diff --git a/home/jonas@monolith.nix b/home/jonas@monolith.nix index 96ea5c8..aba9796 100644 --- a/home/jonas@monolith.nix +++ b/home/jonas@monolith.nix @@ -11,9 +11,13 @@ sops = { age.keyFile = "${home.homeDirectory}/.config/sops/age/keys.txt"; }; - sops.secrets.gotifyToken = { + sops.secrets.gotifyDaemonToken = { sopsFile = ../secrets/jonas/gotify.yaml; - key = "monolithToken"; + key = "monolithDesktopToken"; + }; + sops.secrets.gotifyCLIToken = { + sopsFile = ../secrets/jonas/gotify.yaml; + key = "cliToken"; }; # hive moduless @@ -41,7 +45,8 @@ hive.gotify = { cli.enable = true; daemon.enable = true; - tokenSopsKey = config.sops.secrets.gotifyToken.name; + cli.tokenSopsKey = config.sops.secrets.gotifyCLIToken.name; + daemon.tokenSopsKey = config.sops.secrets.gotifyDaemonToken.name; host = "gotify.jroeger.de"; }; diff --git a/modules/home/gotify.nix b/modules/home/gotify.nix index 9cd0101..188c1f4 100644 --- a/modules/home/gotify.nix +++ b/modules/home/gotify.nix @@ -6,14 +6,14 @@ }: let cfg = config.hive.gotify; cli-config = { - token = config.sops.placeholder.${cfg.tokenSopsKey}; + token = config.sops.placeholder.${cfg.cli.tokenSopsKey}; inherit (cfg.cli) url defaultPriority; }; daemon-config = { gotify = { inherit (cfg.daemon) url; - token = config.sops.placeholder.${cfg.tokenSopsKey}; + token = config.sops.placeholder.${cfg.daemon.tokenSopsKey}; auto_delete = cfg.daemon.autoDelete; min_priority = cfg.daemon.minPriority; } @@ -64,6 +64,10 @@ in { example = "http://gotify.example.com"; description = "The http url of the gotify server (for the cli tool)"; }; + tokenSopsKey = lib.mkOption { + type = lib.types.singleLineStr; + description = "The sops key of the token secret"; + }; defaultPriority = lib.mkOption { type = lib.types.int; default = 0; @@ -79,6 +83,10 @@ in { example = "ws://gotify.example.com"; description = "The websocket url of the gotify server (for the desktop tool)"; }; + tokenSopsKey = lib.mkOption { + type = lib.types.singleLineStr; + description = "The sops key of the token secret"; + }; autoDelete = lib.mkOption { type = lib.types.bool; default = false; @@ -112,10 +120,6 @@ in { example = 443; description = "The port of the gotify server"; }; - tokenSopsKey = lib.mkOption { - type = lib.types.singleLineStr; - description = "The sops key of the token secret"; - }; }; config = let diff --git a/secrets/jonas/gotify.yaml b/secrets/jonas/gotify.yaml index 7eaec14..d40a2f7 100644 --- a/secrets/jonas/gotify.yaml +++ b/secrets/jonas/gotify.yaml @@ -1,4 +1,5 @@ -monolithToken: ENC[AES256_GCM,data:fNTDbsDJ53a/h5fV1NCF,iv:skRCUDjAaIhMG1qdQAXMKIidZNKUxHFUISdgy7tTxOY=,tag:/U1cSvR3ZQGimfaQ17dt4g==,type:str] +monolithDesktopToken: ENC[AES256_GCM,data:mjyX9EjhYhOgB2Svn4E8,iv:/iOwIfa7ttM8DpnhpZma+uXHi8RWyGrhlDoBmzoEgEM=,tag:PzWQ/zIlCPjH34vNECs9iQ==,type:str] +cliToken: ENC[AES256_GCM,data:CWBcgbGYB408j+XIK9MK,iv:jZphMY9DJOZo8mLa9Vc3d3ymDOHb85QuTEg2/iTf0+Q=,tag:dvDfLA40QTpt7ftV//javg==,type:str] sops: age: - recipient: age1expg8vyduf290pz7l4f3mjzvk9f0azfdn48pyjzs3m6p7v4qjq0qwtn36z @@ -10,7 +11,7 @@ sops: clpiRTAxWUZENnhFcmhxcWN1RFFyZ1kKnQWAQpvqwX/pueV9uPiTGYaxWT66p5pK Vn0tK396IxKtx8MVivDF16oI/w63mvyLWTGU8CCUu/5Np3FRIvD75Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-30T22:05:53Z" - mac: ENC[AES256_GCM,data:7XTlZdQlbMLxt9Qwl3POFsNe+OBgpHxLMD+EmzQyiP5RTBUZWU7hZBHQCpYgNk+UbValqwr0tASXIIljEQe5HgFYf9d1BRKG9SDQSiEJh97gictp6QKmKqKoN2XaiTiiDAFMDsOWE3tTbLLmTXw0el4v+A5Ijy4v8/VuXG92tK0=,iv:2e5VGgCWFuBtmfPlKc/AvcQ91+zFuX8uvSVxXef0yiI=,tag:4Slc+jYXve9KcChf/78/kQ==,type:str] + lastmodified: "2025-10-30T23:55:47Z" + mac: ENC[AES256_GCM,data:+KEeVxj3F6GirGHIykw98FBN84krNegTZQp2+0nd711B6Q4vlDGpMNSwxiJOnz5Bzm0x48NDLAiNiBjTqipuZIz0zSnUXypBsSN5/HAhwjm079RunCENcL2YciwMMr1B2cdoOBeobVYzr/vV7P9ieOiTLTlE8542/nnNwyvmISY=,iv:U1J78i1DHAzXhHCQDZs2adKvVo+u3zsbkr68J3xMYUE=,tag:e6ymRRqVCjeemG3TcHHROQ==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0