From e31c9b911dfffc872a4bb9c21362816e49a66404 Mon Sep 17 00:00:00 2001
From: John Lancaster <32917998+jsl12@users.noreply.github.com>
Date: Mon, 28 Jul 2025 19:20:40 -0500
Subject: [PATCH] sops key working

---
 .../base.nix}                                    |  9 ++++-----
 homeManagerModules/restic/resticprofile.nix      | 16 ++++++----------
 keys/secrets.yaml                                |  8 +++++---
 3 files changed, 15 insertions(+), 18 deletions(-)
 rename homeManagerModules/restic/{resticprofile-base.nix => profiles/base.nix} (73%)

diff --git a/homeManagerModules/restic/resticprofile-base.nix b/homeManagerModules/restic/profiles/base.nix
similarity index 73%
rename from homeManagerModules/restic/resticprofile-base.nix
rename to homeManagerModules/restic/profiles/base.nix
index e1b7447..6087fd7 100644
--- a/homeManagerModules/restic/resticprofile-base.nix
+++ b/homeManagerModules/restic/profiles/base.nix
@@ -1,9 +1,8 @@
-{ lib, ... }:
+{ lib, config, ... }:
 {
-  base = lib.mkDefault {
+  base = {
     repository = "local:/mnt/backup";
-    passwordFile = "password.txt";
-    source = [ "/home/john/Documents" ];
+    passwordFile = "${config.xdg.configHome}/resticprofile/password.txt";
     status-file = "{{ .ConfigDir }}/backup-status.json";
     retention = {
       after-backup = true;
@@ -14,7 +13,7 @@
     };
     backup = {
       verbose = true;
-      exclude-file = "{{ .ConfigDir }}/profiles/excludes";
+      # exclude-file = "{{ .ConfigDir }}/profiles/excludes";
       schedule-permission = "system";
       schedule-priority = "background";
       check-after = true;
diff --git a/homeManagerModules/restic/resticprofile.nix b/homeManagerModules/restic/resticprofile.nix
index 4605c9a..48c6179 100644
--- a/homeManagerModules/restic/resticprofile.nix
+++ b/homeManagerModules/restic/resticprofile.nix
@@ -4,6 +4,8 @@ let
   inherit (lib) mkEnableOption mkOption mkPackageOption mkIf types;
   cfg = config.programs.resticprofile;
   yamlFormat = pkgs.formats.yaml { };
+  baseProfile = import ./profiles/base.nix { inherit lib config; };
+  profiles = lib.recursiveUpdate baseProfile cfg.profiles;
 in {
   options.programs.resticprofile = {
     enable = mkEnableOption "Enable resticprofile (Restic backup profile manager)";
@@ -17,8 +19,6 @@ in {
       description = ''
         Multiple configuration files for resticprofile. Each attribute name
         becomes a YAML file under `$XDG_CONFIG_HOME/resticprofile/`.
-        This allows creating multiple files that can reference each other.
-        The contents of each profile will be merged with the base profile using `lib.mkMerge`.
