jaspermayone.com
+6
hosts/alastor/configuration.nix
+6
hosts/alastor/configuration.nix
+13
-14
modules/configs.nix
+13
-14
modules/configs.nix
···
3
3
{ config, lib, pkgs, isDarwin, ... }:
4
4
5
5
let
6
-
# Paths for secrets
7
-
secretsDir = ../secrets;
8
-
dotsDir = "/Users/jsp/dev/dots"; # Adjust if needed
6
+
# Paths for secrets - platform-specific
7
+
dotsDir = if isDarwin then "/Users/jsp/dev/dots" else "/home/jsp/dots";
9
8
in
10
9
{
11
10
# btop configuration
···
52
51
# This runs on every home-manager activation
53
52
home.activation.decryptUserSecrets = lib.hm.dag.entryAfter ["writeBoundary"] ''
54
53
SECRETS_DIR="${dotsDir}/secrets"
55
-
AGENIX="${pkgs.age}/bin/age"
54
+
AGE="${pkgs.age}/bin/age"
56
55
SSH_KEY="$HOME/.ssh/id_ed25519"
56
+
${if isDarwin then ''
57
+
ESPANSO_DIR="$HOME/Library/Application Support/espanso/match"
58
+
'' else ''
59
+
ESPANSO_DIR="$HOME/.config/espanso/match"
60
+
''}
57
61
58
62
# Only proceed if we have the SSH key for decryption
59
63
if [ -f "$SSH_KEY" ]; then
60
64
# Decrypt espanso secrets
61
65
ESPANSO_SECRETS="$SECRETS_DIR/espanso-secrets.age"
62
66
if [ -f "$ESPANSO_SECRETS" ]; then
63
-
${if isDarwin then ''
64
-
ESPANSO_DIR="$HOME/Library/Application Support/espanso/match"
65
-
'' else ''
66
-
ESPANSO_DIR="$HOME/.config/espanso/match"
67
-
''}
68
-
mkdir -p "$ESPANSO_DIR"
69
-
$AGENIX -d -i "$SSH_KEY" "$ESPANSO_SECRETS" > "$ESPANSO_DIR/secrets.yml" 2>/dev/null || true
67
+
$DRY_RUN_CMD mkdir -p "$ESPANSO_DIR"
68
+
$DRY_RUN_CMD $AGE -d -i "$SSH_KEY" "$ESPANSO_SECRETS" > "$ESPANSO_DIR/secrets.yml" 2>/dev/null || echo "Warning: Failed to decrypt espanso secrets"
70
69
fi
71
70
72
71
# Decrypt wakatime API key and merge with config
73
72
WAKATIME_SECRET="$SECRETS_DIR/wakatime-api-key.age"
74
73
if [ -f "$WAKATIME_SECRET" ]; then
75
-
API_KEY=$($AGENIX -d -i "$SSH_KEY" "$WAKATIME_SECRET" 2>/dev/null || echo "")
74
+
API_KEY=$($AGE -d -i "$SSH_KEY" "$WAKATIME_SECRET" 2>/dev/null || echo "")
76
75
if [ -n "$API_KEY" ]; then
77
-
cat > "$HOME/.wakatime.cfg" << EOF
76
+
$DRY_RUN_CMD cat > "$HOME/.wakatime.cfg" << EOF
78
77
[settings]
79
78
api_url = https://waka.hogwarts.dev/api
80
79
api_key = $API_KEY
···
88
87
# Decrypt npmrc (contains registry auth tokens)
89
88
NPMRC_SECRET="$SECRETS_DIR/npmrc.age"
90
89
if [ -f "$NPMRC_SECRET" ]; then
91
-
$AGENIX -d -i "$SSH_KEY" "$NPMRC_SECRET" > "$HOME/.npmrc" 2>/dev/null || true
90
+
$DRY_RUN_CMD $AGE -d -i "$SSH_KEY" "$NPMRC_SECRET" > "$HOME/.npmrc" 2>/dev/null || echo "Warning: Failed to decrypt npmrc"
92
91
fi
93
92
fi
94
93
'';
secrets/atuin-key.age
secrets/atuin-key.age
This is a binary file and will not be displayed.
