Use sops-nix for nm connections

Author: Defelo

.sops.yaml

@@ -0,0 +1,8 @@
+keys:
+  - &defelo 61303BBAD7D1BF74EFA44E3BE7FE2087E4380E64
+  - &nitrogen age1v9szwgk0xp383z9fu657kzp60mpxlsg4lm0c73xest7xdrcf4qnqfwlnrd
+creation_rules:
+  - path_regex: secrets/.+$
+    key_groups:
+      - pgp: [ *defelo ]
+        age: [ *nitrogen ]

flake.lock

@@ -8,6 +8,7 @@
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    sops-nix.url = "github:Mic92/sops-nix";
     flake-utils.url = "github:numtide/flake-utils";
     nix-index-database = {
       url = "github:Mic92/nix-index-database";

flake.nix

@@ -60,6 +60,9 @@
     xclip
     ripgrep
     xdotool
+    age
+    sops
+    renameutils
 
     obsidian
     vlc

home/packages.nix

@@ -22,8 +22,8 @@
       };
     in
       pkgs.lib.attrsets.mapAttrsToList (key: value: "${toString value}:class_g = '${key}'") rules;
-    settings = {
-      corner-radius = 4;
-    };
+    # settings = {
+    #   corner-radius = 4;
+    # };
   };
 }

home/picom.nix

@@ -171,6 +171,7 @@
       lsblk = "lsblk -M";
       type = "which";
       j = "just";
+      qmv = "qmv -f destination-only";
       mnt = "source ${../scripts/mount.sh}";
       tt = "${../scripts/timetracker.sh}";
       beamer = "${../scripts/beamer.sh}";

home/zsh.nix

@@ -0,0 +1,32 @@
+foo: ENC[AES256_GCM,data:O+cs,iv:wFzfuXAXmUXe+B6gDrO5xrlOsDCjFSmu3yrrPZJIvVs=,tag:0IFANXzphoNQUeyZS1VqbQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1v9szwgk0xp383z9fu657kzp60mpxlsg4lm0c73xest7xdrcf4qnqfwlnrd
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwSkVHYjg2Mm5PejRmVFhw
+            V2xDWWhWQVFzOGhKSWFubU9nMFE5eXQrTUVRClhCSXgvaVpPT0lEUmVWY3d0K0g5
+            WW1lV25kNXZ0YlV0Q0E5QWcwMUwrdjQKLS0tIHdjdlkzM2owSWt0VGNtS2FMZ1NO
+            MnFDZUt3RFphMHZXTjNlOTlJbFQrVG8K4mo3svY8kQ1Znt0at84aA7vkUi4HAzMY
+            h+70UQpjcqMAj7rvnIucnbJJrGJBbK+ylvpPDUT5Vm6kQ8kMS9NtUg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-04-24T08:41:48Z"
+    mac: ENC[AES256_GCM,data:2rqanjJb5FSFWhv/jbmMOt0zTO3gkKnY2TEB4Sq6WGghAF3HyRMFKgtdVu5IiKC3QwGyXQyywWl+fYKU6Yi0pj6EnPh8+qbqTX3TOJXl2ipMbaSFG1Xut28BtbZiMuTRFN8KIZhP0ZSFhRutdHHETLQYwy6ugCyzc7p/LN3M3EY=,iv:l0aWDvVKUaIoijMNsEOYxLcA+MbChpVrXOomBP8MDec=,tag:46HvVLaPiWBNNh1wIsS+9A==,type:str]
+    pgp:
+        - created_at: "2023-04-24T08:41:43Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            wV4D8w/Zb+cfdxsSAQdAdUuG3frrHoARJ6Tf7LfvtdFxo4ad5rZLMAkAnKw+uAEw
+            M7eIhXXBJ7nOSdPcEnqcBY2siNg0FsKuM3D+hFhEHop5b03huIuxaPH4xjJyJpMw
+            0lEBBj0I/5ZDGP4w7MC1BfjOg3wxBuxzA1Nf9kfdXoUbbtPtNzIfknL9VhVTl+CZ
+            U72cVb2qijXz++aM36AON/S1FaqthFAQ71J89LpVLvMrs6s=
+            =zgHP
+            -----END PGP MESSAGE-----
+          fp: 61303BBAD7D1BF74EFA44E3BE7FE2087E4380E64
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3

