added gmail credentials file

.sops.yaml

@@ -2,7 +2,12 @@ keys:
   - &john-p14s age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy
   - &john-pc age1ykcs39e62pz3xu6cedg8ea685kv5d5qsrhgkndygzm8rx30xd5ys5t3qxt
 creation_rules:
-  - path_regex: secrets.yaml$
+  - path_regex: \.yaml$
+    key_groups:
+    - age:
+      - *john-p14s
+      - *john-pc
+  - path_regex: \.json$
     key_groups:
     - age:
       - *john-p14s

homeManagerModules/default.nix

@@ -11,7 +11,8 @@
     ./vscode.nix
 
     ../nixosModules/options.nix
-    inputs._1password-shell-plugins.hmModules.default
+    # inputs._1password-shell-plugins.hmModules.default
+    # Commented out because it tries to configure fish shell which we don't use
   ];
 
   nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
@@ -91,15 +92,15 @@
   # Let Home Manager install and manage itself.
   programs.home-manager.enable = true;
 
-  # https://developer.1password.com/docs/cli/shell-plugins/nix/
-  programs._1password-shell-plugins = lib.mkIf config._1password {
-    # enable 1Password shell plugins for bash, zsh, and fish shell
-    enable = true;
-    # the specified packages as well as 1Password CLI will be
-    # automatically installed and configured to use shell plugins
-    # https://developer.1password.com/docs/cli/shell-plugins
-    plugins = with pkgs; [ gh ];
-  };
+  # # https://developer.1password.com/docs/cli/shell-plugins/nix/
+  # programs._1password-shell-plugins = lib.mkIf config._1password {
+  #   # enable 1Password shell plugins for bash, zsh, and fish shell
+  #   enable = true;
+  #   # the specified packages as well as 1Password CLI will be
+  #   # automatically installed and configured to use shell plugins
+  #   # https://developer.1password.com/docs/cli/shell-plugins
+  #   plugins = with pkgs; [ gh ];
+  # };
   home.file.".config/1Password/ssh/agent.toml" = lib.mkIf config._1password {
     # https://developer.1password.com/docs/ssh/agent/config
     text = ''

homeManagerModules/restic/flake.nix

@@ -0,0 +1,46 @@
+{
+  description = "Flake packaging resticprofile with a Home Manager module for programs.resticprofile";
+
+  inputs = {
+    nixpkgs.url = "nixpkgs/nixos-unstable";  # Use latest Nixpkgs for Go package build
+    home-manager.url = "github:nix-community/home-manager";
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
+  };
+
+  outputs = { self, nixpkgs, home-manager }:
+    let
+      systems = [ "x86_64-linux" "aarch64-linux" ];
+      # Define a function to build the resticprofile package for a given system:
+      resticprofilePkg = { pkgs, lib, ... }:
+        pkgs.buildGoModule rec {
+          pname = "resticprofile";
+          version = "0.31.0";
+          src = pkgs.fetchFromGitHub {
+            owner = "creativeprojects";
+            repo  = "resticprofile";
+            rev   = "v${version}";
+            sha256 = "sha256-ezelvyroQG1EW3SU63OVHJ/T4qjN5DRllvPIXnei1Z4=";  # source tarball hash
+          };
+          vendorHash = "sha256-M9S6F/Csz7HnOq8PSWjpENKm1704kVx9zDts1ieraTE=";  # Correct vendor hash
+          goPackagePath = "github.com/creativeprojects/resticprofile";
+          doCheck = false;  # Disable tests due to sandboxed build environment
+          meta = with lib; {
+            description = "Configuration profiles manager and scheduler for restic backup";
+            homepage    = "https://creativeprojects.github.io/resticprofile/";
+            license     = licenses.gpl3Only;
+            maintainers = [ ];  # (Add yourself or skip)
+          };
+        };
+    in {
+      # Provide the package for all supported systems:
+      packages = nixpkgs.lib.genAttrs systems (system: 
+        let pkgs = import nixpkgs { inherit system; }; 
+        in { resticprofile = resticprofilePkg { inherit pkgs; lib = pkgs.lib; }; }
+      );
+
+      # Provide the Home Manager module
+      homeManagerModules = {
+        resticprofile = ./resticprofile.nix;
+      };
+    };
+}