+6
-6
secrets/bore-token.age
+6
-6
secrets/bore-token.age
···
1
1
age-encryption.org/v1
2
-
-> ssh-ed25519 1uIO/w i4xIBsz48J5D9nyFRQNanpzUZeF3zHLadBzUVH00YSU
3
-
pqZG/oZrr+DqKZASc5BhifaeXmcWSibxGhtn734pdWU
4
-
-> ssh-ed25519 U0D80g q8YKmiWrxPCUx5JTO9TbW2kjgs85ecMtCJdkMOUCqBw
5
-
eVQfYKa4LwOogaGRnKvvMubezn5DW6dvVilKo28YjR0
6
-
--- YxiZUYTwPg9DKp0G3KvYXg/jUkgS43ErqFOMs1QQylY
7
-
�7
�CE�5�S����N]���[��=�gv!9)�{,��z�����**��O�����4B� ����#������/��N|HB*����+�"l��w��
2
+
-> ssh-ed25519 1uIO/w kgtJCVfjvOBrUkiw1xsqQEBXbnc0y92rz2N0jxgMVnk
3
+
BJvjlS+aU54yl2B8QTnZb5XDhj9tR1tIgFtAX/jnDuY
4
+
-> ssh-ed25519 U0D80g 88LdiR3+48uJDzEWmhpvnZs3fdC6YSjapqxFJBTYkww
5
+
MtBF/Dsyv0Er8hs/J+WHZR8/ZMTrHoiU2jlQnkOpdQk
6
+
--- PZaQT1UqSej74ow859pJUqFbniWBgHHD8Z9T9X8IJ+0
7
+
\���I�6�Ӽ3k��
�J�S^%ߖ�3 sp�]YD��;B]�
�d��_�j]��s_��p�k����$�|73�^�W������1��g<��� d]z>��
secrets/cloudflare-credentials.age
secrets/cloudflare-credentials.age
This is a binary file and will not be displayed.
+9
-4
secrets/espanso-secrets.age
+9
-4
secrets/espanso-secrets.age
···
1
1
age-encryption.org/v1
2
-
-> ssh-ed25519 1uIO/w Zehp236pAaJ2GD3UUHZpRSDnGAl3rOrRaAVItx93uBw
3
-
dWEmfovVVhx9WVkFrlzHsLCQ3uQl5AvNgSPOP2QtMOM
4
-
--- 9hTRWQB4rPaWJtLoH1QUjl0nYiZXLDT3tTPV5FtfwZc
5
-
�"�����0� m�)^����VS��j>���s
2
+
-> ssh-ed25519 1uIO/w yTUSFJXtKqy7ecsZ/R/Evpmy6zCdVzDi86MwvW27NWY
3
+
tdH0ne5cV7dz4Vc+TtWbAoa8EOUDE/f0XTvRzqvDB14
4
+
--- dxff2PJ/K8dMMB6NAouEgx6Klyx794Xpa1j4F72/fG0
5
+
��oAG@�SoX��%���6BA�?Cl�D�0� D�<�>r ��u����XA �
���L֒�*:�vr<e�ޥ
���N���%�mvI�R�����qR���M�A
���.ѷ��I��h�/0H*�>
6
+
3�g,��
��
]z%`U�<
�jS�s*�p#�}���@�)�R^䃦
���o,Ü ޱL6>��43q��Zj�N;^�j��m�-�@jO�ѩ����I�u�Պ4YE����K-���n4���ˑ1
��&���
����ϓϦ@t�:#�PL�ex=��}
���
H�$
7
+
����n���ZᭆX^�HmJ�Y��8�6�*
��a9rG��b?�D�J��}E���>f`'
h����%�o^�6 �Z�e�{�ۂ2,HP�?)K��F7��>X��`dXfW
������$/1����RpIe^3� �`8��0��
8
+
�M��\�i�&D!�M�\��7u�y�G�
�\PBCi4�h5'����]�k�;9� ^B��/�v
5�'V�H{J~�5 P�����Ay���ƾ����7D;rv*��䨸W�Lj��؍�#��8���0���!��Yb
�!a7��W�3Ȁ����v��|K
;�Y�����n
9
+
N3-�D�ҝ��c�����Ԛ�4��[Rf��7%rț�M���%W�����oGgs�(�
m! �e�t踷T��]�vSW"@K�
T�4HM.zh��?jv�y�j��l2>��tD
���ƥ�� �eȕM�������Z�Ha���c^���7ΑB����!��%��J(Г�������k��1��
͙D����z�T�D�����������N�P!N.E,�n�#c ��[
��bc����d��g��3ey�xYv,�}d�E��32z����6wRW<�һ��煷�v_�`����ղ�Y+��ޛYn�F�F'1��F�fD9�9
sDT��C�O�@�X'��R)����
10
+
ť"
ý.�T~�x7�f��졶[�jE:q�;�ˠU�%����*U�D
secrets/frps-token.age
secrets/frps-token.age
This is a binary file and will not be displayed.
secrets/github-token.age
secrets/github-token.age
This is a binary file and will not be displayed.
secrets/knot-secret.age
secrets/knot-secret.age
This is a binary file and will not be displayed.
