Commit 1b025da
Changed files (5)
home/base/core/rclone.nix
@@ -0,0 +1,25 @@
+{
+ osConfig,
+ config,
+ ...
+}: {
+ programs.rclone = {
+ enable = true;
+ remotes = {
+ OneDrive = {
+ config = {
+ type = "onedrive";
+ drive_id = "52CE3DAB18B4C557";
+ drive_type = "personal";
+ };
+ secrets = {
+ token = osConfig.sops.secrets.rclone-onedrive-token.path;
+ };
+ mounts."/" = {
+ enable = true;
+ mountPoint = "${config.home.homeDirectory}/Remote/OneDrive";
+ };
+ };
+ };
+ };
+}
home/base/tui/encryption.nix
@@ -6,6 +6,5 @@
home.packages = with pkgs; [
age
pkgs-unstable.sops
- rclone
];
}
secrets/base.nix
@@ -1,15 +1,33 @@
-{sops-nix, ...}: {
- imports = [
- sops-nix.nixosModules.sops
- ./hosts
- ];
-
- sops.defaultSopsFile = ./secrets.yaml;
-
- sops.secrets."github-access-token" = {};
+{
+ lib,
+ config,
+ myvars,
+ sops-nix,
+ ...
+}: {
+ imports =
+ [
+ sops-nix.nixosModules.sops
+ ./hosts
+ ]
+ ++ (
+ builtins.map (k: {
+ sops.secrets."rclone-${k}" =
+ lib.mkIf
+ config.home-manager.users.${myvars.username}.programs.rclone.enable
+ {
+ key = "rclone/${k}";
+ owner = myvars.username;
+ };
+ }) ["onedrive-token"]
+ );
sops.age = {
sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
generateKey = true;
};
+
+ sops.defaultSopsFile = ./secrets.yaml;
+
+ sops.secrets."github-access-token" = {};
}
secrets/secrets.yaml
@@ -4,6 +4,8 @@ mihomo:
yi_yuan: ENC[AES256_GCM,data:rMKpS+O0w8AbdAQQHmt1bB3vQZlmR5xktRkww6NfgIBGIU0d2E8gJJvgcwfRQ4OGeRXTqkfvLHOyoG5xrpguyIWJHkVMPGsLjdoXSU/ZQptt51CL0cD3MJttxiVo8as=,iv:UkBQ5hyF/DLbMeK7wRXArhutUtRV0hl3+bse5y0p6VM=,tag:SlWeeH81+NpkIP6CS3Z9vw==,type:str]
mo_jie: ENC[AES256_GCM,data:+rFloREiJa9gbnJYsTY2xFlI3b4RXaq+xARo3yq96r0eygIZix2l+NrVhCZnm7W97fLUYEahXdm47wnDKUx/mBhpXxO3io4dzHTBqwDmHcV5gA==,iv:UyC0ULdEUBAan9Fvas2+tj5Ad/QtjdW3wSVO7No1+yo=,tag:vqe5Vn3kkk9WCXcMkf7xKg==,type:str]
aria2-rpc-secret: ENC[AES256_GCM,data:I6FYN/TRRP2ceQ==,iv:18dOBc/3WTden6Za2IaSoUOX5aY6M0jAwt94il0f5OI=,tag:WZf3xu7EC7cVlZU5urNWzQ==,type:str]
+rclone:
