diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..b499ac6 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,7 @@ +keys: + - &primary age1j3uuyax673fvl5x4dveupq3dylngnrq0e5uy7fmclsexkfd25vysk646wk +creation_rules: + - path_regex: home-manager/secrets.yaml$ + key_groups: + - age: + - *primary diff --git a/flake.lock b/flake.lock index fcf9607..025086f 100644 --- a/flake.lock +++ b/flake.lock @@ -52,11 +52,63 @@ "type": "github" } }, + "nixpkgs-stable_2": { + "locked": { + "lastModified": 1721524707, + "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1721466660, + "narHash": "sha256-pFSxgSZqZ3h+5Du0KvEL1ccDZBwu4zvOil1zzrPNb3c=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "6e14bbce7bea6c4efd7adfa88a40dac750d80100", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "home-manager": "home-manager", "nixpkgs": "nixpkgs", - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs-stable": "nixpkgs-stable", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": "nixpkgs_2", + "nixpkgs-stable": "nixpkgs-stable_2" + }, + "locked": { + "lastModified": 1723501126, + "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "be0eec2d27563590194a9206f551a6f73d52fa34", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" } } }, diff --git a/flake.nix b/flake.nix index c939372..eed94f9 100644 --- a/flake.nix +++ b/flake.nix @@ -5,6 +5,7 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05"; + sops-nix.url = "github:Mic92/sops-nix"; home-manager = { url = "github:nix-community/home-manager"; @@ -33,7 +34,10 @@ homeConfigurations.sweetbread = home-manager.lib.homeManagerConfiguration { pkgs = nixpkgs.legacyPackages.${system}; - modules = [ ./home-manager/home.nix ]; + modules = [ + ./home-manager/home.nix + inputs.sops-nix.homeManagerModules.sops + ]; }; }; } diff --git a/home-manager/modules/bundle.nix b/home-manager/modules/bundle.nix index 46b9836..6b2c20a 100644 --- a/home-manager/modules/bundle.nix +++ b/home-manager/modules/bundle.nix @@ -5,6 +5,7 @@ ./htop.nix ./alacritty.nix ./qt.nix + ./sops.nix ./wms/hyprland.nix ./wms/waybar.nix diff --git a/home-manager/modules/sops.nix b/home-manager/modules/sops.nix new file mode 100644 index 0000000..e95b390 --- /dev/null +++ b/home-manager/modules/sops.nix @@ -0,0 +1,8 @@ +{ config, ... }: { + sops = { + defaultSopsFile = ../secrets.yaml; + age.keyFile = "/home/sweetbread/.config/sops/age/keys.txt"; + + secrets."tokens/apis/wallhaven" = {}; + }; +} diff --git a/home-manager/modules/wms/hyprland.nix b/home-manager/modules/wms/hyprland.nix index 2506759..043c737 100644 --- a/home-manager/modules/wms/hyprland.nix +++ b/home-manager/modules/wms/hyprland.nix @@ -1,5 +1,52 @@ -{ - wayland.windowManager.hyprland = { +{ pkgs, lib, config, ... }: { + wayland.windowManager.hyprland = + let + wallpaper_changer = pkgs.writers.writePython3Bin "wallpaper_changer" { + flakeIgnore = [ "E501" "E111" "E701" "E241" "E731" ]; + } /*py*/ '' + import requests as requests + from random import choice + from os import system, mkdir, listdir + from os.path import exists + + notify = lambda s: system(f"notify-desktop Wallpaper '{s}'") + folder = "/home/sweetbread/Wallpapers" + url = "https://wallhaven.cc/api/v1/collections/sweetbread/1764377" + with open("${config.sops.secrets."tokens/apis/wallhaven".path}") as f: + token = f.read() + + notify("Updating wallpaper!") + + try: + json = requests.get(url, params={'apikey': token}).json() + + wallpaper = choice(json['data']) + link = wallpaper['path'] + format = wallpaper['file_type'] + id = wallpaper['id'] + + if format == "image/jpeg": ext = "jpg" + else: ext = "png" + + filename = f"{id}.