homeManagerModules/restic/profiles/base.nix

@@ -0,0 +1,46 @@
+{ lib, config, ... }:
+{
+  base = {
+    repository = "local:/mnt/backup";
+    password-file = "${config.xdg.configHome}/resticprofile/password.txt";
+    status-file = "{{ .ConfigDir }}/backup-status.json";
+    retention = {
+      after-backup = true;
+      keep-last = "10";
+      keep-hourly = "8";
+      keep-daily = "14";
+      keep-weekly = "8";
+    };
+    backup = {
+      verbose = true;
+      exclude = [
+        ".vscode*"
+        ".cache"
+        ".venv"
+        ".pyenv"
+        ".devenv"
+        "data/postgres"
+        "build"
+        "__pycache__"
+        "*.log"
+        "*.egg-info"
+        "*.csv"
+        "*.m4a"
+
+        ".local/share/Steam"
+        ".local/share/Trash"
+        "build"
+        "dist"
+        "/home/*/Pictures"
+        "/home/*/Videos"
+      ];
+      schedule-permission = "user";
+      schedule-priority = "background";
+      check-after = true;
+    };
+    prune = {
+      schedule-permission = "user";
+      schedule-lock-wait = "1h";
+    };
+  };
+}

homeManagerModules/restic/resticprofile.nix

@@ -0,0 +1,69 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkEnableOption mkOption mkPackageOption mkIf types;
+  cfg = config.programs.resticprofile;
+  yamlFormat = pkgs.formats.yaml { };
+  baseProfile = import ./profiles/base.nix { inherit lib config; };
+  profiles = lib.recursiveUpdate baseProfile cfg.profiles;
+in {
+  options.programs.resticprofile = {
+    enable = mkEnableOption "Enable resticprofile (Restic backup profile manager)";
+
+    package = mkPackageOption pkgs "resticprofile" { };
+
+    # Multiple configuration files support
+    profiles = mkOption {
+      type = types.attrsOf yamlFormat.type;
+      default = { };
+      description = ''
+        Multiple configuration files for resticprofile. Each attribute name
+        becomes a YAML file under `$XDG_CONFIG_HOME/resticprofile/`.
+      '';
+      example = {
+        common = {
+          repository = "local:/backup";
+          passwordFile = "password.txt";
+          includes = [ "common.yaml" ];
+          backup = {
+            source = [ "/home/user/Documents" ];
+            schedule = "12:30";
+          };
+          forget = {
+            keep-daily = 7;
+            keep-weekly = 4;
+            keep-monthly = 6;
+            keep-yearly = 2;
+          };
+        };
+      };
+    };
+  };
+
+  config = mkIf cfg.enable (
+    let
+      resticprofileCmd = ''
+        ${cfg.package}/bin/resticprofile --config "${config.xdg.configHome}/resticprofile/profiles.yaml"
+      '';
+    in {
+      # Add a script to manually unschedule and reschedule all resticprofiles
+      home.packages = [
+        cfg.package
+        (pkgs.writeShellScriptBin "rp" ''
+          set -e
+          sudo ${cfg.package}/bin/resticprofile --config "${config.xdg.configHome}/resticprofile/profiles.yaml" $@
+        '')
+        (pkgs.writeShellScriptBin "rps" ''
+          set -e
+          rp unschedule --all
+          rp schedule --all
+        '')
+        (pkgs.writeShellScriptBin "rp-test" "rp run-schedule backup@default --dry-run")
+      ];
+      xdg.configFile."resticprofile/profiles.yaml".source = yamlFormat.generate "profiles" {
+        version = "2";
+        profiles = profiles;
+      };
+    }
+  );
+}

