From e44aa41378e489370dc013b2e3a4405be95b4d22 Mon Sep 17 00:00:00 2001
From: itsscb <dev@itsscb.de>
Date: Wed, 8 May 2024 23:21:30 +0200
Subject: [PATCH] ft/adds cifs shares and sops credentials

---
 .sops.yaml                      |  7 ++++
 flake.lock                      | 40 ++++++++++++++++++++-
 flake.nix                       |  4 +++
 hosts/default/configuration.nix | 63 +++++++++++++++++++++++++++++++--
 hosts/default/home.nix          | 45 +++++++++++------------
 secrets/secrets.yaml            | 21 +++++++++++
 6 files changed, 154 insertions(+), 26 deletions(-)
 create mode 100644 .sops.yaml
 create mode 100644 secrets/secrets.yaml

diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 0000000..0f657aa
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,7 @@
+keys:
+  - &primary age18ykeuqsrxyn5x6ygprupksuh9nhkzn47ju3krjge3ywfy3d8jgyq3zgmsc
+creation_rules:
+  - path_regex: secrets/secrets.yaml$
+    key_groups:
+    - age:
+      - *primary
diff --git a/flake.lock b/flake.lock
index 50486f2..78a93bd 100644
--- a/flake.lock
+++ b/flake.lock
@@ -190,6 +190,22 @@
         "type": "github"
       }
     },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1714858427,
+        "narHash": "sha256-tCxeDP4C1pWe2rYY3IIhdA40Ujz32Ufd4tcrHPSKx2M=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "b980b91038fc4b09067ef97bbe5ad07eecca1e76",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "release-23.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nixpkgs_2": {
       "locked": {
         "lastModified": 0,
@@ -207,7 +223,29 @@
         "home-manager": "home-manager",
         "hyprland": "hyprland",
         "hyprland-plugins": "hyprland-plugins",
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs_2",
+        "sops-nix": "sops-nix"
+      }
+    },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": "nixpkgs-stable"
+      },
+      "locked": {
+        "lastModified": 1715035358,
+        "narHash": "sha256-RY6kqhpCPa/q3vbqt3iYRyjO3hJz9KZnshMjbpPon8o=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "893e3df091f6838f4f9d71c61ab079d5c5dedbd1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
       }
     },
     "systems": {
diff --git a/flake.nix b/flake.nix
index aa2c4bd..be0dca8 100644
--- a/flake.nix
+++ b/flake.nix
@@ -10,6 +10,10 @@
       inputs.hyprland.follows = "hyprland";
     };
 
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
     # hyprlock = {
     #   url = "github:hyprwm/hyprlock";
     #   inputs.hyprland.follows = "hyprland";
diff --git a/hosts/default/configuration.nix b/hosts/default/configuration.nix
index 84d4310..2ea60f6 100644
--- a/hosts/default/configuration.nix
+++ b/hosts/default/configuration.nix
@@ -9,9 +9,16 @@
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
       inputs.home-manager.nixosModules.default
-      # <home-manager/nixos>
+      inputs.sops-nix.nixosModules.sops
     ];
 
+  sops.validateSopsFiles = false;
+  sops.defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
+  sops.defaultSopsFormat = "yaml";
+  sops.age.keyFile = "/home/itsscb/.config/sops/age/keys.txt";
+
+  sops.secrets."nas" = {};
+
   # Bootloader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
@@ -71,12 +78,24 @@
 
   };
 
+  users.groups.fsc = {
+    gid = 1010;
+  };
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
   users.users.itsscb = {
     isNormalUser = true;
+    uid = 1000;
     description = "itsscb";
-    extraGroups = [ "networkmanager" "wheel" ];
+    extraGroups = [ "networkmanager" "wheel" "fsc"];
+    packages = with pkgs; [
+   ];
+  };
+  users.users."k.sc"= {
+    isNormalUser = true;
+    uid = 1001;
+    description = "k.sc";
+    extraGroups = [ "networkmanager" "fsc"];
     packages = with pkgs; [
    ];
   };
@@ -85,7 +104,6 @@
     nerdfonts
   ];
 
-
   
   programs = {
     
@@ -121,6 +139,8 @@
     variables = {
       EDITOR = "hx";
     };
+
+    
   };
 
   hardware = {
@@ -145,6 +165,8 @@ home-manager = {
   xdg.portal.enable = true;
 
   environment.systemPackages = with pkgs; [
+    age
+    sops
     curl
     waybar
     (waybar.overrideAttrs (oldAttrs: {
@@ -155,7 +177,16 @@ home-manager = {
     libnotify
     
     swww
+    
+    broot
+    jq
+    poppler
+    fzf
     dolphin
+    breeze-icons
+    
+    # cifs-utils
+    
     networkmanagerapplet
     alacritty
     xdg-desktop-portal-gtk
@@ -197,6 +228,32 @@ home-manager = {
     atomix
   ]);
 
+  fileSystems = {
+    "/mnt/home" = {
+      device = "//192.168.128.2/Cloud_Privat";
+      fsType = "cifs";
+      label = "HOME";
+      options = let
+        automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user";
+      in ["${automount_opts},credentials=${config.sops.secrets."nas".path},uid=1000,gid=1010"];
+    };
+    "/mnt/scan" = {
+      device = "//192.168.128.2/scan";
+      fsType = "cifs";
+      options = let
+        automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user";
+
+      in ["${automount_opts},credentials=${config.sops.secrets."nas".path},uid=1000,gid=1010"];
+    };
+    "/mnt/shared" = {
+      device = "//192.168.128.2/shared";
+      fsType = "cifs";
+      options = let
+        automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user";
+
+      in ["${automount_opts},credentials=${config.sops.secrets."nas".path},uid=1000,gid=1010"];
+    };
+  };
 
   programs.nix-ld.enable = true;
   programs.nix-ld.libraries = with pkgs; [
diff --git a/hosts/default/home.nix b/hosts/default/home.nix
index 81d321d..e7a5302 100644
--- a/hosts/default/home.nix
+++ b/hosts/default/home.nix
@@ -110,30 +110,31 @@
     };
   };
 
