From 98d3365eec3e471d790765be5a036f0a3492d5c8 Mon Sep 17 00:00:00 2001 From: TheGeneralist <180094941+thegeneralist01@users.noreply.github.com> Date: Fri, 13 Feb 2026 19:50:24 +0100 Subject: [PATCH 1/2] readlater-bot: move user_id to age secret --- hosts/thegeneralist-central/configuration.nix | 94 ++++++++++++++++--- .../readlater-bot-sync-token.age | 5 + .../readlater-bot-token.age | 5 + .../readlater-bot-user-id.age | 5 + secrets.nix | 10 +- 5 files changed, 104 insertions(+), 15 deletions(-) create mode 100644 hosts/thegeneralist-central/readlater-bot-sync-token.age create mode 100644 hosts/thegeneralist-central/readlater-bot-token.age create mode 100644 hosts/thegeneralist-central/readlater-bot-user-id.age diff --git a/hosts/thegeneralist-central/configuration.nix b/hosts/thegeneralist-central/configuration.nix index 88eff86..80a08c2 100644 --- a/hosts/thegeneralist-central/configuration.nix +++ b/hosts/thegeneralist-central/configuration.nix @@ -2,24 +2,57 @@ # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). -{ config, pkgs, inputs, ... }: +{ + config, + pkgs, + inputs, + lib, + ... +}: { - imports = [ ./hardware-configuration.nix ./site.nix ./cache ./archive ./forgejo ]; + imports = [ + ./hardware-configuration.nix + ./site.nix + ./cache + ./archive + ./forgejo + ]; age.secrets.password.file = ./password.age; + age.secrets.readlaterBotToken.file = ./readlater-bot-token.age; + age.secrets.readlaterBotSyncToken.file = ./readlater-bot-sync-token.age; + age.secrets.readlaterBotUserId.file = ./readlater-bot-user-id.age; + age.secrets.readlaterBotToken.owner = "thegeneralist"; + age.secrets.readlaterBotToken.group = "users"; + age.secrets.readlaterBotToken.mode = "0400"; + age.secrets.readlaterBotSyncToken.owner = "thegeneralist"; + age.secrets.readlaterBotSyncToken.group = "users"; + age.secrets.readlaterBotSyncToken.mode = "0400"; + age.secrets.readlaterBotUserId.owner = "thegeneralist"; + age.secrets.readlaterBotUserId.group = "users"; + age.secrets.readlaterBotUserId.mode = "0400"; users.users = { thegeneralist = { isNormalUser = true; description = "thegeneralist"; - extraGroups = [ "wheel" "audio" "video" "input" "scanner" "docker" ]; + extraGroups = [ + "wheel" + "audio" + "video" + "input" + "scanner" + "docker" + ]; shell = pkgs.zsh; home = "/home/thegeneralist"; homeMode = "0750"; hashedPasswordFile = config.age.secrets.password.path; - openssh.authorizedKeys.keys = let - inherit (import ../../keys.nix) thegeneralist; - in [ thegeneralist ]; + openssh.authorizedKeys.keys = + let + inherit (import ../../keys.nix) thegeneralist; + in + [ thegeneralist ]; }; build = { @@ -28,9 +61,11 @@ extraGroups = [ "build" ]; shell = pkgs.zsh; hashedPasswordFile = config.age.secrets.password.path; - openssh.authorizedKeys.keys = let - inherit (import ../../keys.nix) thegeneralist; - in [ thegeneralist ]; + openssh.authorizedKeys.keys = + let + inherit (import ../../keys.nix) thegeneralist; + in + [ thegeneralist ]; }; }; @@ -45,16 +80,49 @@ }; age.secrets.hostkey.file = ./hostkey.age; - services.openssh.hostKeys = [{ - type = "ed25519"; - path = config.age.secrets.hostkey.path; - }]; + services.openssh.hostKeys = [ + { + type = "ed25519"; + path = config.age.secrets.hostkey.path; + } + ]; # Some programs services.libinput.enable = true; programs.firefox.enable = true; programs.zsh.enable = true; + services.readlater-bot = { + enable = true; + user = "thegeneralist"; + group = "users"; + tokenFile = config.age.secrets.readlaterBotToken.path; + settings = { + resources_path = "/home/thegeneralist/obsidian/02 Knowledge/03 Resources"; + read_later_path = "/home/thegeneralist/obsidian/10 Read Later.md"; + finished_path = "/home/thegeneralist/obsidian/20 Finished Reading.md"; + data_dir = "/var/lib/readlater-bot"; + retry_interval_seconds = 30; + sync = { + repo_path = "/home/thegeneralist/obsidian"; + token_file = config.age.secrets.readlaterBotSyncToken.path; + }; + }; + }; + + systemd.services.readlater-bot.preStart = lib.mkAfter '' + if [ -f /run/readlater-bot/config.toml ]; then + tmp="/run/readlater-bot/config.toml.tmp" + { + IFS= read -r first_line || true + printf '%s\n' "$first_line" + printf 'user_id = %s\n' "$(cat ${config.age.secrets.readlaterBotUserId.path})" + cat + } < /run/readlater-bot/config.toml > "$tmp" + mv "$tmp" /run/readlater-bot/config.toml + fi + ''; + # Set your time zone. time.timeZone = "Europe/Berlin"; diff --git a/hosts/thegeneralist-central/readlater-bot-sync-token.age b/hosts/thegeneralist-central/readlater-bot-sync-token.age new file mode 100644 index 0000000..c04849b --- /dev/null +++ b/hosts/thegeneralist-central/readlater-bot-sync-token.