From 0447eb645a849944f7def07186a69bc91f1ec9d6 Mon Sep 17 00:00:00 2001
From: Daylin Morgan <me@dayl.in>
Date: Thu, 28 Nov 2024 18:53:31 -0600
Subject: [PATCH] add a secret

---
 hosts/othalan/default.nix  | 12 +++++++--
 hosts/othalan/services.nix | 52 ++++++++++++++++++++------------------
 2 files changed, 38 insertions(+), 26 deletions(-)

diff --git a/hosts/othalan/default.nix b/hosts/othalan/default.nix
index 3cb538e..8ba5757 100644
--- a/hosts/othalan/default.nix
+++ b/hosts/othalan/default.nix
@@ -2,6 +2,7 @@
   enabled,
   enableAttrs,
   listify,
+  config,
   ...
 }:
 {
@@ -28,6 +29,13 @@
 
   sops.defaultSopsFile = ./secrets.yaml;
   # This will automatically import SSH keys as age keys
-  sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
-  sops.secrets.restic-othalan = {};
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  sops.secrets.restic-othalan = {
+    # Permission modes are in octal representation (same as chmod),
+    mode = "0440";
+    # It is recommended to get the group/name name from
+    # `config.users.users.<?name>.{name,group}` to avoid misconfiguration
+    owner = config.users.users.daylin.name;
+    group = config.users.users.daylin.group;
+  };
 }
diff --git a/hosts/othalan/services.nix b/hosts/othalan/services.nix
index f7ba100..5edb8b8 100644
--- a/hosts/othalan/services.nix
+++ b/hosts/othalan/services.nix
@@ -1,35 +1,39 @@
-{ pkgs, ... }:
-let
-  notes-git = ''${pkgs.git}/bin/git -C /home/daylin/stuff/notes'';
-in
+{
+  config,
+#  pkgs,
+  ...
+}:
+# let
+#   notes-git = ''${pkgs.git}/bin/git -C /home/daylin/stuff/notes'';
+# in
 {
   services.restic.backups.gdrive = {
     user = "daylin";
     repository = "rclone:g:archives/othalan";
-    passwordFile = "/home/daylin/.config/restic/othalan-pass";
+    passwordFile = config.sops.secrets.restic-othalan.path;
     paths = [
       "/home/daylin/stuff/"
       "/home/daylin/dev/"
     ];
   };
 
-  systemd.services.notes-bot = {
-    description = "auto commit changes to notes";
-    serviceConfig = {
-      Type = "oneshot";
-      User = "daylin";
-      ExecStart = ''
-        ${pkgs.bash}/bin/bash -c '${notes-git} commit -m ":memo: :robot: $(${pkgs.coreutils}/bin/date +\'%%T\')" --no-gpg-sign -- notes'
-      '';
-    };
-  };
-  systemd.timers.notes-bot-timer = {
-    description = "run notes commit service";
-    wantedBy = [ "timers.target" ];
-    timerConfig = {
-      OnCalendar = "daily";
-      Persistent = true;
-      Unit = "notes-bot.service";
-    };
-  };
+  # systemd.services.notes-bot = {
+  #   description = "auto commit changes to notes";
+  #   serviceConfig = {
+  #     Type = "oneshot";
+  #     User = "daylin";
+  #     ExecStart = ''
+  #       ${pkgs.bash}/bin/bash -c '${notes-git} commit -m ":memo: :robot: $(${pkgs.coreutils}/bin/date +\'%%T\')" --no-gpg-sign -- notes'
+  #     '';
+  #   };
+  # };
+  # systemd.timers.notes-bot-timer = {
+  #   description = "run notes commit service";
+  #   wantedBy = [ "timers.target" ];
+  #   timerConfig = {
+  #     OnCalendar = "daily";
+  #     Persistent = true;
+  #     Unit = "notes-bot.service";
+  #   };
+  # };
 }