cant figure out sops

flake.nix

@@ -71,7 +71,10 @@
           home-manager.useGlobalPkgs = true;
           home-manager.extraSpecialArgs = {inherit inputs;};
           home-manager.users."tacocat" = {
-            imports = [./users/tacocat/home.nix];
+            imports = [
+              ./users/tacocat/home.nix
+              sops-nix.homeManagerModules.sops
+            ];
             _module.args.theme = import ./modules/themes;
           };
         }

hosts/JWST/configuration.nix

@@ -9,10 +9,14 @@
     ./hardware-configuration.nix
   ];
 
-  sops.defaultSopsFile = ./secrets/secrets.yaml;
+  # ------------ System ------------
-  sops.defaultSopsFormat = "yaml";
 
-  sops.age.keyFile = "/home/tacocat/.config/sops/age/keys.txt";
+  users.users.tacocat = {
+    isNormalUser = true;
+    extraGroups = ["wheel" "networkmanager" "audio" "video" "bluetooth" "kvm"];
+    home = "/home/tacocat";
+    description = "Aria Nolan";
+  };
 
   boot.loader = {
     efi.canTouchEfiVariables = false;
@@ -30,20 +34,6 @@
     };
   };
 
-  nix.settings.experimental-features = ["nix-command" "flakes"];
-  nix.settings.auto-optimise-store = true;
-  nix.settings.trusted-users = ["root" "tacocat"];
-
-  nix.gc = {
-    automatic = true;
-    dates = "weekly";
-    options = "--delete-older-than 1w";
-  };
-
-  networking.hostName = "JWST";
-  networking.networkmanager.enable = true;
-
-  # Select internationalisation properties.
   i18n.defaultLocale = "en_US.UTF-8";
   console = {
     font = "Lat2-Terminus16";
@@ -52,11 +42,10 @@
 
   time.timeZone = "America/New_York";
 
-  # Enable CUPS to print documents.
+  networking.hostName = "JWST";
-  services.printing.enable = true;
+  networking.networkmanager.enable = true;
-  services.geoclue2.enable = true;
 
-  # Enable sound.
+  # Sound
   sound.enable = true;
   services.pipewire = {
     enable = true;
@@ -65,6 +54,87 @@
     jack.enable = true;
   };
 
+  # Services/Hardware
+  hardware.opentabletdriver.enable = true;
+  hardware.bluetooth.enable = true;
+  services.blueman.enable = true;
+  services.printing.enable = true;
+  services.geoclue2.enable = true;
+  security.rtkit.enable = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It's perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.05"; # Did you read the comment?
+
+  # ------------ Nix ------------
+
+  nix.settings = {
+    experimental-features = ["nix-command" "flakes"];
+    auto-optimise-store = true;
+    trusted-users = ["root" "tacocat"];
+  };
+
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    options = "--delete-older-than 1w";
+  };
+
+  nixpkgs.config.allowUnfreePredicate = pkg:
+    builtins.elem (lib.getName pkg) [
+      "steam"
+      "steam-original"
+      "steam-run"
+      "nvidia-x11"
+      "nvidia-settings"
+      "discord"
+    ];
+
+  # ------------ Software ------------
+
+  environment = {
+    systemPackages = with pkgs; [
+      vim
+      exfat
+      encfs
+      ntfs3g
+      sops
+    ];
+    # remove nano
+    defaultPackages = with pkgs; [
+      perl
+      rsync
+      strace
+    ];
+  };
+
+  # sops = {
+  #   defaultSopsFile = ../../secrets/secrets.yaml;
+  #   defaultSopsFormat = "yaml";
+  #   age.keyFile = "/home/tacocat/.config/sops/age/keys.txt";
+  #   secrets.email-personal = {};
+  #   secrets.email-spam = {};
+  #   secrets.email-school = {};
+  # };
+
+  programs.sway = {
+    enable = true;
+    wrapperFeatures.gtk = true;
+    extraPackages = with pkgs; [
+      swaylock
+      swayidle
+      brightnessctl
+      wl-mirror
+    ];
+  };
+
+  programs.waybar.enable = true;
+  programs.steam.enable = true;
+
   xdg.portal = {
     enable = true;
     wlr.enable = true;
@@ -73,6 +143,8 @@
     ];
   };
 
