added secrets

2021-05-09 00:00:36 +05:30
parent 0f51622ac9
commit 422ab9c1eb
38 changed files with 517 additions and 82 deletions
--- a/home/config/dwm/autostart.sh
+++ b/home/config/dwm/autostart.sh
@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+picom --experimental-backends &
+~/.dwm/bruhstatus.sh &
+feh --bg-scale ~/Downloads/stallman.jpg
--- a/home/config/dwm/bruhstatus.sh
+++ b/home/config/dwm/bruhstatus.sh
@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+prevtotload=0
+previdleload=0
+#tt=$(date +"%s")
+#bgfile=$(ls ~/Wallpapers/** | shuf -n 1)
+#for N in {99..1}; do
+#    magick convert $bgfile -fill black -colorize $N% jpg:- | feh --bg-scale -
+#done
+#feh --bg-scale $bgfile
+while true; do
+    cputemp=$(($(cat /sys/class/thermal/thermal_zone0/temp)/1000))
+    gputemp=$(nvidia-smi | head -n 10 | tail -n 1 |awk '{print $3}'| cut -c 1-2)
+    totmem=$(cat /proc/meminfo | awk '/MemTotal:/ {print $2}')
+    echo $totmem
+    availmem=$(cat /proc/meminfo | awk '/MemAvailable:/ {print $2}')
+    echo $availmem
+    totload=$(cat /proc/stat | awk '/cpu/'|head -n 1|awk '{print $2+$3+$4+$5+$6+$7+$8}')
+    echo $totload
+    idleload=$(cat /proc/stat | awk '/cpu/'|head -n 1|awk '{print $5}')
+    echo $idleload
+    totloadchange=$(($totload-$prevtotload))
+    idleloadchange=$(($idleload-$previdleload))
+    xsetroot -name\
+        "CPU [$(printf %0.2f $(echo "($totloadchange-$idleloadchange)*100/$totloadchange" | bc -l))%]\
+  MEM [$(printf %0.2f $(echo \($totmem - $availmem\)/1024/1024|bc -l))/\
+$(printf %0.2f $(echo $totmem/1024/1024 | bc -l))]\
+  TEMP [$cputemp°C|$gputemp°C]\
+  BAT$($(cat /sys/class/power_supply/BAT1/status | grep -q Discharging) && echo " " || echo "")\
+[$(cat /sys/class/power_supply/BAT1/capacity)%]\
+  VOL [$(pamixer --get-volume)]\
+  [$(date +"%a, %b %d") | $(date +"%H:%M:%S")]"
+    prevtotload=$totload
+    previdleload=$idleload
+   # if [ $(echo $tt+44 | bc -l) -lt $(date +"%s") ]
+   # then
+        #for N in {1..99}; do
+        #    magick convert $bgfile -fill black -colorize $N% jpg:- | feh --bg-scale -
+        #done
+      #  bgfile=$(ls ~/Wallpapers/** | shuf -n 1)
+        #for N in {99..1}; do
+        #    magick convert $bgfile -fill black -colorize $N% jpg:- | feh --bg-scale -
+        #done    
+     #   feh --bg-scale $bgfile
+      #  tt=$(date +"%s")
+    #fi
+    sleep 15
+done
--- a/home/modules/files.nix
+++ b/home/modules/files.nix
@@ -1,15 +0,0 @@
-{config, ...}:
-let
-  home = config.home.homeDirectory;
-in {
-  home = {
-    file.ncmpcpp = {
-      source = ../config/ncmpcpp/config;
-      target = "${home}/.config/ncmpcpp/config";
-    };
-    file.mpd = {
-      source = ../config/mpd/mpd.conf;
-      target = "${home}/.config/mpd/mpd.conf";
-    };
-  };
-}
--- a/home/natto.nix
+++ b/home/natto.nix
@@ -1,20 +1,41 @@
-{ config, pkgs, ... }:
-
+{ config, pkgs, lib, ... }:
+let
+  home = config.home.homeDirectory;
+in
 {
  imports = [
-    ./modules/programs.nix 
-    ./modules/xsession.nix
-    ./modules/files.nix
-    ./modules/services.nix
-    ./modules/gtk.nix
+    ./stuff/programs.nix 
+    ./stuff/xsession.nix
+    ./stuff/secret.nix
+    ./stuff/services.nix
+    ./stuff/gtk.nix
  ];
  nixpkgs = {
    config = {
      allowUnfree = true;
    };
  };
+
+  age = {
+    sshKeyPaths = [ "${home}/.ssh/id_ed25519" ];
+    secrets = {
+      fish_variables = {
+        file = ./secrets/fish_variables.age;
+        path = "${home}/.config/fish/fish_variables";
+      };
+      mpdasrc = {
+        file = ./secrets/mpdasrc.age;
+        path = "${home}/.config/mpdasrc";
+      };
+    };
+  };
  home = {
    packages = with pkgs; [
+      ffmpeg
+      sox
+      rage
+      curl
+      pamixer
      mpdas
      mpd
      dunst
@@ -31,8 +52,30 @@
      tor-browser-bundle-bin
      mpc_cli
      flameshot
