From 19db05c127616fdd80ad8c0183669155b617f0fe Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Thu, 3 Feb 2022 07:02:26 -0500 Subject: [PATCH] Tweak user services --- .sops.yaml | 2 +- applications/media.nix | 88 +++++++++++++++++++++++++++++++++++++++++- flake.nix | 7 +++- secrets/lastfm.conf | 24 ++++++++++++ 4 files changed, 117 insertions(+), 4 deletions(-) create mode 100644 secrets/lastfm.conf diff --git a/.sops.yaml b/.sops.yaml index 823cfcb..2ef8d57 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -3,7 +3,7 @@ keys: - &nathan age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 - &levitation age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw creation_rules: - - path_regex: secrets/[^/]+\.yaml$ + - path_regex: .* key_groups: - age: - *nathan diff --git a/applications/media.nix b/applications/media.nix index bc400aa..4b4109b 100644 --- a/applications/media.nix +++ b/applications/media.nix @@ -15,6 +15,88 @@ let --prefix PYTHONPATH : $out/${pkgs.mopidyPackages.python.sitePackages} ''; }; + mopidyConf = pkgs.writeText "mopidy.conf" + '' + [core] + #cache_dir = $XDG_CACHE_DIR/mopidy + #config_dir = $XDG_CONFIG_DIR/mopidy + #data_dir = $XDG_DATA_DIR/mopidy + #max_tracklist_length = 10000 + #restore_state = false + + [logging] + #verbosity = 0 + #format = %(levelname)-8s %(asctime)s [%(process)d:%(threadName)s] %(name)s\n %(message)s + #color = true + #config_file = + + [audio] + #mixer = software + #mixer_volume = + #output = autoaudiosink + #buffer_time = + + [proxy] + #scheme = + #hostname = + #port = + #username = + #password = + + [file] + enabled = true + media_dirs = + ~/Music + # $XDG_MUSIC_DIR|Music + #excluded_file_extensions = + # .directory + # .html + # .jpeg + # .jpg + # .log + # .nfo + # .pdf + # .png + # .txt + # .zip + #show_dotfiles = false + #follow_symlinks = false + #metadata_timeout = 1000 + + [http] + #enabled = true + #hostname = 127.0.0.1 + #port = 6680 + #zeroconf = Mopidy HTTP server on $hostname + #allowed_origins = + #csrf_protection = true + #default_app = mopidy + + [m3u] + #enabled = true + #base_dir = $XDG_MUSIC_DIR + #default_encoding = latin-1 + #default_extension = .m3u8 + #playlists_dir = + + [softwaremixer] + #enabled = true + + [stream] + #enabled = true + #protocols = + # http + # https + # mms + # rtmp + # rtmps + # rtsp + #metadata_blacklist = + #timeout = 5000 + + [mpd] + enabled = true + ''; in { environment.systemPackages = with pkgs; [ @@ -37,6 +119,8 @@ in # Mount music directory systemd.user.services.rclone-music = { description = "Rclone mount ~/Music"; + wantedBy = [ "graphical-session.target" ]; + partOf = [ "graphical-session.target" ]; serviceConfig = { # So we can pick up the fusermount wrapper, this is a less than ideal way to do this Environment = "PATH=/usr/bin:/run/wrappers/bin/"; @@ -49,8 +133,10 @@ in # Start mopidy as a user service, for sanity systemd.user.services.mopidy = { description = "Mopidy music server"; + wantedBy = [ "graphical-session.target" ]; + partOf = [ "graphical-session.target" ]; serviceConfig = { - ExecStart = "${mopidyEnv}/bin/mopidy"; + ExecStart = "${mopidyEnv}/bin/mopidy --config ${lib.concatStringsSep ":" [mopidyConf config.sops.secrets.lastfm-conf.path]}"; }; wants = [ "rclone-music.service" ]; enable = true; diff --git a/flake.nix b/flake.nix index d8e8d18..8a848af 100644 --- a/flake.nix +++ b/flake.nix @@ -43,8 +43,11 @@ ({ pkgs, config, ... }: { sops.defaultSopsFile = ./secrets/nathan.yaml; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - sops.secrets.lastfm-username.owner = "nathan"; - sops.secrets.lastfm-password.owner = "nathan"; + sops.secrets.lastfm-conf = { + owner = "nathan"; + format = "binary"; + sopsFile = ./secrets/lastfm.conf; + }; }) ]; desktopModules = coreModules ++ [ diff --git a/secrets/lastfm.conf b/secrets/lastfm.conf new file mode 100644 index 0000000..1077388 --- /dev/null +++ b/secrets/lastfm.conf @@ -0,0 +1,24 @@ +{ + "data": "ENC[AES256_GCM,data:npExHcbdV1BI5Iwu/bFhYazAnILtUv4CyOcXbmgTzE9kptRXBnVZp8MsU011sVTd2b3KN5cOHIHK453z1olru0TIgsU4ahi/,iv:ZHV/53GY9ItxfnelAz77+FPp7skXpZIEoGRTqaP3rr8=,tag:DF+n3HPa/cbChQVl8SV7dw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNU05pMHIveUxHQWlOc1BE\nWUJmcEhLemlZR1BmZjExcnQ2am1oSWdlclMwClc5TVcvWG0rZlFHVk5adzVKSWRR\nelJQb2ZTUFlnVVYxNUp0bkhrNTJ0WUkKLS0tIEJDMDk2ZjhadEVlTXZySnNpdU1Y\ncmJqb002VnpBT2RCdG01OU1CU3Byc0EKz7w9mFgzDtYsyAvmv1NyJ4czElOrhiAi\n+LI02dBEDoPASFCG8CwFSFMFmkI4soGmVOROTFAamMQoMb3ZKb2UAw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBObzlvb3FBTjJPQm4ycDBS\nNkg5RVIxTy9QWEtGY05KbDhmTnZYUmFpU1NFCmNPR2pUY213T0NJTkJiQW5CZmxn\nRHFwZFRzcVNncWRhZDVIR0VKL0pmZTQKLS0tIDhLZXdhOGQ0UnNiNlhkRzU4RWpE\neXRaMGs0WGNCNjBBN2tPWmZDZGs0czQKyzhFBjqFoyCkhOXFK6n18wsfAk8hMT3/\nbJ7Jx+MJx51ML1U8PahCbMeC1Vj2lPg/NT7QJUeP4mlqZIrYds9tLw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2022-02-03T12:21:33Z", + "mac": "ENC[AES256_GCM,data:dvNRR+3Aug/h9LbTdqS+Mqd7exsnSAwBM70UoHyLWjCqkmSN7JUMagam4Dw9j8lRKy5liau/EQY/Ml4MsKEKv4X7ENlTyEK2b3aKkeBOP8ytalsQmEawpJ7MGvS0Zyt9R7M1X6eUNyK7LWOhFXJqaHBkJXqHWCMdyUVfA+OThog=,iv:qrR3TyiZNS49NcpmDD7BBPK3w5m1kgLSgwj//h8qvME=,tag:HeV9D9lz5xuSn7JZiKpurw==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.1" + } +} \ No newline at end of file