-  # dconf = {
-  #   enable = true;
-  #   settings."org/gnome/desktop/interface".color-scheme = "prefer-dark";
-  #   settings."org/gnome/desktop/screensaver" = {
-  #     picture-uri = "file:///etc/nixos/dotfiles/hypr/rust.png";
-  #     picture-uri-dark = "file:///etc/nixos/dotfiles/hypr/rust.png";
-  #   settings."org/gnome/desktop/peripherals/touchpad".tap-to-click = true;
-  #   settings."org/gnome/desktop/background".picture-uri-dark = "file:///run/current-system/sw/share/backgrounds/gnome/keys-d.jpg";
-  #   settings."org/gnome/desktop/background".picture-uri = "file:///run/current-system/sw/share/backgrounds/gnome/keys-l.jpg";
-  #   settings."org/gnome/desktop/background".primary-color = "#aaaaaa";
-  #   settings."org/gnome/desktop/background".secondary-color = "#000000";
-  #   settings."org/gnome/desktop/interface".show-battery-percentage = true;
-  #   settings."org/gnome/settings-daemon/plugins/media-keys".home = ["<Super>e"];
-  #   settings."org/gnome/settings-daemon/plugins/media-keys".control-center= ["<Super>i"];
-  #   settings."org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".binding= "<Super>t";
-  #   settings."org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".command= "gnome-terminal";
-  #   settings."org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".name= "gt1";
+  dconf = {
+    enable = true;
+    settings."org/gnome/desktop/interface".color-scheme = "prefer-dark";
+    settings."org/gnome/desktop/screensaver" = {
+      picture-uri = "file:///etc/nixos/dotfiles/hypr/rust.png";
+      picture-uri-dark = "file:///etc/nixos/dotfiles/hypr/rust.png";
+    };
+    settings."org/gnome/desktop/peripherals/touchpad".tap-to-click = true;
+    settings."org/gnome/desktop/background".picture-uri-dark = "file:///run/current-system/sw/share/backgrounds/gnome/keys-d.jpg";
+    settings."org/gnome/desktop/background".picture-uri = "file:///run/current-system/sw/share/backgrounds/gnome/keys-l.jpg";
+    settings."org/gnome/desktop/background".primary-color = "#aaaaaa";
+    settings."org/gnome/desktop/background".secondary-color = "#000000";
+    settings."org/gnome/desktop/interface".show-battery-percentage = true;
+    settings."org/gnome/settings-daemon/plugins/media-keys".home = ["<Super>e"];
+    settings."org/gnome/settings-daemon/plugins/media-keys".control-center= ["<Super>i"];
+    settings."org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".binding= "<Super>t";
+    settings."org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".command= "gnome-terminal";
+    settings."org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0".name= "gt1";
 
-  #   settings."org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".binding= "<Control><Alt>t";
-  #   settings."org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".command= "gnome-terminal";
-  #   settings."org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".name= "gt2";
-  #   settings."org/gnome/settings-daemon/plugins/media-keys".custom-keybindings= ["/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/" "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"];
+    settings."org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".binding= "<Control><Alt>t";
+    settings."org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".command= "gnome-terminal";
+    settings."org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1".name= "gt2";
+    settings."org/gnome/settings-daemon/plugins/media-keys".custom-keybindings= ["/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/" "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"];
 
-  # };
+  };
   home.packages = [
   ];
 wayland.windowManager.hyprland.enable = true;
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
new file mode 100644
index 0000000..854edae
--- /dev/null
+++ b/secrets/secrets.yaml
@@ -0,0 +1,21 @@
+nas: ENC[AES256_GCM,data:JIb5+hJg7XdnDoCD3wH++6mX8YBmSEeiFdB8iuHZXhGC4OKo8eJWaIs=,iv:fG0EFEDvriHf9IeDaiYJZojB3I+FJhQQXU4Z49CmTU0=,tag:5UAcQ0IH4+B1OE2p1RkeDw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age18ykeuqsrxyn5x6ygprupksuh9nhkzn47ju3krjge3ywfy3d8jgyq3zgmsc
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIZVRiblpGdDlOMjRhc3hl
+            WUxGL1k5bWh4N1MvaUxqZnZ5NHFSY2theGtnClc4NnFyazlYYTVZOFFTQnhXVWZN
+            MW5sb1ptbnBlZXJiSXd5SmdKbElsV3cKLS0tIDBqb3paVDlqSWtKK2lhNCtPam10
+            bTFXejdDWldUaUQyaUE0My9UQm1RencKyKM5CyU2qIygoM+9ZmvxfTW6DIn2HTf8
+            9GHcmPnwRnIOPreuS5H1zGHnq4A5OJo6/ToLLabiAqSFbd5+W8EPkQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-05-08T21:16:29Z"
+    mac: ENC[AES256_GCM,data:x3pl9lvklsuf730s5EEDuiYulmbsKlrKdid2tuH1HFgTYRcvzEwXaOEWj9HQ27gT3UcVuQflwo8YEFW7GGs27jYHDyy3FeTcuoagNZvlxlVS5MBTjN4nAYU2sq2ykE8yZanORwLgE3vuQFyXE9416K+ZbcybpmRTLRZ0xxW4+yw=,iv:2BvL8DboJbgFHkgRXglW7LCk73AeFf1CdNxiDu/FGb8=,tag:2FaNkwrkP1B9AdPzs+35CA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1