From f26456606b0b6631a9888c9a6aa4890bab2e3b82 Mon Sep 17 00:00:00 2001
From: uttarayan21 <email@uttarayan.me>
Date: Fri, 22 Nov 2024 20:27:10 +0530
Subject: [PATCH] feat: Use mirai as substituter

---
 common/gui.nix                |  2 +-
 common/home.nix               |  2 +-
 justfile                      |  1 -
 linux/default.nix             | 34 +++++++++++------------
 linux/hyprland.nix            |  2 +-
 nixos/mirai/configuration.nix | 17 ++++++------
 nixos/mirai/services.nix      | 52 ++++++++++++++++-------------------
 nixos/ryu/configuration.nix   |  3 ++
 secrets/secrets.yaml          |  9 ++++--
 9 files changed, 62 insertions(+), 60 deletions(-)

diff --git a/common/gui.nix b/common/gui.nix
index 594fbd9f..6d1433e7 100644
--- a/common/gui.nix
+++ b/common/gui.nix
@@ -45,7 +45,7 @@ lib.attrsets.optionalAttrs device.hasGui {
 
       seahorse
       nautilus
-      # nextcloud-client
+      nextcloud-client
       gparted
       polkit_gnome
 
diff --git a/common/home.nix b/common/home.nix
index 5446a71b..235c9fb6 100644
--- a/common/home.nix
+++ b/common/home.nix
@@ -119,7 +119,7 @@ in {
   xdg.enable = true;
   xdg.userDirs = {
     enable = device.isLinux;
-    # music = "${config.home.homeDirectory}/Nextcloud/Music";
+    music = "${config.home.homeDirectory}/Nextcloud/Music";
   };
 
   programs = {
diff --git a/justfile b/justfile
index e37aecb6..cc760c75 100644
--- a/justfile
+++ b/justfile
@@ -24,7 +24,6 @@ home:
 	nix --extra-experimental-features "nix-command flakes" run home-manager/master -- switch --flake . --show-trace
 
 local:
-    nix flake update subflakes
     nix flake update neovim
 
 nvim:
diff --git a/linux/default.nix b/linux/default.nix
index f0f2c440..febc11ac 100644
--- a/linux/default.nix
+++ b/linux/default.nix
@@ -19,22 +19,22 @@
   services.kdeconnect.enable = device.hasGui;
   services.kdeconnect.indicator = device.hasGui;
   services.swayosd.enable = device.hasGui;
-  # services.nextcloud-client = {
-  #   # enable = device.hasGui;
-  #   # startInBackground = true;
-  # };
-
-  systemd.user.services.spotify-player = {
-    Install = {WantedBy = ["graphical-session.target"];};
-    Unit = {
-      Description = "Spotify Player Daemon";
-      After = ["graphical-session.target"];
-    };
-    Service = {
-      ExecStart = "${pkgs.spotify-player}/bin/spotify_player -d";
-      Restart = "on-failure";
-      RestartSec = "5";
-      User = "${device.user}";
-    };
+  services.swaync.enable = device.hasGui;
+  services.nextcloud-client = {
+    enable = device.hasGui;
+    startInBackground = true;
   };
+  # systemd.user.services.spotify-player = {
+  #   Install = {WantedBy = ["graphical-session.target"];};
+  #   Unit = {
+  #     Description = "Spotify Player Daemon";
+  #     After = ["graphical-session.target"];
+  #   };
+  #   Service = {
+  #     ExecStart = "${pkgs.spotify-player}/bin/spotify_player -d";
+  #     Restart = "on-failure";
+  #     RestartSec = "5";
+  #     User = "${device.user}";
+  #   };
+  # };
 }
diff --git a/linux/hyprland.nix b/linux/hyprland.nix
index b95ffd60..d968850e 100644
--- a/linux/hyprland.nix
+++ b/linux/hyprland.nix
@@ -145,7 +145,7 @@
         # "${pkgs.swww}/bin/swww init; swww img ~/.local/share/dotfiles/images/wallpaper.jpg"
         "${pkgs.ironbar}/bin/ironbar"
         # "${pkgs.swayosd}/bin/swayosd-server"
-        # "${pkgs.nextcloud-client}/bin/nextcloud --background"
+        "${pkgs.nextcloud-client}/bin/nextcloud --background"
       ];
 
       "$mainMod" = "SUPER";
diff --git a/nixos/mirai/configuration.nix b/nixos/mirai/configuration.nix
index d7f59f6c..064c6bae 100644
--- a/nixos/mirai/configuration.nix
+++ b/nixos/mirai/configuration.nix
@@ -10,15 +10,13 @@
     ./services.nix
   ];
   security.sudo.wheelNeedsPassword = false;
-
-  sops.defaultSopsFile = ../../secrets/secrets.yaml;
-  sops.defaultSopsFormat = "yaml";
-  sops.age.keyFile = "/home/fs0c131y/.config/sops/age/keys.txt";
-  sops.secrets."nextcloud/adminpass" = {
-    owner = config.users.users.nextcloud.name;
-  };
-  sops.secrets."llama/user" = {
-    owner = config.services.caddy.user;
+  sops = {
+    defaultSopsFile = ../../secrets/secrets.yaml;
+    defaultSopsFormat = "yaml";
+    age.keyFile = "/home/fs0c131y/.config/sops/age/keys.txt";
+    secrets."nextcloud/adminpass".owner = config.users.users.nextcloud.name;
+    secrets."llama/user".owner = config.services.caddy.user;
+    secrets."builder/mirai/cache/private" = {};
   };
 
