diff --git a/.gitignore b/.gitignore index fa224a0..6e48ddb 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .null-ls* nixos-switch.log +result diff --git a/flake.nix b/flake.nix index b0f4f4d..c18f8f0 100644 --- a/flake.nix +++ b/flake.nix @@ -57,6 +57,9 @@ { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; + home-manager.sharedModules = [ + sops-nix.homeManagerModules.sops + ]; } musnix.nixosModules.musnix ]; diff --git a/modules/home/programs/default.nix b/modules/home/programs/default.nix index cdee472..cf68732 100644 --- a/modules/home/programs/default.nix +++ b/modules/home/programs/default.nix @@ -6,7 +6,7 @@ }: let cfg = config.myConfig.programs; in { - imports = [./foot.nix ./thunderbird.nix ./nextcloud.nix ./udiskie.nix ./wezterm.nix]; + imports = [./foot.nix ./thunderbird.nix ./nextcloud.nix ./udiskie.nix ./wezterm.nix ./rclone.nix]; options.myConfig.programs = { enable = lib.mkEnableOption "programs for desktop use"; @@ -17,7 +17,7 @@ in { foot.enable = lib.mkDefault true; wezterm.enable = lib.mkDefault true; thunderbird.enable = lib.mkDefault true; - nextcloud.enable = lib.mkDefault true; + rclone.enable = lib.mkDefault true; udiskie.enable = lib.mkDefault true; }; diff --git a/modules/home/programs/rclone.nix b/modules/home/programs/rclone.nix new file mode 100644 index 0000000..d5f4d65 --- /dev/null +++ b/modules/home/programs/rclone.nix @@ -0,0 +1,73 @@ +{ + lib, + config, + pkgs, + ... +}: let + cfg = config.myConfig.programs.rclone; +in { + options.myConfig.programs.rclone = { + enable = lib.mkEnableOption "nextcloud sync using rclone"; + }; + + config = lib.mkIf cfg.enable { + sops = { + age.keyFile = "/home/max/.config/sops/age/keys.txt"; + secrets = { + "cloud/url" = { + sopsFile = ../../../secrets/rclone.yaml; + }; + "cloud/user" = { + sopsFile = ../../../secrets/rclone.yaml; + }; + "cloud/pass" = { + sopsFile = ../../../secrets/rclone.yaml; + }; + "luhbots/url" = { + sopsFile = ../../../secrets/rclone.yaml; + }; + "luhbots/user" = { + sopsFile = ../../../secrets/rclone.yaml; + }; + "luhbots/pass" = { + sopsFile = ../../../secrets/rclone.yaml; + }; + }; + + templates."rclone.conf".content = '' + [cloud] + type = webdav + url = ${config.sops.placeholder."cloud/url"} + vendor = nextcloud + user = ${config.sops.placeholder."cloud/user"} + pass = ${config.sops.placeholder."cloud/pass"} + nextcloud_chunk_size = 512M + + [luhbots] + type = webdav + url = ${config.sops.placeholder."luhbots/url"} + vendor = nextcloud + user = ${config.sops.placeholder."luhbots/user"} + pass = ${config.sops.placeholder."luhbots/pass"} + ''; + }; + + home.packages = [pkgs.rclone]; + + systemd.user.services = { + luhbots-mount = { + Unit = { + Description = "Mount the luhbots nextcloud"; + After = ["network-online.target"]; + }; + Service = { + Type = "notify"; + ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p \"%h/luhbots Nextcloud\""; + ExecStart = "${pkgs.rclone}/bin/rclone --config=${config.sops.templates."rclone.conf".path} --vfs-cache-mode full mount \"luhbots:\" \"%h/luhbots Nextcloud\""; + ExecStop = "${pkgs.fuse}/bin/fusermount -u \"%h/luhbots Nextcloud\""; + }; + Install.WantedBy = ["default.target"]; + }; + }; + }; +} diff --git a/secrets/rclone.yaml b/secrets/rclone.yaml new file mode 100644 index 0000000..fd2f2bc --- /dev/null +++ b/secrets/rclone.yaml @@ -0,0 +1,28 @@ +cloud: + url: ENC[AES256_GCM,data:BoSdQrtLNKYpaHIWUj5Ak8PGMJz3hj/z88XVBgN6AbyT2K/bC412p3oi+X9MmYATR3A=,iv:wez+v5kEN+niZmZXzaJoygHf4mqKVI6CINktAZe8WTs=,tag:20W87Kcn94smiLtX9mMdOw==,type:str] + user: ENC[AES256_GCM,data:kFza,iv:OrDNF/h+xLuuyq2cpaHnQuRM1lwuXhe8Ue0rm/wRmkY=,tag:9t+hEx38r/yBIzWIFD0GnQ==,type:str] + pass: ENC[AES256_GCM,data:V+I4N5bDSDeTaubUKWK5sWQnTojqg3Afahgvd02LbkjpW/7VMjtLOyxtR5g3vzswcUFFZzOe4P1Y/MdH,iv:TEHPa1mbj6ODtDSnMvKdUUeyd+WcX5CIT+x7V9+FgNU=,tag:z5d95/hy9YFYrhaTG7r+Yw==,type:str] +luhbots: + url: ENC[AES256_GCM,data:5hnCSyNcr3un83FaNGYaiZdbxCJe87+hzpoRtWozbn0OW31pxONIEQnSikXh59/OlVJN9TEmv+bd3uO210NPoKUL0D2MWw==,iv:fvY7fLbiAVGq0hh4ifs/LRgixlZsIDczw0hpiUvFSw0=,tag:gXNgNWMDXnRMdyhTjnG6oA==,type:str] + user: ENC[AES256_GCM,data:ucJ21fRmDKvHtyA=,iv:IYfNwBBWYxVb7ptwhfBiBgXwaoj5oCWg6gCI3WD8sjE=,tag:sB6/PJuquUL/GugpfzNMRw==,type:str] + pass: ENC[AES256_GCM,data:3gkyN51YvL/SrtP3kbG4OVhc5KBzu33dYVx4u8pJs9h3GJ9Wh1A5NCaBFJa7VFWfKuysNmr4CQwQEYBX,iv:U5foeasbN/TrrR0mA1mNcqYWZFXHYIAqXLmP/RvC+Os=,tag:x7ck7quJG7npMGwi/ss3ZA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1d6ze98387f0gryqwvrdlcxgz3wgs607ach4duwmnp72dzaa63cxqchc78n + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVQ0hJN2R0V1NJNnZEeHRD + SDVxVmRFbXRVMjlSUkRKTHExY2I5S1BqVm1zCjRjM1J4Nm5xVG4wWVZLN2tMWGxH + Qi90UEpZdmROdkE0RzRoUmt0cDVFRlEKLS0tIHN1ZjQ4VUM5aGNjN3RZcUVieW9C + cVV3dFpNbjY1bkZtUlltanpSNDlPd28KQ4FQrC6KyZEzzkmByh07q1RAGnWnCNtr + XTDQhlbSq/LdptpqNbUD2g9H9vC2CAC0av39ExvT55JiK4dEWmrwUA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-02-28T13:54:09Z" + mac: ENC[AES256_GCM,data:1KKWA9F1kfwcvvbTNwFH/Cp0QGFGAJZOWCZX16Qi8g9ncBeX8xY8ZXq9jWtgOXO1wDeB7gPQj2nanZSzFvvjaq44h/gJRDu72L9H5KOrhJbJTG2K8yLWKnvzuLet8dPlaMkZKermCRcN31W9cQBLj7+31lUznTSLvd0B9uJxdu8=,iv:KImOEnxVrRnDtM7w3Xa23L6j495WQlSvqJgmRii4WSQ=,tag:Ck6u78WVnjkUDUCJnKyUhQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4