ8zaTyjtG+Y+5RG9MbEj18OB9sMK/Tg==,iv:2Uv8XLyKwfxzWDGOxc533kj4OqwzDttLwq1nH4I1yWA=,tag:j66BtAyXSayxEqk4VQ1e2g==,type:str]
@@ -45,6 +53,7 @@ desktop:
     restic:
         user: ENC[AES256_GCM,data:ccJZWRM=,iv:fExPV4GW2aIDfJ12OCOmDYGAzRGhOu+mcRcKXSfqQME=,tag:MVRsGgbfW4tmnAmQP4e1Dw==,type:str]
         password: ENC[AES256_GCM,data:CjEpTwCAOoIdlb8=,iv:loIX/SmckPIhn9tcIs/eRAbHrbrDe42GeltgwOCo5YE=,tag:F672YtNS1z+9DOewM/7pHQ==,type:str]
+        repo: ENC[AES256_GCM,data:miXYdziysHNekZpmOFMHVjY+ZJX7hukeNRCAGCxPrp8q5EN+REjpYTKx/CA=,iv:80dnVJPKw+vUFYE21APMwO971g+zCYWqyeuyi4xI8X0=,tag:3gsRS8yE1d/PMSrYcM6UtA==,type:str]
     system-ed25519-pub: ENC[AES256_GCM,data:MGTQrs94jUI+CrOf/zAes0YZdj9DZxYMRnaKdWRCPLPPVPKX2CAO6V81CS2zJF/OdBUWQ7Sdm4Ay2mOMZTqKFWfzZAxWiJ955pQ7IFWKs4XgQ35j5S1W1NIbTv2ON+c0,iv:8+I+VXPpNYTAbXIr3kGJZKvHce55JH5f5glFRiSE1ac=,tag:TmV/T1R5Qp2WSSm1XwZf7w==,type:str]
     system-ed25519-priv: ENC[AES256_GCM,data:zybeelXlF5nCxZvaOa9V0txc5JUergAv0vyp9YaVozNbT8JfCvRl69h9/NVCOIsucp0TJtnCD2FUYQpPVjVQ4d4F5kWjhQ0MN1PUMUTslLGBY1YKWKY3DRBJFdAgzibgA/5Tn6V8NHLaIoJON9yXXE/glucFj2G+cGIcIV8AAVi1DMFPajZ87p0LFKHe4gBMA1D08qEVSRwfCp3ZiF/THfszN+agxL2+tqfSuNG4sNucojs9y6jlZEw0vEDRVlXzVACSFq35IcKL7AVnabGY/s1Xm+NrtEqtC10MOVhRerZ1i8U6mVssVnu8XFWC/KHOghfODq761bEATts8tePumoDt1RkEyY5fDi0xC0XY1F6JB+1pPKf+BrdtwsZ1Q16YCWOsXX86X4d0EB364vESGhV4sBIvmAcLvO11FAw9RnOXb2XwcAa5iJTAk+qw8H3yNo9lThq7qygl1QnVkHlR8V9fP1Hvs0bbd9/JaMmZ7J6WTkW9zN3kO6rP6K9v7+H2iwnHphc+hdCAeb4NEJ514/Boq4/Nqeov5KnY,iv:6HQJVFhzzs5gDOp57cu2rW01qvLz0ee/iMnkOF5coFQ=,tag:mrENCKBHpMB+WImThj2/yg==,type:str]
     system-rsa-pub: ENC[AES256_GCM,data:h6AJEB3k1mhVd2afsov5GkFmJ9iFkAW5iSQpFojFBa4Vup3LkpYKv+sbOaWLTib2Triy2muheU7MD9FsMLa7oTUTvrF2WKL5fKmSExveRP6TQCM/3Yc+no0H3eX2Quh80xWwlAxXiiSFxsqemw3J8Kc5+l/VFQ0+XJcuhErkqe3IaDDJePqxALRJgCbPyZFDw7m0RcaZieMLzs7AvO6I4n/OMXwFmed47lkKsFgeQWKlF6eTYzlObjPbvZNOmUSLqm44t5f90DXjXun8Wxc8RN00HKI6NeU0wChx4xHxdgFYimPn+Aa2peuS8L+Xr8TMKcymUuIa0FREh7yClnoLYbjvMmScBtXrWUu8K0xC87BR+bJMbBnJsm3NDzY9W1a/sPYW6DEai6qQh00OZpp1ONPn7XXOjHF77z9NtO+eErlec2FZH+XKVxmhBe3soDF9k+MmRTmc5g6UbtlQPC9k5EsnAIrnSUP33K4MPJ9Y6o/XBLOhvSw1HR12fX+5oVuwSXe4usyJThFrm6MAk83BSCQ06/GP9kl87x0Gs0DVoXnV5tej1kOsb2fd76vV0oWFh417ROld3/L9KWZU0xKgAXCvC1k+uAeFa7wclDuK/vdtbTl0xKfsYCptmm0Ug9RmCvI4xPysP7OJZCk7FoiJtGCGUYE647Afro9EpaqxGksw6nDFcfw/Ht3Lyzht/ry4S5GDZFvxrnuzmvK5/BgscxS38kND960i/puf1RCBpL4UDfJnkacgPUC/BmgZoRaRSKGmymUqmSinr2HgCQVPXLeyAl4myx+a2U0W8WMW1S6TjEtfKQKyxrr8y8gDOMBYwxBnpy+P30z7NxzDQkyRjNGTwKDncQL3j8vD+Rn3fm0hsdn3nbf+7X4lYd8TTdR1JujkCPUclexf7komJJFvaQVHyUQKSZk/57NNLIHpYsllM8SYMDYfVl+ND3sFfcMQzuOQ/RXOPuN4ZXT/dwnOY6kPN8Y=,iv:v6SDGVU8wK1e1KjhPmKbrzjkgMqM021SeHXwaNlVG7c=,tag:tWI6nhKwYuCa1SEx5ZUInA==,type:str]
@@ -135,8 +144,8 @@ sops:
             TWRvYVZ5eklJQU81SzBVZ1BBbENuTkEKwMTa1cAH3sNm2npVhQ/dDl5M7Q8T3vOx
             9slEt5EVUgqaJVhVr9AM9aAhghWJa5i5+Eh628C6p53XFxrO+6zUYA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-19T23:13:06Z"
-    mac: ENC[AES256_GCM,data:9T5Q5sPNGfYgJ53RHMsWCTRCszfu9JYBQGsSAR6JrREt5gnl9XALknUqhs1+NjOanRguX4C0R1d7XDCMMZi8WU4+TiQk1MzlEMS5CDX4YGKm/hUY2e1PqW9FU2mjMqsgmh1ak7B51q6mNdOShtxvRjaLf8TLY4Aps6Z0XsnPZgE=,iv:VyYeNwCN3k6czVZ3Pw829W2ezQ1hONe9gDrodTEggWE=,tag:pkHvPBH4DT2z7l8kEz7LrQ==,type:str]
+    lastmodified: "2025-03-21T02:08:05Z"
+    mac: ENC[AES256_GCM,data:SCRRxSx/vqoyCUz/ZqRkeukMBQGqkWbnXEqyRS755EQLUBoSOQl0wVb073VOHnX+DMBVljZUjYqvqG5Kunt88qR2bSMg3dc55lJZgDebvUzp1aKn6Xasf458qTvr9H7mUFFIioz/hTuNucwDlL4PaSDw3HItCifD+lvvhU6VGnI=,iv:6sVMivsXDSI9x8eo90v1VHNiV+qXAdwe3g+ZM/gDMRk=,tag:pVKG8caLQCCE46JRMxUv5w==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.4