From 3714518eadf96f00f846d8cbc8f1d237e95c8d21 Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Thu, 20 Mar 2025 21:15:52 -0500 Subject: [PATCH] so many sops --- hosts/desktop/services.nix | 2 +- hosts/desktop/sops.nix | 3 +++ hosts/nas/apps/paperless/default.nix | 5 +++++ hosts/nas/home.nix | 16 +++++++++++++- hosts/nas/services.nix | 4 ++-- hosts/nas/sops.nix | 23 +++++++++++++++++++++ modules/apps/free-games-claimer/default.nix | 9 +------- secrets/secrets.yaml | 13 ++++++++++-- 8 files changed, 61 insertions(+), 14 deletions(-) diff --git a/hosts/desktop/services.nix b/hosts/desktop/services.nix index b1a8f2e..5f317bf 100755 --- a/hosts/desktop/services.nix +++ b/hosts/desktop/services.nix @@ -106,7 +106,7 @@ in inhibitsSleep = true; environmentFile = config.sops.templates."restic.env".path; passwordFile = config.sops.secrets."desktop/restic/password".path; - repository = "rest:http://admin:BogieDudie1@10.0.1.18:8008"; + repositoryFile = config.sops.secrets."desktop/restic/repo".path; paths = [ "/home/matt" ]; diff --git a/hosts/desktop/sops.nix b/hosts/desktop/sops.nix index 5d5bbfc..c8838da 100755 --- a/hosts/desktop/sops.nix +++ b/hosts/desktop/sops.nix @@ -40,6 +40,9 @@ in "desktop/restic/password" = { mode = "0600"; }; + "desktop/restic/repo" = { + mode = "0600"; + }; "wifi" = { }; # ------------------------------ diff --git a/hosts/nas/apps/paperless/default.nix b/hosts/nas/apps/paperless/default.nix index 7271e65..aed821c 100755 --- a/hosts/nas/apps/paperless/default.nix +++ b/hosts/nas/apps/paperless/default.nix @@ -84,6 +84,11 @@ in isReadOnly = true; mountPoint = "/run/secrets/jallen-nas/paperless"; }; + secret-env = { + hostPath = "/run/secrets/rendered/paperless.env"; + isReadOnly = true; + mountPoint = "/run/secrets/rendered/paperless.env"; + }; }; }; diff --git a/hosts/nas/home.nix b/hosts/nas/home.nix index 435c7a5..7eb42a2 100755 --- a/hosts/nas/home.nix +++ b/hosts/nas/home.nix @@ -1,4 +1,4 @@ -{ ... }: +{ pkgs,... }: let shellAliases = { ll = "ls -alh"; @@ -67,6 +67,20 @@ in btop.enable = true; + neovim = { + enable = true; + viAlias = true; + vimAlias = true; + defaultEditor = true; + plugins = [ + pkgs.vimPlugins.nvim-tree-lua + { + plugin = pkgs.vimPlugins.vim-startify; + config = "let g:startify_change_to_vcs_root = 0"; + } + ]; + }; + zsh = { enable = true; enableCompletion = true; diff --git a/hosts/nas/services.nix b/hosts/nas/services.nix index f5dfdca..b88501b 100755 --- a/hosts/nas/services.nix +++ b/hosts/nas/services.