+5
-5
secrets/npmrc.age
+5
-5
secrets/npmrc.age
···
1
1
age-encryption.org/v1
2
-
-> ssh-ed25519 1uIO/w suN/VSXk4OcLaOD9JrEt5Ptld6cBvEF9Lbr0SjT1AGI
3
-
wyMCuKAUEr1dmbptzT5IPNlgzTAFI8AfRzHruALaN84
4
-
--- 2rl0MtimAp8+w4nKIPdT77gXKBLyLBGfcyhM2TLcNbI
5
-
��N��
�f��>9T�Xc����v5�*bN`��sd����ZU�2��d�
���7�Q���7}�3���n,0�
X��e�z`��ӎ������=�O����i
3�Y��zC�Ө�R�qT(1S�С
��M;l�
6
-
q�鍓�l^��Y��
7Da蝴�Eq����4Sè��"Z�
2
+
-> ssh-ed25519 1uIO/w 46JHrkXX6PTOPo0edNtq6Aj8WP4V5uKh34BzHCHE6BA
3
+
OVuvto9pt4aLgmRYAr27cNFE1oJjSHfpr/0LALpA6+I
4
+
--- g9OTMHluW4rvyLDD9zgwYausMpZfnALCDqP0yYYgI6U
5
+
o
��cݾ,�&QD�g�vF���aS���Bk�q8�Xp��4Q�B
6
+
��z��M}1�PҢ�Ad�8�X�;h�)��d �]����L#f]}�
�k�u��B��
%�n�0� �8��w>����h���g��
9㤔�7���-�*f�e":�f22a��W���ϼP������n�WP$"
secrets/pds-mailer.age
secrets/pds-mailer.age
This is a binary file and will not be displayed.
secrets/pds.age
secrets/pds.age
This is a binary file and will not be displayed.
+1
-1
secrets/secrets.nix
+1
-1
secrets/secrets.nix
···
48
48
49
49
# Atuin encryption key for sync
50
50
# Contains the raw encryption key for Atuin shell history sync
51
-
"atuin-key.age".publicKeys = allUsers;
51
+
"atuin-key.age".publicKeys = all;
52
52
53
53
# Espanso secrets (sensitive text expansions)
54
54
# Contains: email addresses, EINs, personal addresses
+4
-5
secrets/wakatime-api-key.age
+4
-5
secrets/wakatime-api-key.age
···
1
1
age-encryption.org/v1
2
-
-> ssh-ed25519 1uIO/w KQGHESnmZq9SRbZzY37HrJYozuTBrQwsgYogbCR9MFo
3
-
nBvjb5ILKu1dxR5heo1mLcRgls5TekDTb1tshqxIQwI
4
-
--- vl6Y6cbIZLxndvb5ypvSC9xi23kpdYGBKYOJAtCespc
5
-
3�3��I9�X·ZX����Z��n���� ˂���O1m
����r�>-���
6
-
���q?!d��"p���З"
2
+
-> ssh-ed25519 1uIO/w m52++A58clBVm2dzmE7x5iKPs242NVNgfqi21mptFjY
3
+
9vRAQhAbIrEfuvVVx1XIrv8On7C6l+fr1e1/Rhv582g
4
+
--- jrvlYmttUD56ylPNJRdhtmyTwBjkRK9fkqVZGQzCIwc
5
+
�(��Nkl���x�� X&.�9F5`���r})lۑa��R_
-�}RN|���V籱U��3��;;�i���
+6
-6
secrets/wifi-passwords.age
+6
-6
secrets/wifi-passwords.age
···
1
1
age-encryption.org/v1
2
-
-> ssh-ed25519 1uIO/w aJAyeyz5P9v86+CLa4guLId2kUFf0GzeiTinvhr33Ec
3
-
I5R70s12LRNfqLh6RUE/3CCySrfKXMHhpIWXb67b6hg
4
-
-> ssh-ed25519 U0D80g LDlwtocVA/ACCMJTb8ECgeU9KxV49ecWotuhzqiv8X8
5
-
XDgTx5UDNiM0twMYPpax9TByFX0MtX+X3rb30DSTiY4
6
-
--- Nj8WkxFu5ZiExjpY+gWidax7SwMCzP0Y9QCoxeK9F44
7
-
��_���*��jn�fr1|��]t�a��|N|����fa���-("<�(�����Z/�F���
aA���e�=�ͤD�)ٌ��
2
+
-> ssh-ed25519 1uIO/w DrzrAcy9kciPmXwb4TuGdXFhPSxJY+L4D3ubFfWN4h8
3
+
+BhseJljsJ/2dWS5+R7HddsmYEWcn2V/6ZhuizBNVtY
4
+
-> ssh-ed25519 U0D80g g5fqwm5oanWL0uGP3CzSFhN7UQo+vg7vQU0xJaVeMAQ
5
+
Qfr4fjTn2tXjTgQ3+XNJBByGBPoKyLQDXxjWjamvgZM
6
+
--- R7lujDVqbMClYfaFD3wIz5PCpOiP0tmLnact+pKt/zk
7
+
i{�qS�ܺ� NU�:���^����ҕ�<��m�(
�pK�s�D9�̦L��x��3�K�:����^Z�y��ŵ���Z��G