fixed sops

2026-03-08 15:06:11 -05:00
parent 8b8edf9211
commit a049bd539a
2 changed files with 31 additions and 11 deletions
--- a/modules/home-manager/programs/sops.nix
+++ b/modules/home-manager/programs/sops.nix
@@ -35,7 +35,9 @@ in
      (writeShellScriptBin "ls-secrets" "exec ${lib.getExe pkgs.eza} -alT --follow-symlinks ~/.config/sops-nix/secrets")
    ];

-    programs.zsh.shellAliases.sops = "exec ${sopsBin} --config ${sopsConfigPath}";
+    home.shellAliases = {
+      sops = "${sopsBin} --config ${sopsConfigPath}";
+    };

    imports = [
      # This import makes the sops config attribute available below
@@ -51,15 +53,13 @@ in
    sops = {
      defaultSopsFile = "${sopsSecretsPath}";
      defaultSopsFormat = "yaml";
-
-      # Not sure any of these are necessary
-      # age.sshKeyPaths = [ "${config.sshIdentityFile}" ];
+      age.sshKeyPaths = [ "${config.ssh.IdentityFile}" ];
      # age.keyFile = "${ageKeyFile}";
      # age.generateKey = true;

-      # secrets."api/gmail_client_secret" = {
-      #   path = "${config.xdg.configHome}/resticprofile/dendrite.txt";
-      # };
+      secrets."api/gmail_client_secret" = {
+        path = "${config.xdg.configHome}/resticprofile/dendrite.txt";
+      };

      templates."gmail_creds" = {
        path = "${config.xdg.configHome}/sops-nix/gmail_api_credentials.json";
--- a/modules/hosts/john-pc-ubuntu.nix
+++ b/modules/hosts/john-pc-ubuntu.nix
@@ -19,7 +19,7 @@
 			inputs.self.homeModules."john-pc-ubuntu"

      # Include another inline module to set the options created through the jsl-home modules
-      {
+      ({ config, ... }: {
        homeManagerFlakeDir = "~/.config/home-manager/jsl-dendritic";
        docker.enable = true;
        ssh.matchSets = {
@@ -28,8 +28,28 @@
          homelab = true;
        };
 				shell.program = "zsh";
-				programs.resticprofile.enable = true;
-      }
+				sops.secrets."restic_password/john_ubuntu" = {
+					path = "${config.xdg.configHome}/resticprofile/password.txt";
+				};
+				programs.resticprofile = {
+					enable= true;
+					profiles = {
+						default = {
+							"inherit" = "base";
+							repository = "rest:https://soteria.john-stream.com/john-ubuntu";
+							cacert = "${config.home.homeDirectory}/.step/certs/root_ca.crt";
+							tls-client-cert = "${config.home.homeDirectory}/.step/certs/mtls.pem";
+							backup = {
+								source = [
+									"${config.xdg.userDirs.documents}"
+									"/conf"
+								];
+								schedule = "*-*-* *:15,30,45:00";
+							};
+						};
+					};
+				};
+      })
 		];
 	};
 }