       '';
       example = {
         common = {
@@ -41,13 +41,9 @@ in {
 
   config = mkIf cfg.enable {
     home.packages = [ cfg.package ];
-    xdg.configFile."resticprofile/profiles.yaml".source =
-      let
-        baseProfile = import ./resticprofile-base.nix { inherit lib; };
-      in
-        yamlFormat.generate "profiles" (lib.mkMerge [
-          baseProfile
-          cfg.profiles
-        ]);
+    xdg.configFile."resticprofile/profiles.yaml".source = yamlFormat.generate "profiles" {
+      version = "2";
+      profiles = profiles;
+    };
   };
 }
diff --git a/keys/secrets.yaml b/keys/secrets.yaml
index 71cea0d..e34bec8 100644
--- a/keys/secrets.yaml
+++ b/keys/secrets.yaml
@@ -1,4 +1,6 @@
-hello: ENC[AES256_GCM,data:4uC3/Tig8jP77fzue3w/gevs7yj61h3hF8bEMLPBlJakpna3G8DVAFOlyqEjOg==,iv:3LCkLVdAdMdo9cD/1usIYu/akZ5anpMlqciHrVcwOLU=,tag:sOSoPPxoippFJAusbtIuVQ==,type:str]
+restic_password:
+    john_ubuntu: ENC[AES256_GCM,data:Q4lUaFFDgoK9k4kQj7hSVKaFDGW0T+6V+OpFU5R528R3EKM7YJMgcFX+sK3mWl9XA4/6E1GeINpIqOpx+FP5Cf/8qt9sXBXCmXXSYdA4IH3RS6a1NkcIVjsTMvpn4q/fslCeYN4LB+r4pBGmdca105miqVun8J69cZGwjZ+wuxrMAP+mdnHdSUPycjNWJJzmEa3waQsygAi4A5cAN5sigOPBxe2pCTh/FEKoTgWmzHGJvcjrzuL6wNOpQrkMWwTsHCtbe9dyMP/fQpoBgYDT4W9Rd4XHhbrooje+g3x48EL1rkRIVVNRavpRUih/mjcdJGzzJ6jZmLLcc1f7SZIKZht7f+ZcdZl3rKQB+WanZgK/KAgKBRCrbIk2eeBZwkcRSw5kmGFU7x0azdIipJYj+3KHHQS5S2VW4j2tQG74xK3qaNJcSMjpKmdI1dHcPf0x2ILaDDV9Ts0H4GTOB2zO9iGy7x2tdPd4tugxxk5rr5rphTZL3lgUf0Ri/qMkJh9I8CsjUdvRycHeIEUZPmEVaIqJC2jrd2pBslis5VWD/6PHQBCob07d1fcpIYox4YXM3GcLg3OxiD8nZ7DTzGRMhciZtTKKWbBT8qzPud4ZQvDkT5l+XOpeM13wXFIMa13CwOzYeyWjycED0VQ/i3XRw9+9lg3cosfxaPdaFtv4MjV7Od62G/UJw3OxaQOHM2y24N+Q0pSBoTdDAFwDCH/kcqZji6ZrVTu4Rad8opcILJJcqC+pjegDvBtUdDz+G3/dFiS6m8RYIRb7qB5yEX/lCgzlECmRS2XP8uraNJ5NN8rtk0gdBtaI9/78YyAjLLGkjIcIR4uJA5buCZBR9jIdqf4f52fowbx18VPrwFXN2mYX6mPsKbDmaz0ILHq/I9n8bS/KM7gIQmTw/RAUwnmL4IRu8zHn6nmIqj6d8AkjYx7s6pG8OF8LgfhqZT7tdPKCd+n/HnYn1fZGSw26zHzPd4nKnVV1e3NYvX6CVwVycerGs9elOKtOI8GsrWYyXzJbfC+nWxbHKI/t6sxyzTBrHPR4r6l/CchQF+SfBs5aELKExe7h325qBB2y6EFdkbxTj1tPGqxttp9xJB1LUyNtwsEAkpD44JNqPxZCYHQbeVE3Oo3TYtRUSVWREc1WNIsfSG/anScYUhDEah9YyIdiG+O71QqegunusLoxmpF2rQtx7shtAvJV3skDBB0tFDoQyIV+yPo7kPV0D7Ig+Ba+mk5ASJrT9DXZ53Q2CCTLAuslU4MP7g22RX8rU3s2hFJq8m7wvMwpqa9Tr6O38i1wX4PhG1VRMM8EIlMQnLWWKmni6NbOYiRxFYJMioxH5SyE4ODQYXy5YIuLoRsX8VR6UqJ1GZb7sJf3M1aPOFOHzTN9hnziTRRe1KCMoBrAghrqhvL1VRr9X5PYMxnjBh6o0d5YTN0WOGD2iEVbCzqxFXcxQZBBp4KyNAAhFhGNw8WUp/rVoyCYn7+OEYFspY4FmGMTYhvxbq5LEptXeQgOP2ggBkqsw8sYP9oj1cb4kzBNv8M7nR9kM1EqvZpFV47phoTbBeMY4DZOJodkASFVM5/7ijWy/M9rtWMFMCXKURKkAQJRFADs0KqMJ5osnFFnubX7vKgK736XXF4+wIQuuHqEsYDZ90ftInxq8sYRnb2FZ0EV4yc8qqnz++fjwrAA5EV+zhL6l6hum1zL8JkUJ1ICKZ905If6nIeoul8MY3B1Cz4W+osN2Wtl8OeJ2t3iZx3wk/unVa8uDZH1owu47He68e2V8vpYxOaW4/hLyy/XuL5DukETrhRjC+7GbEaKaCwoA2UwAdqU,iv:N8ek+tp16WiZgjTDxXb0CRXH+MbLsl/oZ/OwcOoVRO0=,tag:uIzCSX0R/EObF/RdWxj64w==,type:str]
+hello: ENC[AES256_GCM,data:g/YDwjNQLs4pFRzFO3nwcbmeJd6tMLNNhhnSsAFyOQ8U8yjjUoCReDvrqpqBXIP1T9B80qyBVzxBY2bAYg==,iv:YdiJdG1ZjA95DGArtfaF1E8LomqW6oHCLmoSLQvwP+k=,tag:/ipWczAvhcjw5Jv7nvMF8A==,type:str]
 example_key: ENC[AES256_GCM,data:cLLYEiJbKg60ANK/h+kG,iv:1yrJt5JhbDP/9/Wb2l93fjwQF1hxERnxjPZ6qF4S/Bw=,tag:wbboaGylFJRSj4/TB+RCZg==,type:str]
 #ENC[AES256_GCM,data:c0Ay18GCW/gowNHmF67TMg==,iv:T+FN8xaVilVSETMQztl6lmpLqnGiyrXhJvWsO+dBdd0=,tag:1D6TkngB116dOeCAX85djg==,type:comment]
 example_array:
@@ -28,7 +30,7 @@ sops:
             Mms2UEhFSU82UWR5Z1VvU25qenJUQm8KtQeZDIfJIczm1l8ql/WmVEf8KI9dg0vw
             9rNSjtBkEttVd21zUSOziG4513abllE8NFTkAc1z3HacuXpHTBnd5A==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-07-07T06:14:57Z"
-    mac: ENC[AES256_GCM,data:gqadQL2Qp31+3ATZa0r4LDVNv8txUBoRsj3nZnBdLXkyMXKUQD9kuPOS1j+/vF5bg1d6rVdQAWl8BKlcu7UyyhO95P3G4l7hxdNBQCuNbiyb0hxrR2G7O1ZpMGuKec7+cBRkpGtVMrPmvt/7Ymh27qXiV9Gx6j812iSlORolj3w=,iv:Fg23U8c5IRWLdy2KmLHK3O+O9P1P58JF1jqzKnM4wLY=,tag:n6mBBzxQ/hjh5yREwyVGkg==,type:str]
+    lastmodified: "2025-07-29T00:12:59Z"
+    mac: ENC[AES256_GCM,data:5dQiEDyfeIYJt/l1wWH8y5cQm7+PqnUDwezCmyP7nvXs0z1lupYOHV62L5hqeQb7AELi4TriOokra4XdhHfr/QnI9capnYV6qTQrfvBE0EKsUQlxTmE6EnnTQuOWQy1iL8XgM3toEIH2mW2QNwme9k3fF/gGA8bL9t0+OEYGasU=,iv:kVDSFTHQG95rDfkp8sWJnxRQ5Wd9BjfPEzmuMm+alY0=,tag:3KFmBgW6pEEBFkOa14brDw==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2