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 pp9qdQ twxKRYACgz/8cYRrOCxMoVg9kFXaYxWVnDC1q7g4m3M +HICOhz/phNPvmLrO/ILxoMb5Bbs7LAJ3wuPAq1PJXiQ +--- 0yPpaiiJXMaUBa+kBX/UOTMICRjKXMgjRk2E+WKgj+M +6Y'\ETcP;?j&+FP܁*Jm<ϖ~ ӘAI*l؊X'˃ \ No newline at end of file diff --git a/hosts/thegeneralist-central/readlater-bot-token.age b/hosts/thegeneralist-central/readlater-bot-token.age new file mode 100644 index 0000000..545bc06 --- /dev/null +++ b/hosts/thegeneralist-central/readlater-bot-token.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 pp9qdQ B8+s7rbKTCk2vfRVUyc8yV2HhkiUjv9petRiBRg9kgE +9po69JEGIQGXUIyjJj3BOMZGc5qDSbvug1HsO/EgDTE +--- n+cCCXuJP4oboSm74DRK9oh/OyHuPSdnX1+lH5xgn0E + If,(نSd^QhF{_܄4Հ Z(mub \ No newline at end of file diff --git a/hosts/thegeneralist-central/readlater-bot-user-id.age b/hosts/thegeneralist-central/readlater-bot-user-id.age new file mode 100644 index 0000000..48769b9 --- /dev/null +++ b/hosts/thegeneralist-central/readlater-bot-user-id.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 pp9qdQ JjYS0OmsdzkazhynwiYUWf6svuUu0ivXi7VrFdccez0 +0xelpQamzEYTN/TqbJ3kI1OhfZdBl2DhhgKv29qg8J4 +--- V0a84QEOAyVidy+5KoxJOwsj+XrmlMbg4+oLbHVK0FA +D'@0*aOَHܯmt,¢ЫbI \ No newline at end of file diff --git a/secrets.nix b/secrets.nix index d73e7ab..c8ca474 100644 --- a/secrets.nix +++ b/secrets.nix @@ -1,6 +1,7 @@ let inherit (import ./keys.nix) thegeneralist; -in { +in +{ "hosts/thegeneralist/hostkey.age".publicKeys = [ thegeneralist ]; "hosts/thegeneralist-central/hostkey.age".publicKeys = [ thegeneralist ]; @@ -11,7 +12,12 @@ in { "hosts/thegeneralist-central/cache/key.age".publicKeys = [ thegeneralist ]; "hosts/thegeneralist-central/password.age".publicKeys = [ thegeneralist ]; "hosts/thegeneralist-central/forgejo/forgejo-runner-token.age".publicKeys = [ thegeneralist ]; - "hosts/thegeneralist-central/forgejo/forgejo-family-site-deploy-token.age".publicKeys = [ thegeneralist ]; + "hosts/thegeneralist-central/forgejo/forgejo-family-site-deploy-token.age".publicKeys = [ + thegeneralist + ]; + "hosts/thegeneralist-central/readlater-bot-token.age".publicKeys = [ thegeneralist ]; + "hosts/thegeneralist-central/readlater-bot-sync-token.age".publicKeys = [ thegeneralist ]; + "hosts/thegeneralist-central/readlater-bot-user-id.age".publicKeys = [ thegeneralist ]; "modules/linux/tailscale-marshall.age".publicKeys = [ thegeneralist ]; } From 71d2834c1dcc4e913d373d2507c15dc8f06a7f19 Mon Sep 17 00:00:00 2001 From: TheGeneralist <180094941+thegeneralist01@users.noreply.github.com> Date: Fri, 13 Feb 2026 19:50:44 +0100 Subject: [PATCH 2/2] flake: add local readlater-bot input --- flake.lock | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++++- flake.nix | 4 ++++ 2 files changed, 71 insertions(+), 1 deletion(-) diff --git a/flake.lock b/flake.lock index c07cced..3cc58f5 100644 --- a/flake.lock +++ b/flake.lock @@ -99,6 +99,24 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "ghostty": { "inputs": { "flake-compat": "flake-compat", @@ -261,6 +279,38 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1769789167, + "narHash": "sha256-kKB3bqYJU5nzYeIROI82Ef9VtTbu4uA3YydSk/Bioa8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "62c8382960464ceb98ea593cb8321a2cf8f9e3e5", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "readlater-bot": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1770458808, + "narHash": "sha256-Fs/DwFxitReM7PuN1aee8pcmRzST7wzX7WLeBK/lOAI=", + "path": "/home/thegeneralist/infofeeder-bot", + "type": "path" + }, + "original": { + "path": "/home/thegeneralist/infofeeder-bot", + "type": "path" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -271,7 +321,8 @@ "homebrew-core": "homebrew-core", "nix-darwin": "nix-darwin", "nix-homebrew": "nix-homebrew", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "readlater-bot": "readlater-bot" } }, "rust-analyzer-src": { @@ -321,6 +372,21 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "zig": { "inputs": { "flake-compat": [ diff --git a/flake.nix b/flake.nix index efe19b0..e72df1d 100644 --- a/flake.nix +++ b/flake.nix @@ -41,6 +41,10 @@ url = "github:nix-community/fenix"; inputs.nixpkgs.follows = "nixpkgs"; }; + + readlater-bot = { + url = "path:/home/thegeneralist/infofeeder-bot"; + }; }; outputs =