secrets.nix

@@ -0,0 +1,36 @@
+vpn:
+    default: ENC[AES256_GCM,data:1oG0/trjna674kjYt+XmMmSvhmuLuLReWVPAmCr5agvsziRz,iv:jtYzpk49d/uoOsDlydjJQJ5G3E2Uoe8A3MblULVd7V4=,tag:nqYeWm/WN4HU9UmAJowJGQ==,type:str]
+    full: ENC[AES256_GCM,data:FTxg3osx9CzndWceo/jVJeg+G1JmCexLyZqSbwAvGv1dPMl1,iv:r9BhQq9HD/or7VwBlwE5dvplyufyECCvM0/E0jWJ9XU=,tag:xOefpFH3WNQQvctvXoyHkQ==,type:str]
+wifi:
+    trusted: ENC[AES256_GCM,data:8N4YAXVqJg8Wz0m6U/+dc0XcamvsamHnPHELasmhU9YwmYdDJA==,iv:CIzUv+QtRwlxD6+SDVnSVlukONsjauQ9d1SFFuapRNo=,tag:9AGaSQxJAe4PZzS3FsRl9w==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1v9szwgk0xp383z9fu657kzp60mpxlsg4lm0c73xest7xdrcf4qnqfwlnrd
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZOGlBeUYvaWZkdHdsc3BH
+            K2cxSVFWd3hwTHVyUCtRRXZZeEFYTmJiWmtrCjVMSXh5MG81enkyRS90dnJjUWF0
+            dnNFZ2FCeGM5QUZQRE8vcTJFZEpSVEkKLS0tIHZZK1E0eGN5K1REQnRwd2RPTG11
+            UzBsZjdFcHJqaTBLRDhCQlRTVDNiV1kKkWxgBXcyiY8j0r7cbi2YpCFW8Q2NhqFt
+            KiROlJCzHWPoVQ7SfiGid/A2njYZodIPrZK4Ubw28TC1T35+sNpH6Q==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-04-24T12:42:43Z"
+    mac: ENC[AES256_GCM,data:A+u/ycJjNqAkD1fKZv217YOMysuENXLVE3TC7UyCO0TynRM47v+UJ3kqqoFbzCPOB97YQ6+GPcXoLJ/QMErRVARd2UE5zB9GLGHACXj/F5QCxhdlmGBm/q1xa1MJrFpUmFngvlXPjaEDCuQiW7q2IYuA9KK7k+BYgo/H9o2DOxk=,iv:1eDnRSUsz+Rn1d2alMBNBTPsZw2ZvbZg1/r2JZt4KpQ=,tag:06P3YosqyJY+4vTc6bUZbQ==,type:str]
+    pgp:
+        - created_at: "2023-04-24T12:15:32Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            wV4D8w/Zb+cfdxsSAQdA2ROubZ5MC35ASUImYC7llTDyuwB8uqkhvdP+suQ690Yw
+            /aR5g0OeKc0KINsy0L4rb1vbWx3gHbBlzTdfuC+yY+kni0W7cSIb8SLcDEj1gxI1
+            0lEBqiu8fD6in9yarK3YTHc+Vgjx7E9bPdioWzhuk87YHS7kONvw4yN4h9GxRNCk
+            AaXYQ7XzX/g8ENikcVZevO3+gGQyJ8VfCK5x/Cp0qm+qCAU=
+            =XedR
+            -----END PGP MESSAGE-----
+          fp: 61303BBAD7D1BF74EFA44E3BE7FE2087E4380E64
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3

