diff --git a/.sops.yaml b/.sops.yaml index ee2563e..749ef4a 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -10,3 +10,10 @@ creation_rules: - *muon - *muho - *mups + + - path_regex: modules/home/sops/secrets.ya?ml$ + key_groups: + - age: + - *muon + - *muho + - *mups diff --git a/modules/home/default.nix b/modules/home/default.nix index 75a140b..3d311d6 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -5,6 +5,7 @@ in { imports = [ ./terminal ./desktop + ./sops ./xdg.nix ]; diff --git a/modules/home/desktop/i3.nix b/modules/home/desktop/i3.nix index 74f6e25..9e33ebc 100644 --- a/modules/home/desktop/i3.nix +++ b/modules/home/desktop/i3.nix @@ -1,7 +1,21 @@ -{ pkgs, lib, config, osConfig, ... }: { - options.mods.i3.enable = lib.mkEnableOption "enables i3"; +{ pkgs, lib, config, osConfig, ... }: +let + fsss = with pkgs; + writeShellApplication { + name = "fsss"; + runtimeInputs = [ flameshot curl xsel ]; + text = '' + flameshot gui -r -s > /tmp/ss.png;if [ ! -s /tmp/ss.png ]; then + exit 1 + fi + AUTH=$(cat ${config.sops.secrets.zipline-auth.path}) + curl -H "authorization: $AUTH" https://share.muon.host/api/upload -F file=@/tmp/ss.png -H "Content-Type: multipart/form-data" -H "Format: date" -H "Image-Compression-Percent: 90" -H "No-JSON: true" | tr -d '\n' | xsel -ib; + ''; + }; +in with lib; { + options.mods.i3.enable = mkEnableOption "enables i3"; - config = lib.mkIf config.mods.i3.enable { + config = mkIf config.mods.i3.enable { services.unclutter.enable = true; programs.rofi.enable = true; @@ -68,7 +82,7 @@ # -> keys: [string] -> values: [string] # -> keybindings: attrSet { string -> string } zipBinds = comb: action: keys: values: - (builtins.listToAttrs (lib.zipListsWith (k: v: { + (builtins.listToAttrs (zipListsWith (k: v: { name = "${modifier}${comb}${k}"; value = "${action} ${v}"; }) keys values)); @@ -76,9 +90,9 @@ moveKeys = [ "h" "j" "k" "l" ]; moveDirs = [ "left" "down" "up" "right" ]; - workspKeys = genSpaces (x: lib.mod (x + 1) wsAmount); + workspKeys = genSpaces (x: mod (x + 1) wsAmount); - in lib.mkOptionDefault ((zipBinds "+" "focus" moveKeys moveDirs) + in mkOptionDefault ((zipBinds "+" "focus" moveKeys moveDirs) // (zipBinds "+Shift+" "move" moveKeys moveDirs) // (zipBinds "+" "workspace number" workspKeys workspaces) // (zipBinds "+Shift+" "move container to workspace number" workspKeys @@ -87,6 +101,7 @@ "exec --no-startup-id pactl set-sink-volume 0 +2%"; "XF86AudioLowerVolume" = "exec --no-startup-id pactl set-sink-volume 0 -2%"; + "Print" = "exec ${getExe fsss}"; }); bars = let @@ -96,7 +111,7 @@ mode = "dock"; hiddenState = "hide"; position = "bottom"; - statusCommand = "${lib.getExe pkgs.i3status-rust} ${status_conf}"; + statusCommand = "${getExe pkgs.i3status-rust} ${status_conf}"; command = "${pkgs.i3}/bin/i3bar"; workspaceButtons = true; workspaceNumbers = true; diff --git a/modules/home/desktop/productivity.nix b/modules/home/desktop/productivity.nix index c478044..96ecdec 100644 --- a/modules/home/desktop/productivity.nix +++ b/modules/home/desktop/productivity.nix @@ -38,7 +38,7 @@ in with lib; { programs.zsh.sessionVariables.BROWSER = "librewolf"; services.flameshot = { - enable = true; + enable = false; settings = { General = { disabledTrayIcon = true; diff --git a/modules/home/sops/default.nix b/modules/home/sops/default.nix new file mode 100644 index 0000000..4bfb885 --- /dev/null +++ b/modules/home/sops/default.nix @@ -0,0 +1,10 @@ +{ pkgs, lib, config, inputs, system, ... }: +let cfg = config.mods; +in with lib; { + imports = [ inputs.sops-nix.homeManagerModules.sops ]; + sops = { + age.keyFile = "/home/muon/.config/sops/age/keys.txt"; + defaultSopsFile = ./secrets.yaml; + secrets.zipline-auth = { }; + }; +} diff --git a/modules/home/sops/secrets.yaml b/modules/home/sops/secrets.yaml new file mode 100644 index 0000000..cc797d4 --- /dev/null +++ b/modules/home/sops/secrets.yaml @@ -0,0 +1,39 @@ +zipline-auth: ENC[AES256_GCM,data:RkJI6GuH7RzdcSlKn32gMGojjB6rkdDcnNUvsi/BTfJk2slzoktAaJPzQA==,iv:LIiB3tyqXf/D64aIDSo0AyG3imvI6ZE893KBPlYFr28=,tag:wl8spMBwzfvuKA+Y6JnVyQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1m97a3eptxwpdd7h5kkqe9gkmhg6rquc64qjmlsfqfhfqv8q72crqrylhgc + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZdno1QTVQci94M083c01O + MzlHZnhOb3BxNFBtSE9YWUcySmNNL0ovbHdvCmF3K1dVMFN2REs0Wm5JODgyVSt1 + aGJGODRZWllaeHd3Y2tHcXNxN01WelUKLS0tIElqaENucWgzcytSRlE3YThjRTda + bC9hQXVTSU9yYU0xTlE1QVYyclp4L28KlAWVfsSmIHxbjsgRggmEzBk79aFem93d + dwCuAzM95eRDPB0pnhgROa0f9uiAUDdrtfWRrGVvIVzCKL0DPCPA5w== + -----END AGE ENCRYPTED FILE----- + - recipient: age1v4s4hg7u3vjjkarvrk7v6ev7w3wja2r5xm7f4t06culw3fuq7qns8sfju7 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpcFJ6ejRkQnQwSUtLY2d4 + Sm1QL3RDQmtieDZ3T1Z2Z2RFR25HTmxPNERVCmM3TW1wSW05bkxJenUxQjF2S3Br + bDNpK3V4RnFnYVFaRXM3NEhFTmZiZVkKLS0tIGJxVnpEZ2FUK0JDUmp3UjRBUGhV + MEVmRjM2elE3MHRXQ0FURW1PSlRKL3cKcPYPd6fLVZpxMK/A9dR144irkkmQW/hN + FdXlOWIV9f/I5qi1Lay6WQM67Z13kiNFOC/GSv/0Amu+Y1RmvedRgA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1n7qz2w3hkf7fcdv92kxw9k6uef487na2tlc87486rcjwj8lyfuws5q46gn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwYTRqV0E1MGNpMm45c1d5 + UU5Eem5QRC82NmFmTytHakljMFJXYWE1eVZZCmVtWGxVeVVFUWlzSWZyZXd0V1Q4 + eEVQY2hndTI0aEo4bW9tMlk3M2k5cW8KLS0tIDV2RU9vdkgrdDhTMkpYZkV6aXd4 + cThxTVpmcEMrcG9Lczd3dkdyQ0paSHMKUfkx9jh7zIqBkUjxaH3dVKvNJG3Mipts + OjmJ5aVVIR5U8MhgSgECb22mGlOgW8SU/x4gxcWgafZwbv2vbON6OA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-19T20:01:35Z" + mac: ENC[AES256_GCM,data:jG/1PmWEk8EMvor/QCEhxDzkRufVWCLdDnsfomVy9hbiOl9ndzCFjvMR2OXkxGsTHl8bGaYJ+DqAjtLvgZZW5l+F6HQmQcene1vNFH3DsrtiQ7TC3Lmov6PBND1XCkj3urwaT3zKoydHIuIdIWyo2/RSxyz8G8mQrn8QrKv5SJw=,iv:PIle2A4sd2hVarMIgYu9/obShMe8NnDbfe9FUL/p8HI=,tag:I/2Bt2L+a8ybJUc6Pv3yZw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/modules/nixos/sops/secrets.yaml b/modules/nixos/sops/secrets.yaml index b97b2a2..384fbbf 100644 --- a/modules/nixos/sops/secrets.yaml +++ b/modules/nixos/sops/secrets.yaml @@ -33,8 +33,8 @@ sops: cThxTVpmcEMrcG9Lczd3dkdyQ0paSHMKUfkx9jh7zIqBkUjxaH3dVKvNJG3Mipts OjmJ5aVVIR5U8MhgSgECb22mGlOgW8SU/x4gxcWgafZwbv2vbON6OA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-17T21:33:05Z" - mac: ENC[AES256_GCM,data:1rWVznPbKkLUES4PlHPsfrjGr6/q/RFm3+GUnn2hyixsfYRdTStoRjPglop/ma+6h9Yzwb0kkVYOFQDrGXmPFqtjbTjATqzRMo75bGNy+Ncs6f6zyEcZAnVk/MnPc7U0+PFRwkX6F4VnGQucZBDtE5/wpUYlhl2QB8x1Q3taCBk=,iv:2pRm+LGw+i5PR2I5xBqcmRctZUprWFCRZryuIyIH5rc=,tag:e9lnLyzp4wDHlbMsRNOAmw==,type:str] + lastmodified: "2025-01-19T19:59:53Z" + mac: ENC[AES256_GCM,data:6bOKL2CLWkezZKFQ/xvOwDDjf4uCd8vCdaahB9Mk9rPu9rLQSUbUrkI8dH1cOwHrVGAOHiIs3wA5jiZ15LUMLu2Hb/sL1WXKRbGAPpe1OiHEojzqof1DhcVbKp325eDOuzFwymAAI+UUrIyjpiXz/2TP0S8DlE2GrijKEiwrarc=,iv:86TLsmeJwRWBxbaA24wyrqSBBLRzTf7OFhKLnn6wOGc=,tag:gO75zauaNt0C4yu6v1iMWw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2