chore: comment out sops stuff - for now

2025-10-12 18:53:39 -03:00 · 2025-10-12 18:53:39 -03:00 · 6f7b69d96d
commit 6f7b69d96d
parent 3d5554a8bf
11 changed files with 152 additions and 31 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -1,6 +0,0 @@
-*.otf filter=lfs diff=lfs merge=lfs -text
-*.png filter=lfs diff=lfs merge=lfs -text
-*.jpg filter=lfs diff=lfs merge=lfs -text
-*.jpeg filter=lfs diff=lfs merge=lfs -text
-*.iso filter=lfs diff=lfs merge=lfs -text
-*.zip filter=lfs diff=lfs merge=lfs -text
--- a/.gitmodules
+++ b/.gitmodules
@ -1,3 +0,0 @@
-[submodule "secrets"]
-	path = secrets
-	url = git@git.sr.ht:~sposito/secrets
--- a/flake.lock
+++ b/flake.lock
@ -67,11 +67,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1759169648,
-        "narHash": "sha256-AfiSm9bNd9Kop85zOr1mL8vb5rA1gbwDQs+Z+Rlxdwc=",
+        "lastModified": 1759967497,
+        "narHash": "sha256-PYD473Ef3v5HNyLKyWroskX87fl6ntgKrzqm+R2Duqo=",
        "ref": "refs/heads/main",
-        "rev": "4ab62010bb7c67e300d937d5f17707dd6f00b314",
-        "revCount": 2,
+        "rev": "f0fa9781aef42ecbcb280b625632e5933ed04d9f",
+        "revCount": 4,
        "type": "git",
        "url": "https://git.sr.ht/~sposito/icons"
      },
@ -175,7 +175,45 @@
        "home-manager": "home-manager",
        "icons": "icons",
        "nixpkgs": "nixpkgs",
-        "nixvim": "nixvim"
+        "nixvim": "nixvim",
+        "secrets": "secrets",
+        "sops-nix": "sops-nix"
+      }
+    },
+    "secrets": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1760062596,
+        "narHash": "sha256-nFyr+kOCo9PvdHa9JDTWtMRRqgfOqVUvBSfeyQzqDos=",
+        "ref": "refs/heads/main",
+        "rev": "621da7663ad8f975b98b1cdd5756f361e4f4cc05",
+        "revCount": 2,
+        "type": "git",
+        "url": "ssh://git@git.sr.ht/~sposito/secrets"
+      },
+      "original": {
+        "type": "git",
+        "url": "ssh://git@git.sr.ht/~sposito/secrets"
+      }
+    },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1759635238,
+        "narHash": "sha256-UvzKi02LMFP74csFfwLPAZ0mrE7k6EiYaKecplyX9Qk=",
+        "ref": "refs/heads/master",
+        "rev": "6e5a38e08a2c31ae687504196a230ae00ea95133",
+        "revCount": 1047,
+        "type": "git",
+        "url": "https://git.sr.ht/~sposito/sops-nix"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.sr.ht/~sposito/sops-nix"
      }
    },
    "systems": {
--- a/flake.nix
+++ b/flake.nix
@ -16,6 +16,14 @@
      url = "github:nix-community/nixvim";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+    sops-nix = {
+      url = "git+https://git.sr.ht/~sposito/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    secrets = {
+      url = "git+ssh://git@git.sr.ht/~sposito/secrets";
+      flake = false;
+    };
  };

  outputs =
@ -56,6 +64,8 @@
          extraSpecialArgs = {
            inherit inputs outputs;
            icons = inputs.icons;
+            sops = inputs.sops-nix;
+            secrets = inputs.secrets;
          };
          modules = [
            ./home-manager/home.nix
@ -66,6 +76,8 @@
          extraSpecialArgs = {
            inherit inputs outputs;
            icons = inputs.icons;
+            sops = inputs.sops-nix;
+            secrets = inputs.secrets;
          };