+ onedrive-token: ENC[AES256_GCM,data:0y0eThYoeJtJ7I5Y9ZE2N4N8TH01yU7xRXHUhYRcj8uHn185VxHvXIhlKMgmZJCfc6qPAYroWkZtxID64/kXxwbhdfd0kLUwiH0Gnv41tb3KA7cxS3r4yvIStLdaax7Ui7ntwYREgLABdL/UdIzeEO2XNs7PaLYI5mQi06A4pmNIZolHP8xgBXiMeSF4cKR/WXGu0m9Y2bv1ci67BJ/BfNjA+ah3HV8vbk93xW7oc+x+7Vh3tiySy+82iNuuDOPzD9/+ImgY9X3kKZeZCG78QYIlRMmwo44WSh+1Or1DyAw/4Y2rE+qNxi6zGWFjC4c80JLAJh8bOb6Yari9oSBZB9MHNxwY0Xrd4K3g2ipsts22N0iqfH+SOfAgMWuRpZkx7j6kPaLA+fDJJTXQ2GK/LKcHaxYin3RMfVq5RD8nTPLJ/tlMNQUxIS+fkE9HIa3uGerdpGRcdUWGX8q+FqbAw+Hg+b+TEwDBLAE0PLm1NjsMDs/0y7Oe3JduoeKWvsDjkdNvoRemXF/tPtBZp4CXZ5fnqRIxOcD3SXJ3MxXtWJ6o0G536jb/AxcpVxX71774vcAcP5uS6HIq80yZAGeD6MKkpZUAtgKWee5y2FnWoDks0NMLgb4TYbqbTHFBKEBAjXPADeKismt2tGF031E524EizfLF6IbfVYOAK6CMOVerjMsKEaTOmuq0VDOTxZ7udIfLQaKhW/xVAXnmi9m4JdrMLkajcfQNIRGoKOsZF1jALp2h6TznjgVWatJZPPzHfLnRckEhDQ+IxsXtrn1VPaADBvGxiWQdfV2994v0xcjwAbx/BO8B3vqbVscXOLqdAQk0hU+Tn7/28+2jfNn8+3U1qGVUxIJxTIyYvewT+Ef85N6aMcxrkfgY+czqg3BZmnZib4dELBwOT+OdCPxd98fDmTPd4bAeLLpt/9XOYpUQlaT2HH61XoI0OuThHL+5lfzsSEwtbOCegBiVLbuv68bLmV9L9F8GhYCZZCv+fCs72FXI7ZF6FyBbElDlrCnh3wCRbXE24eGROKLOlHuAPXi7oFkfKJQy5k9S0JqpNFBaMis6V0C0Xw2oA7lL4IswSj/dcePwWUkAr6fCF7XEEmVXhWRjucMsrDCT+L0wxbwq0cif7Eo3cMeoAk2/Jidj0BcZgoRChfOeeVU6E1MXqhqFxoqALUf1KEJZ8/puZMxjhIKMd+Pe7T18P+tUQtcrTC41R2U+uF2eUnhpTfY25rwXl67G/PLg/GxJ0h0FBIfWCofxqRWMvTm/g50hbw+ERNn6d/GhHJLc3D7QsGTKv6SwZ2FukpP2hxfDBH1hL+8GVrVmMYDjLh9dlmGAvsymUYsqRGUpTZ85/hBV+ZzedJKrkoOlZWrm5/e9QGSIgpTX4xWy8/vsAYrufIxhehrbU7DZoq2WMxEF0ozC1iJeEl8h7EYFcCNZPaRAhq+7JeNfAQKzLx77JqnoGpY6FlnqDbRUP5ZR+Zz09uH9pt+cwJ1BLj3pNwtrnwknlZtQyRy1XTVv5KIp2q4R10PpiEuIUlO5FswWTyCZot9diV1ff/e5WMxngExRxBUEBsTAbrD8q0BBLspixYuswjyn0BU2dwdxfHnbk9O9JSAAZFPwpRYOXv3kYlRHd8EIW6UC+m6i8UpHofVaAaifiIUSRajqQJT6/EZw3GgEw/azWUtz+8SFyFV1Gx5J2enxuCGJ3UV7+osbmSuHcfo4tSF2zna4OUQ6KEveCSzOdWqSx4gYf7WNnbIcgCEmDPnssCsJmPO1GcSdoGGVHBPFwewZjmen6zWUusNHPbtixVB6HtKL8A71IWTAo1BdBSjclOw0czj9DOPLHQOBjx+GrWNTPyxxflJ5Jbxnm83n4aZk5ldTccef9ayD1ud+kMVWhRRIXn7N9YUQkhv/YMUatqcgAcgwnUmIJ+TmIZq8/0FLH9z+ltDeB0zNMTilyeKPp2Yz6uOtjvVW51gU6lJiRVNYbok9dn7RxcPY0BxUOWPrO993h8D9YxPdiIsSnVlM1fgL2kE1Ir39PXjHuLyGTMWWbhojb9kbMF9xhtjpgRrNmM6InYBB7XJB6tSu4OCcBbrc/BEGWzy6hH1jH7iNTqG0r2Nx6AANhBOXN9KNC9qqs1O3MmxBswOF6dPu0g0nLpfT4TxUNyLpYz0+v/pbokjcBaBjFjVXIKTDRf6/DayUPhKtZn7V1wbOq9169253KnYZhzsfsYKEUCqt/oZkyFZZDAG76tFizieks4ZHx00NV9uOR5kkSem72WDap3p0uqQcZHe7hKs8ppuEs/SMShO3xpV06WQ2prP/Hu2xl20StRuiLqAxDmd5r22BSaHllr2rKCZjUb0V/3TqnEt5CqFF7idD5tpNXWfW3x0271NXokYTZ5ipgSHiueQzhE4XOFUttxCSfD+QZI+83n81i8uZfPSwzWw6LzVKoUZT+0O5wrT61tGtlamYhEKNCoNdbw4ksxLQNEqRVAbJwIe7e0L7sFThlbPaReYWgcBedIVjChM2pWSAxTp14ZxIjGO7lWJKibKo2ySAdSCUfTduULTMzQrVqyWFs6PzHNyiJao6gSpM2XCwegjILitP1CzYgco5B5OTOJLqvCrXyMdgdNb8CU0LZ+Jvz5TmH3g8BMKn0/SCkRNVkEC00xGsG63m,iv:oP3gNO0t97BgN30SQRVcVztW9m364ii7mVwFzcBYLg8=,tag:bN9X8GIy+3DfvxX2uDHqdw==,type:str]
sops:
age:
- recipient: age1sur93fevme8az4v6txee9uw7gk8xcpz2u0mfzvayavrcx9zkefxsmcpnln
@@ -24,8 +26,8 @@ sops:
TE44VlBtZjJHbDR0eFlHUDFDN0JjZG8KVgM+r7pLSJAnaHcyVF4TfkRCTk0EkHlu
TpZ9r+JFVToXp0QXXMoQeGHo8LhKhrztiK2YvQ2czXY6QO4MpqwfOQ==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-07-17T13:54:58Z"
- mac: ENC[AES256_GCM,data:TMFF1LiqxVv8SUd8hretQVqm0FZTz0GATpVMMfv7KGw4W9zj1ZIPIUxqcvkORT06K3PT5j/7HO10WyaNW5fWJU0DRwLZVu3FDxY8gmyXOv3BTb+B7WUMXeNFot+LBkCbfaPEwXJAb70Aae+xYyRJZ2eAQ1uiG6Ac3xd+f1YsqLo=,iv:8HG8MpBgGbslSUmBhxQkTwZDrLnfZ1j6VSieM8RfIkE=,tag:HVuxgI3KdC7DkOXSIWHlKQ==,type:str]
+ lastmodified: "2025-07-19T08:42:29Z"
+ mac: ENC[AES256_GCM,data:D4UaDnI6zkvd+6xEiGkUZqy+oTc7FdiaSe1Vk/M4cwH1wYrMiVLIkwemHGzTLsJnFn21hSSK5QZDoYfsOn/VLSxJf3dpL2/ZUJ+yfXjIXUdvnXkQJShcBz841oyRMyVY/lARM1sslb0/17/90rCaNZaslxWKImYPgjSh8ReF2YE=,iv:ptCmkRASHJRp9W2E3aH3Bh7HJD1mssOvCOCaBFv0I1Q=,tag:BtuQoVcSqCL1nx6EJ50HgA==,type:str]
pgp:
- created_at: "2025-07-15T09:13:43Z"
enc: |-
.sops.yaml
@@ -1,5 +1,6 @@
keys:
- &admin_hpcesia 56AC2ED35E51AFE66EAAA569878BD0F02991BAAE
+ - &user_hpcesia age18778pjmwglmame3rjpq355chxue2vr97ysj70fdyygc24prwxqrsttf84g
- &chaser_kevin age1sur93fevme8az4v6txee9uw7gk8xcpz2u0mfzvayavrcx9zkefxsmcpnln
- &chaser_pardofelis age1l9acz0cuy455nprryeqyv6ckfqgv3tekuk0kxvvxyunsapwmpvnsmaazhy
creation_rules:
@@ -8,6 +9,7 @@ creation_rules:
- pgp:
- *admin_hpcesia
age:
+ - *user_hpcesia
- *chaser_kevin
- *chaser_pardofelis
- path_regex: ^secrets/hosts/pardofelis/secrets\.yaml$