+  # ------------ Graphics ------------
+
   hardware.opengl = {
     enable = true;
     driSupport = true;
@@ -98,59 +170,4 @@
   };
 
   services.xserver.videoDrivers = ["nvidia"];
-
-
-  hardware.opentabletdriver.enable = true;
-  hardware.bluetooth.enable = true;
-  services.blueman.enable = true;
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.tacocat = {
-    isNormalUser = true;
-    extraGroups = ["wheel" "networkmanager" "audio" "video" "bluetooth" "kvm"];
-    home = "/home/tacocat";
-    description = "Aria Nolan";
-  };
-
-  programs.sway.enable = true;
-  programs.sway.wrapperFeatures.gtk = true;
-  programs.sway.extraPackages = with pkgs; [
-    swaylock
-    swayidle
-    brightnessctl
-    wl-mirror
-  ];
-
-  programs.waybar.enable = true;
-  programs.steam.enable = true;
-  nixpkgs.config.allowUnfreePredicate = pkg:
-    builtins.elem (lib.getName pkg) [
-      "steam"
-      "steam-original"
-      "steam-run"
-      "nvidia-x11"
-      "nvidia-settings"
-    ];
-
-  environment = {
-    systemPackages = with pkgs; [
-      vim
-      exfat
-      encfs
-      ntfs3g
-    ];
-    defaultPackages = with pkgs; [
-      perl
-      rsync
-      strace
-    ];
-  };
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It's perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.05"; # Did you read the comment?
 }

secrets/secrets.yaml

@@ -8,11 +8,10 @@
 #ENC[AES256_GCM,data:Qs7LdUYBaoCLtlu+VdIHrIsA,iv:lWJsId1PA6mc+E0+mP55EfoCk5rixb+Z91XtUg6ivCw=,tag:XVDzTi/poTsRT6m3dbcLZA==,type:comment]
 #ENC[AES256_GCM,data:73KcTxpT6YfRex8=,iv:3pLvjR/BOayKYUvCaZbW4JbCpbNqJ0QrcO+GvAAZauo=,tag:y4HM5xLSAzaEBrSqWUlpsQ==,type:comment]
 #ENC[AES256_GCM,data:OiGD0S0aKU15hDKi,iv:dIFoxlFYv2dbQFTk1O/pJld30sVNOFpq83z8YqFdruE=,tag:PRat5Zkn5MBfgAt0voPuNg==,type:comment]
-email:
+email-school: ENC[AES256_GCM,data:z2M4ydGtR/Bds7zdCWt8,iv:kVY1tUdNXeoQDbRj+fbVc8mot0dJQ969vOzS482l5wM=,tag:oFFKuGUIIh/cRc25Te5qdQ==,type:str]
-    school: ENC[AES256_GCM,data:5YdbEGvP3dkwOnGlwL2B,iv:FMHMImPMKCgtIoj8s3O5zPawPfMzJun7p0CACE/Iey4=,tag:NEA8a55p38za/kvhJOgfmg==,type:str]
+email-personal: ENC[AES256_GCM,data:x0lXf2n/swR2w//g00K0ig==,iv:NOaSBKh1z4JvuFG1dGn3+08jdJWx0GJgqin/gAhTvP0=,tag:0VYDzr6lyviEnwxBHACa1g==,type:str]
-    personal: ENC[AES256_GCM,data:YFgATpdZkwYAmvyJcdbjuA==,iv:709EcGDPSfnUFI4Epdj3FLCQ/V3BvN3e50/c49n9qyg=,tag:xmR6B13j1zOo5KYxYU1iRQ==,type:str]
+email-spam: ENC[AES256_GCM,data:1+L6ehJYOIPxSTfG579buGN/Hg==,iv:eB9xBowS4TkdaVdJcdJP5MKCGvzc1IBZhJN2CDmgl2c=,tag:c/0kspr28VxN8hPSlQ8c8Q==,type:str]
-    spam: ENC[AES256_GCM,data:Y0l/i74rH9brxBOyiCPyMaeE3A==,iv:cS/32vlXFLQI3vCIdMqNrzivO/9aqXNPAqQ1YWgjAoQ=,tag:+CBrYlnH5xgHkVZU/MMIDQ==,type:str]
+email-proton: ENC[AES256_GCM,data:Ts6E0gGQs7LOuQRINSddeFXymg==,iv:/JFD2vHgcH8oaxSNfRm6pbcz31r4dIfAb1+KZJPdrEA=,tag:zTbDKlD3PZXr5g7PI+oMxA==,type:str]
-    proton: ENC[AES256_GCM,data:0jOY+B5px9GTLHCBXFz+QFE+CQ==,iv:R8CCCewIUo9fJ4gTByzTwwfNyTIOPH9ktUAPPqkGMd8=,tag:nqjFuvmBq5N02MPXi6ha6A==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -28,8 +27,8 @@ sops:
             VTlua3pQRTZGUGw4OEVQSUhsMHZoVncKm0+J++ZOflbTjfb0Q/nC/LnwKXOq5XEE
             CvRQmjp4sWgmnP8wrcPvtInPrkVYBHluI9DD9DRoQ+PTYsz8xSIRig==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-11-22T04:23:23Z"
+    lastmodified: "2023-11-24T03:00:02Z"
-    mac: ENC[AES256_GCM,data:JviqHLWwa+6Mnc8rmqaXWkPVRPm9LbwQBzXkc/ZsMHpcpBN2W6jWxof8AbNsU+d7eKhYlT4QeBC/13nlIcgxdNOP1ArDL94g9aFmve7iEyCUOQLf3bBExpFLxHWzUFmDTNh0ZmaGtUBH2gWyj3zY5t6EQ87Wo+PPlaiOHaNskBo=,iv:N1/eXQOjBR027T6hAsmNoZyVzU+uWZrtRBJLesaM76c=,tag:ycl1tNjSn3VkPek9woQWGg==,type:str]
+    mac: ENC[AES256_GCM,data:6I3f44NOaf8AX6nrcr20yIgUbXRYPutalYY4HqL5sfgz6l6el4coc2jFRkbHJIjm3zx8F+PvsekM1A6VYKRUt5Ph+8P02pP0dmfrWx6GlD/0YNUJVVn7S51+yNNlJQGUPWFatKVsNpV0ZmkQZedQWz+2+JXfjJKw6kAcNQUuujI=,iv:7E2PBrLp9vHUUEfLqPgDsTfWfCebklmcL9sAcVIbrWg=,tag:iEq2WhC9wScoHwOYbI1llg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1