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, config, ... }: let enableDisplayManager = true; in @@ -18,7 +18,7 @@ in enforce-whitelist = true; white-list = true; "enable-rcon" = true; - "rcon.password" = "BogieDudie1"; # todo + "rcon.password" = config.sops.secrets."jallen-nas/admin_password".path; }; whitelist = { mjallen18 = "03d9fba9-4453-4ad1-afa6-c67738685189"; diff --git a/hosts/nas/sops.nix b/hosts/nas/sops.nix index 497748b..b720548 100755 --- a/hosts/nas/sops.nix +++ b/hosts/nas/sops.nix @@ -107,6 +107,13 @@ in "jallen-nas/paperless/authentik-client-secret" = { restartUnits = [ "container@paperless.service" ]; }; + "jallen-nas/free-games/eg-email" = { }; + "jallen-nas/free-games/eg-pass" = { }; + "jallen-nas/free-games/eg-otp" = { }; + "jallen-nas/free-games/pg-email" = { }; + "jallen-nas/free-games/pg-pass" = { }; + "jallen-nas/free-games/gog-email" = { }; + "jallen-nas/free-games/gog-pass" = { }; "ssh-keys-public/jallen-nas-root" = { path = "/root/.ssh/id_ed25519.pub"; mode = "0600"; @@ -146,6 +153,22 @@ in }; templates = { + "fgc.env" = { + content = '' + EG_EMAIL = ${config.sops.placeholder."jallen-nas/free-games/eg-email"} + EG_PASSWORD = ${config.sops.placeholder."jallen-nas/free-games/eg-pass"} + EG_OTPKEY = ${config.sops.placeholder."jallen-nas/free-games/eg-otp"} + PG_EMAIL = ${config.sops.placeholder."jallen-nas/free-games/pg-email"} + PG_PASSWORD = ${config.sops.placeholder."jallen-nas/free-games/pg-pass"} + GOG_EMAIL = ${config.sops.placeholder."jallen-nas/free-games/gog-email"} + GOG_PASSWORD = ${config.sops.placeholder."jallen-nas/free-games/gog-pass"} + ''; + mode = "0650"; + owner = config.users.users."${user}".name; + group = config.users.users."${user}".group; + restartUnits = [ "podman-free-games-claimer.service" ]; + }; + "paperless.env" = { content = '' PAPERLESS_URL = "https://paperless.jallen.dev" diff --git a/modules/apps/free-games-claimer/default.nix b/modules/apps/free-games-claimer/default.nix index 33dff73..fc70aaa 100755 --- a/modules/apps/free-games-claimer/default.nix +++ b/modules/apps/free-games-claimer/default.nix @@ -12,18 +12,11 @@ in image = cfg.image; ports = [ "${cfg.httpPort}:6080" ]; volumes = [ "${cfg.dataPath}:/fgc/data" ]; + environmentFiles = [ config.sops.templates."fgc.env".path ]; environment = { PUID = cfg.puid; PGID = cfg.pgid; TZ = cfg.timeZone; - EG_EMAIL = "matt.l.jallen@gmail.com"; - EG_PASSWORD = "NSu@nn^XeVHVjxRxWT2B"; - EG_OTPKEY = "KRKU2UKDJBDE6R2JGRLFKRKEJ5DFKTCWKVEUUQSGKVKFSTKTKBDQ"; - PG_EMAIL = "jalle008@proton.me"; - PG_PASSWORD = "BogieDudie1"; - GOG_EMAIL = "matt.l.jallen@gmail.com"; - GOG_PASSWORD = "BogieDudie1"; - # NOTIFY = "mailto://myemail:mypass@gmail.com"; }; }; }; diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 62d4f45..9c2e611 100755 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -32,6 +32,14 @@ jallen-nas: wireguard: private: ENC[AES256_GCM,data:/nOkn5nMrEEeKi1ySo9fAp+r1lQL02k0FZA99hUIKq7THvVWNaQ/Z6paoJU=,iv:iCTfGSdjJ0wMwv/34dv2ygKSm3qAJq6czOErMaFqHtg=,tag:EJZzBlVB5FSvveo5MWtC1g==,type:str] public: ENC[AES256_GCM,data:rOmyhwpolxNV2JroLdh90gYAuCGNZu/gY5NBxkHHNJ+qEblmDsom9alNHMQ=,iv:bF+XCO9lPHopLCEILTT4gA349d/Sa5qReSKN70EA3d4=,tag:Yx2TL/37n5Uohlwnlx97vg==,type:str] + free-games: + eg-email: ENC[AES256_GCM,data:rWkO7hNn14VhHmgSXAYYEYLYtsaDE28=,iv:lTDG2L0LNb//qRuTUfXJkLp+MuDND+3lLdbfRZAYZO4=,tag:s/kH16mMr820nRzDTSt3fw==,type:str] + eg-pass: ENC[AES256_GCM,data:5mXYVO9frIj3YKkcEzFsOOjaQq0=,iv:fsJFZBg0JO4ilLQxCJFT/8Tjrv5g5Z5Vnk4nwu0nmQE=,tag:LgFIzoQMgje0x19HMp4SXA==,type:str] + eg-otp: ENC[AES256_GCM,data:lHFkMaFpXArXTaEifqQK1sdgs+t13PvXR+QD3AdeGMR4tIhgJ7NoLDJaffj+370ULjMznA==,iv:2Pf2gFdIKiKpbe0mog60yeGl+9Q1E7XmviYuuN9qFzs=,tag:5g1/uIs6EzwOB1K8CxJBcA==,type:str] + pg-email: ENC[AES256_GCM,data:Y2HKyBYtTSQt6rlqVw9jL2ut,iv:EnKpQnPFZDf2ent1oqDMgIMMW9YKqvAtdb9A4c5Z5XM=,tag:KRBwlleoRKGPjMe+Ecmctw==,type:str] + pg-pass: ENC[AES256_GCM,data:Xh8OM8GqSRE4VO8=,iv:sjVVjufk/dgvlYdp9drdtU1ogEE092bClI3kymtwWho=,tag:g1McB9hn66vRmv8q5bx0aA==,type:str] + gog-email: ENC[AES256_GCM,data:83cNvZgdkTyt8g9KxndzWFQuDl72Xl0=,iv:I7WUC+NKURh/Yi1s9c085dA5zBeRGJ7RWmrABN1spQY=,tag:CRswW9qRG/gHgOM7RdbwFQ==,type:str] + gog-pass: ENC[AES256_GCM,data:KhBcmXQfJMCqiCQ=,iv:+wJgrCS26luCJyeKNbDOPXBbxXtDbED5of3VWM5dDSg=,tag:El++owy9uegGZ9xDP2aYZw==,type:str] nix-serve: cache-priv-key-pem: ENC[AES256_GCM,data:PkScK3BDIT9YEh3dxnZDu98ofVzUInCU+3CDcAkIPB19mb4IdaCEEGF6op9afQlHfQBEQ0CEOhpzmko23rUKYSiCACA7lviaZRLIrGzR52SuMrzVQklEOJXxpr4i664vVX+MLnUf86u1g3Yp,iv:+0Xbq7+glJaCdeJk3xRIqYND77Qs2m3EWTDpe8EUx+o=,tag:dyS/hYnsDUQSvlOQXkbjqw==,type:str] cache-pub-key-pem: ENC[AES256_GCM,data:AUC8wUnUKGGqnISgPYS0XyvtLRiaBAv9z+Rva9+eqRdsY1ltdEm2oBeQ8zaTyjtG+Y+5RG9MbEj18OB9sMK/Tg==,iv:2Uv8XLyKwfxzWDGOxc533kj4OqwzDttLwq1nH4I1yWA=,tag:j66BtAyXSayxEqk4VQ1e2g==,type:str] @@ -45,6 +53,7 @@ desktop: restic: user: ENC[AES256_GCM,data:ccJZWRM=,iv:fExPV4GW2aIDfJ12OCOmDYGAzRGhOu+mcRcKXSfqQME=,tag:MVRsGgbfW4tmnAmQP4e1Dw==,type:str] password: ENC[AES256_GCM,data:CjEpTwCAOoIdlb8=,iv:loIX/SmckPIhn9tcIs/eRAbHrbrDe42GeltgwOCo5YE=,tag:F672YtNS1z+9DOewM/7pHQ==,type:str] + repo: ENC[AES256_GCM,data:miXYdziysHNekZpmOFMHVjY+ZJX7hukeNRCAGCxPrp8q5EN+REjpYTKx/CA=,iv:80dnVJPKw+vUFYE21APMwO971g+zCYWqyeuyi4xI8X0=,tag:3gsRS8yE1d/PMSrYcM6UtA==,type:str] system-ed25519-pub: ENC[AES256_GCM,data:MGTQrs94jUI+CrOf/zAes0YZdj9DZxYMRnaKdWRCPLPPVPKX2CAO6V81CS2zJF/OdBUWQ7Sdm4Ay2mOMZTqKFWfzZAxWiJ955pQ7IFWKs4XgQ35j5S1W1NIbTv2ON+c0,iv:8+I+VXPpNYTAbXIr3kGJZKvHce55JH5f5glFRiSE1ac=,tag:TmV/T1R5Qp2WSSm1XwZf7w==,type:str] system-ed25519-priv: ENC[AES256_GCM,data:zybeelXlF5nCxZvaOa9V0txc5JUergAv0vyp9YaVozNbT8JfCvRl69h9/NVCOIsucp0TJtnCD2FUYQpPVjVQ4d4F5kWjhQ0MN1PUMUTslLGBY1YKWKY3DRBJFdAgzibgA/5Tn6V8NHLaIoJON9yXXE/glucFj2G+cGIcIV8AAVi1DMFPajZ87p0LFKHe4gBMA1D08qEVSRwfCp3ZiF/THfszN+agxL2+tqfSuNG4sNucojs9y6jlZEw0vEDRVlXzVACSFq35IcKL7AVnabGY/s1Xm+NrtEqtC10MOVhRerZ1i8U6mVssVnu8XFWC/KHOghfODq761bEATts8tePumoDt1RkEyY5fDi0xC0XY1F6JB+1pPKf+BrdtwsZ1Q16YCWOsXX86X4d0EB364vESGhV4sBIvmAcLvO11FAw9RnOXb2XwcAa5iJTAk+qw8H3yNo9lThq7qygl1QnVkHlR8V9fP1Hvs0bbd9/JaMmZ7J6WTkW9zN3kO6rP6K9v7+H2iwnHphc+hdCAeb4NEJ514/Boq4/Nqeov5KnY,iv:6HQJVFhzzs5gDOp57cu2rW01qvLz0ee/iMnkOF5coFQ=,tag:mrENCKBHpMB+WImThj2/yg==,type:str] system-rsa-pub: ENC[AES256_GCM,data:h6AJEB3k1mhVd2afsov5GkFmJ9iFkAW5iSQpFojFBa4Vup3LkpYKv+sbOaWLTib2Triy2muheU7MD9FsMLa7oTUTvrF2WKL5fKmSExveRP6TQCM/3Yc+no0H3eX2Quh80xWwlAxXiiSFxsqemw3J8Kc5+l/VFQ0+XJcuhErkqe3IaDDJePqxALRJgCbPyZFDw7m0RcaZieMLzs7AvO6I4n/OMXwFmed47lkKsFgeQWKlF6eTYzlObjPbvZNOmUSLqm44t5f90DXjXun8Wxc8RN00HKI6NeU0wChx4xHxdgFYimPn+Aa2peuS8L+Xr8TMKcymUuIa0FREh7yClnoLYbjvMmScBtXrWUu8K0xC87BR+bJMbBnJsm3NDzY9W1a/sPYW6DEai6qQh00OZpp1ONPn7XXOjHF77z9NtO+eErlec2FZH+XKVxmhBe3soDF9k+MmRTmc5g6UbtlQPC9k5EsnAIrnSUP33K4MPJ9Y6o/XBLOhvSw1HR12fX+5oVuwSXe4usyJThFrm6MAk83BSCQ06/GP9kl87x0Gs0DVoXnV5tej1kOsb2fd76vV0oWFh417ROld3/L9KWZU0xKgAXCvC1k+uAeFa7wclDuK/vdtbTl0xKfsYCptmm0Ug9RmCvI4xPysP7OJZCk7FoiJtGCGUYE647Afro9EpaqxGksw6nDFcfw/Ht3Lyzht/ry4S5GDZFvxrnuzmvK5/BgscxS38kND960i/puf1RCBpL4UDfJnkacgPUC/BmgZoRaRSKGmymUqmSinr2HgCQVPXLeyAl4myx+a2U0W8WMW1S6TjEtfKQKyxrr8y8gDOMBYwxBnpy+P30z7NxzDQkyRjNGTwKDncQL3j8vD+Rn3fm0hsdn3nbf+7X4lYd8TTdR1JujkCPUclexf7komJJFvaQVHyUQKSZk/57NNLIHpYsllM8SYMDYfVl+ND3sFfcMQzuOQ/RXOPuN4ZXT/dwnOY6kPN8Y=,iv:v6SDGVU8wK1e1KjhPmKbrzjkgMqM021SeHXwaNlVG7c=,tag:tWI6nhKwYuCa1SEx5ZUInA==,type:str] @@ -135,8 +144,8 @@ sops: TWRvYVZ5eklJQU81SzBVZ1BBbENuTkEKwMTa1cAH3sNm2npVhQ/dDl5M7Q8T3vOx 9slEt5EVUgqaJVhVr9AM9aAhghWJa5i5+Eh628C6p53XFxrO+6zUYA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-19T23:13:06Z" - mac: ENC[AES256_GCM,data:9T5Q5sPNGfYgJ53RHMsWCTRCszfu9JYBQGsSAR6JrREt5gnl9XALknUqhs1+NjOanRguX4C0R1d7XDCMMZi8WU4+TiQk1MzlEMS5CDX4YGKm/hUY2e1PqW9FU2mjMqsgmh1ak7B51q6mNdOShtxvRjaLf8TLY4Aps6Z0XsnPZgE=,iv:VyYeNwCN3k6czVZ3Pw829W2ezQ1hONe9gDrodTEggWE=,tag:pkHvPBH4DT2z7l8kEz7LrQ==,type:str] + lastmodified: "2025-03-21T02:08:05Z" + mac: ENC[AES256_GCM,data:SCRRxSx/vqoyCUz/ZqRkeukMBQGqkWbnXEqyRS755EQLUBoSOQl0wVb073VOHnX+DMBVljZUjYqvqG5Kunt88qR2bSMg3dc55lJZgDebvUzp1aKn6Xasf458qTvr9H7mUFFIioz/hTuNucwDlL4PaSDw3HItCifD+lvvhU6VGnI=,iv:6sVMivsXDSI9x8eo90v1VHNiV+qXAdwe3g+ZM/gDMRk=,tag:pVKG8caLQCCE46JRMxUv5w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4