add a secret

This commit is contained in:
Daylin Morgan 2024-11-28 18:53:31 -06:00
parent f29fcf634b
commit 0447eb645a
Signed by: daylin
GPG key ID: 950D13E9719334AD
2 changed files with 38 additions and 26 deletions

View file

@ -2,6 +2,7 @@
enabled, enabled,
enableAttrs, enableAttrs,
listify, listify,
config,
... ...
}: }:
{ {
@ -29,5 +30,12 @@
sops.defaultSopsFile = ./secrets.yaml; sops.defaultSopsFile = ./secrets.yaml;
# This will automatically import SSH keys as age keys # This will automatically import SSH keys as age keys
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.secrets.restic-othalan = {}; sops.secrets.restic-othalan = {
# Permission modes are in octal representation (same as chmod),
mode = "0440";
# It is recommended to get the group/name name from
# `config.users.users.<?name>.{name,group}` to avoid misconfiguration
owner = config.users.users.daylin.name;
group = config.users.users.daylin.group;
};
} }

View file

@ -1,35 +1,39 @@
{ pkgs, ... }: {
let config,
notes-git = ''${pkgs.git}/bin/git -C /home/daylin/stuff/notes''; # pkgs,
in ...
}:
# let
# notes-git = ''${pkgs.git}/bin/git -C /home/daylin/stuff/notes'';
# in
{ {
services.restic.backups.gdrive = { services.restic.backups.gdrive = {
user = "daylin"; user = "daylin";
repository = "rclone:g:archives/othalan"; repository = "rclone:g:archives/othalan";
passwordFile = "/home/daylin/.config/restic/othalan-pass"; passwordFile = config.sops.secrets.restic-othalan.path;
paths = [ paths = [
"/home/daylin/stuff/" "/home/daylin/stuff/"
"/home/daylin/dev/" "/home/daylin/dev/"
]; ];
}; };
systemd.services.notes-bot = { # systemd.services.notes-bot = {
description = "auto commit changes to notes"; # description = "auto commit changes to notes";
serviceConfig = { # serviceConfig = {
Type = "oneshot"; # Type = "oneshot";
User = "daylin"; # User = "daylin";
ExecStart = '' # ExecStart = ''
${pkgs.bash}/bin/bash -c '${notes-git} commit -m ":memo: :robot: $(${pkgs.coreutils}/bin/date +\'%%T\')" --no-gpg-sign -- notes' # ${pkgs.bash}/bin/bash -c '${notes-git} commit -m ":memo: :robot: $(${pkgs.coreutils}/bin/date +\'%%T\')" --no-gpg-sign -- notes'
''; # '';
}; # };
}; # };
systemd.timers.notes-bot-timer = { # systemd.timers.notes-bot-timer = {
description = "run notes commit service"; # description = "run notes commit service";
wantedBy = [ "timers.target" ]; # wantedBy = [ "timers.target" ];
timerConfig = { # timerConfig = {
OnCalendar = "daily"; # OnCalendar = "daily";
Persistent = true; # Persistent = true;
Unit = "notes-bot.service"; # Unit = "notes-bot.service";
}; # };
}; # };
} }