add a secret

2024-12-21 21:50:43 -06:00 · 2024-11-28 18:53:31 -06:00 · 2024-11-28 18:53:31 -06:00 · 0447eb645a
commit 0447eb645a
parent f29fcf634b
2 changed files with 38 additions and 26 deletions
--- a/hosts/othalan/default.nix
+++ b/hosts/othalan/default.nix
@ -2,6 +2,7 @@
  enabled,
  enableAttrs,
  listify,
+  config,
  ...
 }:
 {
@ -29,5 +30,12 @@
  sops.defaultSopsFile = ./secrets.yaml;
  # This will automatically import SSH keys as age keys
  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
-  sops.secrets.restic-othalan = {};
+  sops.secrets.restic-othalan = {
+    # Permission modes are in octal representation (same as chmod),
+    mode = "0440";
+    # It is recommended to get the group/name name from
+    # `config.users.users.<?name>.{name,group}` to avoid misconfiguration
+    owner = config.users.users.daylin.name;
+    group = config.users.users.daylin.group;
+  };
 }
--- a/hosts/othalan/services.nix
+++ b/hosts/othalan/services.nix
@ -1,35 +1,39 @@
-{ pkgs, ... }:
-let
-  notes-git = ''${pkgs.git}/bin/git -C /home/daylin/stuff/notes'';
-in
+{
+  config,
+#  pkgs,
+  ...
+}:
+# let
+#   notes-git = ''${pkgs.git}/bin/git -C /home/daylin/stuff/notes'';
+# in
 {
  services.restic.backups.gdrive = {
    user = "daylin";
    repository = "rclone:g:archives/othalan";
-    passwordFile = "/home/daylin/.config/restic/othalan-pass";
+    passwordFile = config.sops.secrets.restic-othalan.path;
    paths = [
      "/home/daylin/stuff/"
      "/home/daylin/dev/"
    ];
  };

-  systemd.services.notes-bot = {
-    description = "auto commit changes to notes";
-    serviceConfig = {
-      Type = "oneshot";
-      User = "daylin";
-      ExecStart = ''
-        ${pkgs.bash}/bin/bash -c '${notes-git} commit -m ":memo: :robot: $(${pkgs.coreutils}/bin/date +\'%%T\')" --no-gpg-sign -- notes'
-      '';
-    };
-  };
-  systemd.timers.notes-bot-timer = {
-    description = "run notes commit service";
-    wantedBy = [ "timers.target" ];
-    timerConfig = {
-      OnCalendar = "daily";
-      Persistent = true;
-      Unit = "notes-bot.service";
-    };
-  };
+  # systemd.services.notes-bot = {
+  #   description = "auto commit changes to notes";
+  #   serviceConfig = {
+  #     Type = "oneshot";
+  #     User = "daylin";
+  #     ExecStart = ''
+  #       ${pkgs.bash}/bin/bash -c '${notes-git} commit -m ":memo: :robot: $(${pkgs.coreutils}/bin/date +\'%%T\')" --no-gpg-sign -- notes'
+  #     '';
+  #   };
+  # };
+  # systemd.timers.notes-bot-timer = {
+  #   description = "run notes commit service";
+  #   wantedBy = [ "timers.target" ];
+  #   timerConfig = {
+  #     OnCalendar = "daily";
+  #     Persistent = true;
+  #     Unit = "notes-bot.service";
+  #   };
+  # };
 }