users/tacocat/emacs/default.nix

@@ -1,98 +0,0 @@
-{pkgs, ...}: {
-  programs.emacs = {
-    enable = true;
-    package = pkgs.emacs29-gtk3;
-    extraConfig = ''
-            (menu-bar-mode -1)
-            (tool-bar-mode -1)
-            (scroll-bar-mode -1)
-            (blink-cursor-mode 0)
-
-            ;; scale headings in org-mode
-            (setq zenburn-scale-org-headlines t)
-
-            ;; scale headings in outline-mode
-            (setq zenburn-scale-outline-headlines t)
-            (load-theme 'zenburn :no-confirm)
-
-            (add-to-list 'default-frame-alist
-                   '(font . "Maple Mono-12"))
-
-            (global-set-key (kbd "C-c a") #'org-agenda)
-            (global-set-key (kbd "C-c f") #'recentf-open)
-            (global-hl-line-mode 1)
-
-            (global-visual-line-mode 1)
-            (setq evil-respect-visual-line-mode 1)
-
-            (require 'evil)
-            (evil-mode 1)
-
-            (require 'evil-org)
-            (add-hook 'org-mode-hook 'evil-org-mode)
-            (evil-org-set-key-theme '(textobjects insert navigation additional shift todo heading))
-            (require 'evil-org-agenda)
-            (evil-org-agenda-set-keys)
-
-            (setq org-startup-with-inline-images 1)
-            (setq org-startup-indented 1)
-
-            ;;(global-display-line-numbers-mode 1)
-            ;;(setq display-line-numbers-type 'visual)
-
-            (require 'org-download)
-
-            ;; Drag-and-drop to `dired`
-            (add-hook 'dired-mode-hook 'org-download-enable)
-
-            (setq org-image-actual-width nil)
-            (setq ring-bell-function 'ignore)
-            (setq org-agenda-files '(
-              "~/sync/org/agenda.org"
-              "~/sync/org/school/agendas/"
-            ))
-            (setq org-agenda-span 'fortnight)
-
-
-      (require 'ox-publish) (setq org-publish-project-alist
-            '(
-
-             ;; ... add all the components here (see below)...
-
-      	("org-notes"
-      	    :base-directory "~/sync/org/"
-      	    :base-extension "org"
-      	    :publishing-directory "~/public_html/"
-      	    :recursive t
-      	    :publishing-function org-html-publish-to-html
-      	    :headline-levels 4             ; Just the default for this project.
-      	    :auto-preamble t
-      	    )
-
-      	("org-static"
-      	    :base-directory "~/sync/org/"
-      	    :base-extension "css\\|js\\|png\\|jpg\\|gif\\|pdf\\|mp3\\|ogg\\|swf"
-      	    :publishing-directory "~/public_html/"
-      	    :recursive t
-      	    :publishing-function org-publish-attachment
-      	)
-
-      	;; publish component
-      	("org" :components ("org-notes" "org-static"))
-
-            ))
-
-    ''; # TODO move plugin setup into a seperate file to keep things organized
-    # also add autoloading so emacs starts faster
-    extraPackages = epkgs:
-      with epkgs; [
-        zenburn-theme
-        color-theme-tangotango
-        evil
-        evil-org
-        org-download
-        ox-pandoc
-        monokai-theme
-      ];
-  };
-}