homeManagerModules/shell.nix

@@ -37,10 +37,10 @@
       ] ++ lib.optional config._1password "1password";
     };
     shellAliases.ls = "${pkgs.eza}/bin/eza -lgos type --no-time";
-    initContent = lib.mkIf config._1password '' 
-      if [ -f "${config.home.homeDirectory}/.config/op/plugins.sh" ]; then
-        source ${config.home.homeDirectory}/.config/op/plugins.sh
-      fi
-    '';
+    # initContent = lib.mkIf config._1password '' 
+    #   if [ -f "${config.home.homeDirectory}/.config/op/plugins.sh" ]; then
+    #     source ${config.home.homeDirectory}/.config/op/plugins.sh
+    #   fi
+    # '';
   };
 }

homeManagerModules/sops.nix

@@ -1,7 +1,7 @@
 { inputs, config, pkgs, lib, ... }:
 let
-  sopsConfigPath = "${config.home.homeDirectory}/.config/home-manager/jsl-home/.sops.yaml";
-  sopsSecretsPath = "${config.home.homeDirectory}/.config/home-manager/jsl-home/keys/secrets.yaml";
+  sopsConfigPath = "${config.xdg.configHome}/home-manager/jsl-home/.sops.yaml";
+  sopsSecretsPath = "${config.xdg.configHome}/home-manager/jsl-home/keys/secrets.yaml";
 in
 {
   imports = [
@@ -12,10 +12,36 @@ in
     age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
     defaultSopsFile = ../keys/secrets.yaml;
     defaultSopsFormat = "yaml";
+    
+    secrets."api/gmail_client_secret" = { };
+
+    templates."gmail_creds" = {
+      content = ''
+        {
+            "installed": {
+                "client_id": "499012320469-vtml6emu6bmujpsj9lud2b44jqu7h26j.apps.googleusercontent.com",
+                "project_id": "python-apis-423500",
+                "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+                "token_uri": "https://oauth2.googleapis.com/token",
+                "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+                "client_secret": "${config.sops.placeholder."api/gmail_client_secret"}",
+                "redirect_uris": [
+                    "http://localhost"
+                ]
+            }
+        }
+      '';
+      path = "${config.xdg.configHome}/sops-nix/gmail_api_credentials.json";
     };
+  };
+
+  home.sessionVariables = {
+    GMAIL_CREDS_PATH = "${config.xdg.configHome}/sops-nix/gmail_api_credentials.json";
+  };
+
   home.packages = with pkgs; [
     (writeShellScriptBin "edit-secrets" ''
-      sops --config ${sopsConfigPath} ${sopsSecretsPath}
+      ${sops}/bin/sops --config ${sopsConfigPath} ${sopsSecretsPath}
     '')
     sops
     age

homeManagerModules/ssh.nix

@@ -8,6 +8,14 @@
     '';
     matchBlocks = lib.mkMerge [
       (lib.mkIf (config.profile == "personal") {
+        "ad-nix" = {
+          hostname = "192.168.1.201";
+          user = "appdaemon";
+        };
+        "docs" = {
+          hostname = "192.168.1.110";
+          user = "root";
+        };
         "panoptes" = {
           hostname = "192.168.1.107";
           user = "panoptes";