+      hexchat
      luajit
      mpv
+      jmtpfs
+      youtube-dl
    ];
+
+    file = {
+      ncmpcpp = {
+        source = ./config/ncmpcpp/config;
+        target = "${home}/.config/ncmpcpp/config";
+      };
+      mpd = {
+        source = ./config/mpd/mpd.conf;
+        target = "${home}/.config/mpd/mpd.conf";
+      };
+      dwm-autostart = {
+        source = ./config/dwm/autostart.sh;
+        target = "${home}/.dwm/autostart.sh";
+      };
+      dwm-status = {
+        source = ./config/dwm/bruhstatus.sh;
+        target = "${home}/.dwm/bruhstatus.sh";
+      };
+    };
  };
 }
--- a/home/root.nix
+++ b/home/root.nix
@@ -1,7 +0,0 @@
-{config, ...}:
-{
-  imports = [
-    ./modules/programs/nvim.nix
-    ./modules/gtk.nix
-  ];
-}
--- a/home/secrets/fish_variables.age
+++ b/home/secrets/fish_variables.age
--- a/home/secrets/mpdasrc.age
+++ b/home/secrets/mpdasrc.age
--- a/home/modules/gtk.nix
+++ b/home/modules/gtk.nix
--- a/home/modules/programs.nix
+++ b/home/modules/programs.nix
--- a/home/modules/programs/nvim.nix
+++ b/home/modules/programs/nvim.nix
--- a/home/stuff/secret.nix
+++ b/home/stuff/secret.nix
@@ -0,0 +1,93 @@
+/* Module by @ryantm in github:ryantm/agenix 
+Modified by @natto1784 for 'personal' home-manager config */
+
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.age;
+  ageBin = "${pkgs.rage}/bin/rage";
+  users = config.users.users;
+  home_ = config.home.homeDirectory;
+  username_ = config.home.username;
+  identities = builtins.concatStringsSep " " (map (path: "-i ${path}") cfg.sshKeyPaths);
+  installSecret = secretType: ''
+    echo "decrypting ${secretType.file} to ${secretType.path}..." 
+    TMP_FILE="${secretType.path}.tmp"
+    mkdir -p $(dirname ${secretType.path})
+    (umask 0400; ${ageBin} --decrypt ${identities} -o "$TMP_FILE" "${secretType.file}")
+    chmod ${secretType.mode} "$TMP_FILE"
+    chown ${secretType.owner} "$TMP_FILE"
+    mv -f "$TMP_FILE" '${secretType.path}'
+  '';
+
+  secretType = types.submodule ({ config, ... }: {
+    options = {
+      name = mkOption {
+        type = types.str;
+        default = config._module.args.name;
+        description = ''
+          Name of the file used in /run/secrets
+        '';
+      };
+      file = mkOption {
+        type = types.path;
+        description = ''
+          Age file the secret is loaded from.
+        '';
+      };
+      path = mkOption {
+          type = types.str;
+          default = "${home_}/.secrets/${config.name}";
+          description = ''
+            Path where the decrypted secret is installed.
+          '';
+        };
+      mode = mkOption {
+        type = types.str;
+        default = "0400";
+        description = ''
+          Permissions mode of the in octal.
+        '';
+      };
+      owner = mkOption {
+        type = types.str;
+        default = "${username_}";
+        description = ''
+          User of the file.
+        '';
+      };
+    };
+  });
+in {
+  
+  options.age = {
+    secrets = mkOption {
+      type = types.attrsOf secretType;
+      default = {};
+      description = ''
+        Attrset of secrets.
+      '';
+    };
+
+    sshKeyPaths = mkOption {
+      type = types.listOf types.path;
+      default = [  ];
+      description = ''
+        Path to SSH keys to be used as identities in age decryption.
+      '';
+    };
+  };
+  config = mkIf (cfg.secrets != {}) {
+    assertions = [{
+      assertion = cfg.sshKeyPaths != [];
+      message = "age.sshKeyPaths must be set.";
+    }];
+    home.activation = {
+      decryptSecrets = lib.hm.dag.entryBefore [ "writeBoundary" ] (concatStrings (map installSecret (builtins.attrValues cfg.secrets)));
+    };
+  };
+}
+
+
--- a/home/modules/services.nix
+++ b/home/modules/services.nix
--- a/home/modules/xsession.nix
+++ b/home/modules/xsession.nix