secrets/default.yml

@@ -0,0 +1,26 @@
+{
+	"data": "ENC[AES256_GCM,data:CbJX5CEzVYl5A/nHx4ueF8w/pgJjsCrFY3JK20gestD1J5FNVFKU+G6cFJ9lsbMkUFuEK4aIGisTarvD2FhOdhfHxwQd2Ikbch725KKPDGd80g/zaGgCCGQR1/wzE7ETb/Y9VZfPHXyh2Xirrf5tX9IUc+e5a/cQmwWGvq6O1a0R6x8EZa1/X7HYUuN6h0DKV8GG2l1iFNN3VRtYSuGO5zySlyiKuyipTRq/V5h2itLmbsweA/ORcZzwUDK+YZjxyy5wuuc4xaDF17YpmyLJjJ7rhSQv17w+jRt4HyLSWNvPEAsZSz91UQHXr4NKJtiSJhHDjfsHb4UaUYqXQ4pYJY4nYDkpBweyayee1RGwT/lyK7Efbu4iNVEB6fj+pgppTbgN+uTKhmyf9q9CY8J4bP9FjB6xiMVJ2I1Qc0k/RcydhdemVfk0sgNv38TP8eMiCZe8caJKPW++7qcNwPAZ7cIYkec/BDMuSlzUN3HFSPlj53T1bJM=,iv:ownm79zIfO3aeNeY6OPJWBZJYWVNQGP/yIHV5J+7v9M=,tag:Cqhk1IC68y2ANtg0srbm1Q==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age1v9szwgk0xp383z9fu657kzp60mpxlsg4lm0c73xest7xdrcf4qnqfwlnrd",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4eU5HUmoxQXdmRXpPTStx\nOXlyN1dmZVllZmw2c0loeHFGUXdRd1krVFgwCm5IdnQxcVRHMytLL2I0b0sycGpM\naVU2Z1FjbHFva216Z0ZYS2F3MWpGQkkKLS0tIGc1SWQ4b1BrU29teDkzeEJDeDZP\naEx2Q1dPRGVaWTY4c2g5UUNOQXo5VEEKLT/CesvVnX00rCvZii08SjczoICy1RQn\ndTZZrzb8RX4AZ2FiPDjQGnJ2fXkm1ZRPnLL+Z12BW6TcJ8xpLlrsyg==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2023-04-24T08:58:48Z",
+		"mac": "ENC[AES256_GCM,data:QYEzmKl0YUWpU51nHc3MgHlaUkgXnhCFwpV9CJ0qudLPPvO5XuG7848nwGXQCNL8HRly3neFCy0GKrn1uuUo9WVJChIq5Q3XycF8iIyfFluB0PWiEbEcCrUAWGF82Zth2fgIRGXwEvXpWCH8dq0rhLJeoR4Ou25yfjXj3fzPzOg=,iv:paRj8Y/U/70Dx9gV8adGqfhMrqZ/Kuj3TYu0YB6FJIM=,tag:GBTDQQ4x/1MyLPzjIoDW3A==,type:str]",
+		"pgp": [
+			{
+				"created_at": "2023-04-24T08:58:48Z",
+				"enc": "-----BEGIN PGP MESSAGE-----\n\nwV4D8w/Zb+cfdxsSAQdAG8ep2gOLNf7ACP7m/kyVo3xd2v59l9JlSwecyRxap24w\ntAznNuB7JGfmOE1Ncmc6WtqzN0wKICuRDTGou456zFu3E1W7AK3Sc2iCe0vPI9U4\n0lEBKC/qczTmpVoUcYlx3QMAm4RGyP30eW5a69RX3MLu2oVPCpqQtw7nfnqqinI4\n8l0gjLu8tKKPovQQs/DgzW4sTtAV/wJ0XGvxoN0zEYUVS8k=\n=rkdM\n-----END PGP MESSAGE-----",
+				"fp": "61303BBAD7D1BF74EFA44E3BE7FE2087E4380E64"
+			}
+		],
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.7.3"
+	}
+}