keys/secrets.yaml

@@ -1,13 +1,7 @@
-hello: ENC[AES256_GCM,data:4uC3/Tig8jP77fzue3w/gevs7yj61h3hF8bEMLPBlJakpna3G8DVAFOlyqEjOg==,iv:3LCkLVdAdMdo9cD/1usIYu/akZ5anpMlqciHrVcwOLU=,tag:sOSoPPxoippFJAusbtIuVQ==,type:str]
-example_key: ENC[AES256_GCM,data:cLLYEiJbKg60ANK/h+kG,iv:1yrJt5JhbDP/9/Wb2l93fjwQF1hxERnxjPZ6qF4S/Bw=,tag:wbboaGylFJRSj4/TB+RCZg==,type:str]
-#ENC[AES256_GCM,data:c0Ay18GCW/gowNHmF67TMg==,iv:T+FN8xaVilVSETMQztl6lmpLqnGiyrXhJvWsO+dBdd0=,tag:1D6TkngB116dOeCAX85djg==,type:comment]
-example_array:
-    - ENC[AES256_GCM,data:yUJ7p5VfyQUANjbuz48=,iv:XTGb97tMV3mkPwNyKetSflLLlE31g9UgMPcelMPpNZ0=,tag:j5muB72Ogc/gtenvsWvpbQ==,type:str]
-    - ENC[AES256_GCM,data:8eQ2clCNBxPfdycPMOo=,iv:C9iT+wJH9ENJShNYo3IGceRwHyrlU6LUE7jpc+72KOw=,tag:YTbZqYJVMUoTRqD2ujTOvg==,type:str]
-example_number: ENC[AES256_GCM,data:LhABh/RtBsdKAg==,iv:JGYFnixDNZUIRKJcuaenvO8D60T+Jvx/R7SWxbIPXsM=,tag:+1b/aj3x1yfQZ2j4OM5dcg==,type:float]
-example_booleans:
-    - ENC[AES256_GCM,data:pGnelw==,iv:KAayJZ8px4Qupv0NfapSQ6valrVKndEtCb3U4MTmK/U=,tag:lkl+zBgkEMbFQjNssxYQjg==,type:bool]
-    - ENC[AES256_GCM,data:Vqqfp2w=,iv:SC1DS7G9/lHYtA6PPRbVsi/ZhyNUYvRjXxHIqCxqEPA=,tag:9hv6F1rP7xSd08KCKkuiLQ==,type:bool]
+restic_password:
+    john_ubuntu: ENC[AES256_GCM,data:Q4lUaFFDgoK9k4kQj7hSVKaFDGW0T+6V+OpFU5R528R3EKM7YJMgcFX+sK3mWl9XA4/6E1GeINpIqOpx+FP5Cf/8qt9sXBXCmXXSYdA4IH3RS6a1NkcIVjsTMvpn4q/fslCeYN4LB+r4pBGmdca105miqVun8J69cZGwjZ+wuxrMAP+mdnHdSUPycjNWJJzmEa3waQsygAi4A5cAN5sigOPBxe2pCTh/FEKoTgWmzHGJvcjrzuL6wNOpQrkMWwTsHCtbe9dyMP/fQpoBgYDT4W9Rd4XHhbrooje+g3x48EL1rkRIVVNRavpRUih/mjcdJGzzJ6jZmLLcc1f7SZIKZht7f+ZcdZl3rKQB+WanZgK/KAgKBRCrbIk2eeBZwkcRSw5kmGFU7x0azdIipJYj+3KHHQS5S2VW4j2tQG74xK3qaNJcSMjpKmdI1dHcPf0x2ILaDDV9Ts0H4GTOB2zO9iGy7x2tdPd4tugxxk5rr5rphTZL3lgUf0Ri/qMkJh9I8CsjUdvRycHeIEUZPmEVaIqJC2jrd2pBslis5VWD/6PHQBCob07d1fcpIYox4YXM3GcLg3OxiD8nZ7DTzGRMhciZtTKKWbBT8qzPud4ZQvDkT5l+XOpeM13wXFIMa13CwOzYeyWjycED0VQ/i3XRw9+9lg3cosfxaPdaFtv4MjV7Od62G/UJw3OxaQOHM2y24N+Q0pSBoTdDAFwDCH/kcqZji6ZrVTu4Rad8opcILJJcqC+pjegDvBtUdDz+G3/dFiS6m8RYIRb7qB5yEX/lCgzlECmRS2XP8uraNJ5NN8rtk0gdBtaI9/78YyAjLLGkjIcIR4uJA5buCZBR9jIdqf4f52fowbx18VPrwFXN2mYX6mPsKbDmaz0ILHq/I9n8bS/KM7gIQmTw/RAUwnmL4IRu8zHn6nmIqj