          modules = [
--- a/home-manager/backup.nix
+++ b/home-manager/backup.nix
@ -0,0 +1,40 @@
+{ config, lib, pkgs, sops, secrets, ... }:
+
+{
+  # --- sops secret integration ---
+  sops.secrets."rclone.conf" = {
+    sopsFile = secrets + "/rclone.yaml";
+    format = "yaml";
+  };
+
+  # --- user service ---
+  systemd.user.services."rclone-backup" = {
+    Unit = {
+      Description = "Encrypted rclone backup to Google Drive";
+      After = [ "network-online.target" ];
+    };
+
+    Service = {
+      Type = "oneshot";
+      ExecStart = ''
+        ${pkgs.rclone}/bin/rclone sync \
+          /home/thiago/Documents \
+          gcrypt:backup \
+          --config ${config.sops.secrets."rclone.conf".path} \
+          --log-file=${config.home.homeDirectory}/.local/share/rclone-backup.log \
+          --log-level INFO
+      '';
+    };
+  };
+
+  # --- timer (every 6 h) ---
+  systemd.user.timers."rclone-backup" = {
+    Unit.Description = "Periodic encrypted backup to Google Drive";
+    Timer = {
+      OnBootSec = "10m";
+      OnUnitActiveSec = "6h";
+      Persistent = true;
+    };
+    Install.WantedBy = [ "timers.target" ];
+  };
+}
--- a/home-manager/home.nix
+++ b/home-manager/home.nix
@ -5,6 +5,7 @@
 }:
 {
  imports = [
+#   ./backup.nix
    ./custom.nix
    ./gnome
    ./icons.nix
@ -130,4 +131,10 @@

  systemd.user.startServices = "sd-switch";
  home.stateVersion = "25.11";
+
+  # sops configuration
+ # sops = {
+ #   age.keyFile = "/home/thiago/.config/sops/age/keys.txt";
+ #   gnupg.home = "/home/thiago/.gnupg";
+ # };
 }
--- a/home-manager/icons.nix
+++ b/home-manager/icons.nix
@ -2,16 +2,30 @@
 {
  home.packages = [ icons.packages.${pkgs.system}.default ];

-  xdg.desktopEntries.kitty = {
-    name = "Kitty";
-    exec = "kitty";
-    icon = "${
-      icons.packages.${pkgs.system}.default
-    }/share/icons/hicolor/scalable/apps/custom/kitty.svg";
-    terminal = false;
-    categories = [
-      "System"
-      "TerminalEmulator"
-    ];
+  xdg.desktopEntries = {
+    kitty = {
+      name = "Kitty";
+      exec = "kitty";
+      icon = "${
+        icons.packages.${pkgs.system}.default
+      }/share/icons/hicolor/scalable/apps/custom/kitty.svg";
+      terminal = false;
+      categories = [
+        "System"
+        "TerminalEmulator"
+      ];
+    };
+    xterm = {
+      name = "UXTerm";
+      exec = "uxterm";
+      icon = "${
+        icons.packages.${pkgs.system}.default
+      }/share/icons/hicolor/scalable/apps/custom/mini.xterm.svg";
+      terminal = false;
+      categories = [
+        "System"
+        "TerminalEmulator"
+      ];
+    };
  };
 }
--- a/hosts/Nixstation/default.nix
+++ b/hosts/Nixstation/default.nix
@ -93,7 +93,7 @@
    };

    avahi = {
-      enable = true;
+      enable = false;
      nssmdns4 = true;
      openFirewall = true;
      extraConfig = ''
--- a/hosts/common/network.nix
+++ b/hosts/common/network.nix
@ -1,21 +1,38 @@
 { pkgs, ... }:
 {
+  environment.systemPackages = [ pkgs.opensnitch-ui ];
  networking = {
    networkmanager.enable = true;

    firewall = {
      enable = true;
      allowPing = true;
-      allowedTCPPorts = [ 2375 4780 11470 25565 ];
-      allowedUDPPorts = [ 3478 41641 8888 8899 ];
+      allowedTCPPorts = [
+        2375
+        4780
+        11470
+        25565
+      ];
+      allowedUDPPorts = [
+        3478
+        41641
+        8888
+        8899
+      ];
    };
  };

  services = {
+    opensnitch = {
+      enable = true;
+    };
    tailscale = {
      enable = true;
      useRoutingFeatures = "client";
-      extraUpFlags = [ "--accept-dns=false" "--reset" ];
+      extraUpFlags = [
+        "--accept-dns=false"
+        "--reset"
+      ];
    };
    openssh.enable = true;
    # openssh.settings.X11Forwarding = true;
@ -58,7 +75,10 @@
    services.docker.serviceConfig = {
      StandardOutput = "journal";
      StandardError = "journal";
-      logFilterPatterns = [ ".*skip loading plugin.*" "skip plugin" ];
+      logFilterPatterns = [
+        ".*skip loading plugin.*"
+        "skip plugin"
+      ];
    };
    tmpfiles.rules = [
      "d /usr/local/share/polkit-1 0755 root root -"
--- a/hosts/husky.nix
+++ b/hosts/husky.nix
--- a/1
+++ b/1
@ -1 +0,0 @@
-Subproject commit b9fbd96fec611e4c85a129150a2d0e01242be6b2
				`@ -1 +0,0 @@`
				`Subproject commit b9fbd96fec611e4c85a129150a2d0e01242be6b2`