users/tacocat/emacs/org-publish.el

@@ -1,28 +0,0 @@
-(require 'ox-publish) (setq org-publish-project-alist
-      '(
-
-       ;; ... add all the components here (see below)...
-
-	("org-notes"
-	    :base-directory "~/sync/org/"
-	    :base-extension "org"
-	    :publishing-directory "~/public_html/"
-	    :recursive t
-	    :publishing-function org-html-publish-to-html
-	    :headline-levels 4             ; Just the default for this project.
-	    :auto-preamble t
-	    )
-
-	("org-static"
-	    :base-directory "~/sync/org/"
-	    :base-extension "css\\|js\\|png\\|jpg\\|gif\\|pdf\\|mp3\\|ogg\\|swf"
-	    :publishing-directory "~/public_html/"
-	    :recursive t
-	    :publishing-function org-publish-attachment
-	)
-
-	;; publish component
-	("org" :components ("org-notes" "org-static"))
-
-      ))
-

users/tacocat/email.nix

@@ -0,0 +1,20 @@
+{config, ...}: {
+  # accounts.email.accounts =  {
+  #   "aria" = {
+  #     address = "${config.sops.secrets.email-personal}";
+  #     realName = "Aria Nolan";
+  #     primary = true;
+  #     # thunderbird.enable = true;
+  #   };
+  #   "tacocat" = {
+  #     address = "${config.sops.secrets.email-spam}";
+  #     # thunderbird.enable = true;
+  #   };
+  #   "school" = {
+  #     address = "${config.sops.secrets.email-school}";
+  #     realName = "Aria Nolan";
+  #     flavor = "gmail.com";
+  #     # thunderbird.enable = true;
+  #   };
+  # };
+}

users/tacocat/home.nix

@@ -14,7 +14,9 @@
     ];
     packages = with pkgs; [
       rnote
-      sops
+      # sops
+      mpv
+      discord
       neovim
       libreoffice
       notify-desktop
@@ -57,13 +59,22 @@
 
   news.display = "silent";
 
+  # sops = {
+  #   defaultSopsFile = ../../secrets/secrets.yaml;
+  #   defaultSopsFormat = "yaml";
+  #   age.keyFile = "/home/tacocat/.config/sops/age/keys.txt";
+  #   secrets.email-personal = {};
+  #   secrets.email-spam = {};
+  #   secrets.email-school = {};
+  # };
+
   imports = [
     ./programs
     ./services
     ./shell
     ./helix
-    ./emacs
     ./wayland
+    ./email.nix
   ];
 
   # Let Home Manager install and manage itself.

users/tacocat/services/default.nix

@@ -6,8 +6,6 @@
 
   services.gammastep = {
     enable = true;
-    # dawnTime = "8:00-9:30";
-    # duskTime = "22:30-0:00";
     provider = "geoclue2";
     tray = true;
   };

users/tacocat/wayland/sway/config.d/autostart

@@ -1,4 +1,5 @@
 exec nm-applet
+exec blueman-applet
 # exec systemctl --user restart wireplumber
 exec gammastep-indicator
 exec dunst