6d8AkjYx7s6pG8OF8LgfhqZT7tdPKCd+n/HnYn1fZGSw26zHzPd4nKnVV1e3NYvX6CVwVycerGs9elOKtOI8GsrWYyXzJbfC+nWxbHKI/t6sxyzTBrHPR4r6l/CchQF+SfBs5aELKExe7h325qBB2y6EFdkbxTj1tPGqxttp9xJB1LUyNtwsEAkpD44JNqPxZCYHQbeVE3Oo3TYtRUSVWREc1WNIsfSG/anScYUhDEah9YyIdiG+O71QqegunusLoxmpF2rQtx7shtAvJV3skDBB0tFDoQyIV+yPo7kPV0D7Ig+Ba+mk5ASJrT9DXZ53Q2CCTLAuslU4MP7g22RX8rU3s2hFJq8m7wvMwpqa9Tr6O38i1wX4PhG1VRMM8EIlMQnLWWKmni6NbOYiRxFYJMioxH5SyE4ODQYXy5YIuLoRsX8VR6UqJ1GZb7sJf3M1aPOFOHzTN9hnziTRRe1KCMoBrAghrqhvL1VRr9X5PYMxnjBh6o0d5YTN0WOGD2iEVbCzqxFXcxQZBBp4KyNAAhFhGNw8WUp/rVoyCYn7+OEYFspY4FmGMTYhvxbq5LEptXeQgOP2ggBkqsw8sYP9oj1cb4kzBNv8M7nR9kM1EqvZpFV47phoTbBeMY4DZOJodkASFVM5/7ijWy/M9rtWMFMCXKURKkAQJRFADs0KqMJ5osnFFnubX7vKgK736XXF4+wIQuuHqEsYDZ90ftInxq8sYRnb2FZ0EV4yc8qqnz++fjwrAA5EV+zhL6l6hum1zL8JkUJ1ICKZ905If6nIeoul8MY3B1Cz4W+osN2Wtl8OeJ2t3iZx3wk/unVa8uDZH1owu47He68e2V8vpYxOaW4/hLyy/XuL5DukETrhRjC+7GbEaKaCwoA2UwAdqU,iv:N8ek+tp16WiZgjTDxXb0CRXH+MbLsl/oZ/OwcOoVRO0=,tag:uIzCSX0R/EObF/RdWxj64w==,type:str]
+api:
+    gmail_client_secret: ENC[AES256_GCM,data:du2gEY5TQIwpUEvJKDWKY3noLRGeiKek4IMwPUusVx8NMys=,iv:hIYi1xQYf6+hDhK0pNprBYu6wXwRH2yOTwQg6pzQa0A=,tag:sqmQ5GCkKbHpIy2R+Y5G/A==,type:str]
 sops:
     age:
         - recipient: age1f6drjusg866yscj8029tk4yfpgecklrvezldm02ankm6h8nnwu5s2u6ahy
@@ -28,7 +22,7 @@ sops:
             Mms2UEhFSU82UWR5Z1VvU25qenJUQm8KtQeZDIfJIczm1l8ql/WmVEf8KI9dg0vw
             9rNSjtBkEttVd21zUSOziG4513abllE8NFTkAc1z3HacuXpHTBnd5A==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-07-07T06:14:57Z"
-    mac: ENC[AES256_GCM,data:gqadQL2Qp31+3ATZa0r4LDVNv8txUBoRsj3nZnBdLXkyMXKUQD9kuPOS1j+/vF5bg1d6rVdQAWl8BKlcu7UyyhO95P3G4l7hxdNBQCuNbiyb0hxrR2G7O1ZpMGuKec7+cBRkpGtVMrPmvt/7Ymh27qXiV9Gx6j812iSlORolj3w=,iv:Fg23U8c5IRWLdy2KmLHK3O+O9P1P58JF1jqzKnM4wLY=,tag:n6mBBzxQ/hjh5yREwyVGkg==,type:str]
+    lastmodified: "2025-08-03T17:03:22Z"
+    mac: ENC[AES256_GCM,data:c3rcMHTRxbnpQoW5eLn0X1aCL1v2ft05UTcHaCuGiCaF3b/loVjEQr30pepBgR07PSleTIi375Y0Rj8ik8Ot3j+Zl5BR32bEtqf6gcWwz6oSmeORDrJS15698d7/avJl82/EC0ZN77j+fcdkWZrCJHb47HGfRxKl9L5HbyWasA4=,iv:g3d3C571uYpTTFixYZg+ztg8jTdof1g6Hb5gtRvpRkk=,tag:8kAxrUwUVeWvpYjWMDE+AA==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2