{ext}" + + if not exists(f"{folder}/{filename}"): + if not exists(folder): + mkdir(f"{folder}") + + notify("Downloading...") + with open(f"{folder}/{filename}", 'wb') as f: + r = requests.get(link) + f.write(r.content) + + except requests.exceptions.ConnectionError: + notify("Offline mode") + filename = choice(listdir(folder)) + + finally: + system(f"swww img {folder}/{filename} --transition-type center") + ''; + in { enable = true; xwayland.enable = true; @@ -117,13 +164,13 @@ ]; exec-once = [ - "systemctl --user start plasma-polkit-agent" - "swww init" - "swww img ~/Downloads/nixos-chan.png" - "waybar" - "wl-paste --type text --watch cliphist store" - "wl-paste --type image --watch cliphist store" - ]; + "systemctl --user start plasma-polkit-agent" + "swww init" + "python3 ${lib.getExe wallpaper_changer}" + "waybar" + "wl-paste --type text --watch cliphist store" + "wl-paste --type image --watch cliphist store" + ]; bind = [ "$mainMod, V, exec, cliphist list | wofi --dmenu | cliphist decode | wl-copy" @@ -208,7 +255,9 @@ # Waybar "$mainMod, B, exec, pkill -SIGUSR1 waybar" - "$mainMod, W, exec, pkill -SIGUSR2 waybar" + #"$mainMod, W, exec, pkill -SIGUSR2 waybar" + + "$mainMod, W, exec, python3 ${lib.getExe wallpaper_changer}" # Disable all effects "$mainMod Shift, G, exec, ~/.config/hypr/gamemode.sh " diff --git a/home-manager/secrets.yaml b/home-manager/secrets.yaml new file mode 100644 index 0000000..77c7123 --- /dev/null +++ b/home-manager/secrets.yaml @@ -0,0 +1,23 @@ +tokens: + apis: + wallhaven: ENC[AES256_GCM,data:mawmbX0FQkhQHruABPc34mm+QtyEv6SulAXOGL6tMoQ=,iv:P+LtVoGzhc9kv4XUXOIJCosg52JXBAyWTQ+os9clibg=,tag:TQ0dLVKDkAo20p4w9HKn2g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1j3uuyax673fvl5x4dveupq3dylngnrq0e5uy7fmclsexkfd25vysk646wk + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnbDl6ZWZpc2U2SnNYQVpJ + cmtBRzVOZTdOaXd6MFFnTGFLbzBhNldlN25RCisyNnAwY21udlZCWEc4U2hPa2di + WXN5cEduMXUwNXpmU0hBQzdkamtSd28KLS0tIHUzd3RTbUM4VnFYZkRYbXJCUDZl + UkZPZUlLQVNUZ1ZGV3BZM3hib3JHMXcKqyQUcRMhoVHK78lAYl2vSJUCxBL6atLb + VXT5DV67KKnUKyKUAQ+gjEP9EpvR16PBCZ+EcSFfx/azHONCtV3mZg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-08-26T18:55:20Z" + mac: ENC[AES256_GCM,data:x9TX4OfDmw8qySadz/l5BUTyQLsOnROKASMn34Ps5Sb0LzYKrlQoHPQhiJ6YVNfYE+7WtNMqoQvUEjg9FQfEVcH5PFeXZjAaeLKDvEhgXjklhrSfbWCn7a+1yIbwutKb63cIuMh9ZcDUCmtAZlt+FssI/TjB0k5QqV4a358hjQE=,iv:GJWGCINdJr3HLX33YFEqTE+TlmfCpZBCLBUUHGSvvG8=,tag:6sKlM2/3r3os1h0U5ToqiA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/nixos/modules/gpg.nix b/nixos/modules/gpg.nix new file mode 100644 index 0000000..1f4dd05 --- /dev/null +++ b/nixos/modules/gpg.nix @@ -0,0 +1,6 @@ +{ pkgs, ...}: { + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; +} diff --git a/nixos/packages.nix b/nixos/packages.nix index 4c13a2f..ee3c713 100644 --- a/nixos/packages.nix +++ b/nixos/packages.nix @@ -74,6 +74,7 @@ wofi mako gromit-mpx + notify-desktop # Xorg stuff #xterm