thegeneralist01/config
1
Fork 0
mirror of https://github.com/thegeneralist01/config.git synced 2026-03-10 02:30:29 +01:00
Code Issues Activity

readlater-bot: move user_id to age secret

Browse source
This commit is contained in:
TheGeneralist 2026-02-13 19:50:24 +01:00
parent 90b8ac5250
commit 98d3365eec
Signed by: thegeneralist01
SSH key fingerprint: SHA256:pp9qddbCNmVNoSjevdvQvM5z0DHN7LTa8qBMbcMq/R4
5 changed files with 104 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

94
hosts/thegeneralist-central/configuration.nix
View file

@ -2,24 +2,57 @@
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, pkgs, inputs, ... }:
{
config,
pkgs,
inputs,
lib,
...
}:
{
imports = [ ./hardware-configuration.nix ./site.nix ./cache ./archive ./forgejo ];
imports = [
./hardware-configuration.nix
./site.nix
./cache
./archive
./forgejo
];
age.secrets.password.file = ./password.age;
age.secrets.readlaterBotToken.file = ./readlater-bot-token.age;
age.secrets.readlaterBotSyncToken.file = ./readlater-bot-sync-token.age;
age.secrets.readlaterBotUserId.file = ./readlater-bot-user-id.age;
age.secrets.readlaterBotToken.owner = "thegeneralist";
age.secrets.readlaterBotToken.group = "users";
age.secrets.readlaterBotToken.mode = "0400";
age.secrets.readlaterBotSyncToken.owner = "thegeneralist";
age.secrets.readlaterBotSyncToken.group = "users";
age.secrets.readlaterBotSyncToken.mode = "0400";
age.secrets.readlaterBotUserId.owner = "thegeneralist";
age.secrets.readlaterBotUserId.group = "users";
age.secrets.readlaterBotUserId.mode = "0400";
users.users = {
thegeneralist = {
isNormalUser = true;
description = "thegeneralist";
extraGroups = [ "wheel" "audio" "video" "input" "scanner" "docker" ];
extraGroups = [
"wheel"
"audio"
"video"
"input"
"scanner"
"docker"
];
shell = pkgs.zsh;
home = "/home/thegeneralist";
homeMode = "0750";
hashedPasswordFile = config.age.secrets.password.path;
openssh.authorizedKeys.keys = let
inherit (import ../../keys.nix) thegeneralist;
in [ thegeneralist ];
openssh.authorizedKeys.keys =
let
inherit (import ../../keys.nix) thegeneralist;
in
[ thegeneralist ];
};
build = {
@ -28,9 +61,11 @@
extraGroups = [ "build" ];
shell = pkgs.zsh;
hashedPasswordFile = config.age.secrets.password.path;
openssh.authorizedKeys.keys = let
inherit (import ../../keys.nix) thegeneralist;
in [ thegeneralist ];
openssh.authorizedKeys.keys =
let
inherit (import ../../keys.nix) thegeneralist;
in
[ thegeneralist ];
};
};
@ -45,16 +80,49 @@
};
age.secrets.hostkey.file = ./hostkey.age;
services.openssh.hostKeys = [{
type = "ed25519";
path = config.age.secrets.hostkey.path;
}];
services.openssh.hostKeys = [
{
type = "ed25519";
path = config.age.secrets.hostkey.path;
}
];
# Some programs
services.libinput.enable = true;
programs.firefox.enable = true;
programs.zsh.enable = true;
services.readlater-bot = {
enable = true;
user = "thegeneralist";
group = "users";
tokenFile = config.age.secrets.readlaterBotToken.path;
settings = {
resources_path = "/home/thegeneralist/obsidian/02 Knowledge/03 Resources";
read_later_path = "/home/thegeneralist/obsidian/10 Read Later.md";
finished_path = "/home/thegeneralist/obsidian/20 Finished Reading.md";
data_dir = "/var/lib/readlater-bot";
retry_interval_seconds = 30;
sync = {
repo_path = "/home/thegeneralist/obsidian";
token_file = config.age.secrets.readlaterBotSyncToken.path;
};
};
};
systemd.services.readlater-bot.preStart = lib.mkAfter ''
if [ -f /run/readlater-bot/config.toml ]; then
tmp="/run/readlater-bot/config.toml.tmp"
{
IFS= read -r first_line || true
printf '%s\n' "$first_line"
printf 'user_id = %s\n' "$(cat ${config.age.secrets.readlaterBotUserId.path})"
cat
} < /run/readlater-bot/config.toml > "$tmp"
mv "$tmp" /run/readlater-bot/config.toml
fi
'';
# Set your time zone.
time.timeZone = "Europe/Berlin";