   # Use the systemd-boot EFI boot loader.
@@ -35,6 +33,7 @@
       build-users-group = nixbld
       extra-nix-path = nixpkgs=flake:nixpkgs
       builders-use-substitutes = true
+      secret-key-files = ${config.sops.secrets."builder/mirai/cache/private".path}
     '';
     gc = {
       automatic = true;
diff --git a/nixos/mirai/services.nix b/nixos/mirai/services.nix
index d3a1947f..4a415522 100644
--- a/nixos/mirai/services.nix
+++ b/nixos/mirai/services.nix
@@ -8,36 +8,32 @@
     factorio-headless
   ];
   sops = {
-    secrets = {
-      "authelia/darksailor/jwtSecret" = {
-        owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
-      };
-      "authelia/darksailor/storageEncryptionSecret" = {
-        owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
-      };
-    };
+    # secrets = {
+    #   "authelia/darksailor/jwtSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
+    #   "authelia/darksailor/storageEncryptionSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
+    # };
   };
   services = {
-    authelia = {
-      instances.darksailor = {
-        enable = true;
-        settings = {
-          # server = {
-          #   address = "unix:///run/authelia/authelia.sock";
-          # };
-          # session.domain = "auth.darksailor.dev";
-          access_control = {
-            rules = {
-            };
-          };
-          storage = "local";
-        };
-        secrets = {
-          jwtSecretFile = config.sops.secrets."authelia/darksailor/jwtSecret".path;
-          storageEncryptionKeyFile = config.sops.secrets."authelia/darksailor/storageEncryptionSecret".path;
-        };
-      };
-    };
+    # authelia = {
+    #   instances.darksailor = {
+    #     enable = false;
+    #     settings = {
+    #       # server = {
+    #       #   address = "unix:///run/authelia/authelia.sock";
+    #       # };
+    #       # session.domain = "auth.darksailor.dev";
+    #       access_control = {
+    #         rules = {
+    #         };
+    #       };
+    #       storage = "local";
+    #     };
+    #     secrets = {
+    #       jwtSecretFile = config.sops.secrets."authelia/darksailor/jwtSecret".path;
+    #       storageEncryptionKeyFile = config.sops.secrets."authelia/darksailor/storageEncryptionSecret".path;
+    #     };
+    #   };
+    # };
     tailscale = {
       enable = true;
     };
diff --git a/nixos/ryu/configuration.nix b/nixos/ryu/configuration.nix
index f1e604d9..adfb7811 100644
--- a/nixos/ryu/configuration.nix
+++ b/nixos/ryu/configuration.nix
@@ -1,5 +1,6 @@
 {
   pkgs,
+  config,
   device,
   ...
 }: {
@@ -20,6 +21,8 @@
       auto-optimise-store = true;
       extra-experimental-features = "nix-command flakes auto-allocate-uids";
       trusted-users = ["root" "servius"];
+      substituters = ["https://sh.darksailor.dev"];
+      trusted-public-keys = ["mirai:bcVPoFGBZ0i7JAKMXIqLj2GY3CulLC4kP7rQyqes1RM="];
     };
     extraOptions = ''
       build-users-group = nixbld
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index 015bb4f3..c786f8e0 100644
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -6,6 +6,11 @@ authelia:
     darksailor:
         jwtSecret: ENC[AES256_GCM,data:7xRxh+1DkA+CRtgbdnfQWM205DZnkhX7VvUw9Xf6sPn1TpxU6wKTVA==,iv:82Z59P2ZZAMj8bHUvWfMsIRZDdLBXOmCkLq82m6ZbRo=,tag:DwwuUs4jva4gZRhgrIdRyg==,type:str]
         storageEncryptionSecret: ENC[AES256_GCM,data:s6BtWvvF+kWmejlWCFbfl382L9hsAIItz7BvWD3mA2s3qVUV0pl92WrOS6d3gXqrRqnSy9djhk3pqmHH,iv:ChUd8CqcFvXRlCRXWOqd5U55Yn4UXImG3jJDz+kTa6s=,tag:uPnAZjI+O6kFjzZWbmFzKQ==,type:str]
+builder:
+    mirai:
+        cache:
+            private: ENC[AES256_GCM,data:W52mWGwPMIOXneH3QmnuVtALxxfczhaNvjeQiRwNjF30uP/LlQOtiMI4RPm5d90+i8ok1ampLFMFjCqt2MK+ouT6ETa0FcpB4KlV7toA5FEev5NIiLO2NT9M5Is9GQ==,iv:fkKN1VEHHCT3PEi/zZR92Z6yP4jRUjpKBXPs4QtFGAQ=,tag:sjt0YATf8BSlQC5S9y0n2w==,type:str]
+            public: ENC[AES256_GCM,data:w63JgOzg3IfLzPzESjgiqKTVmlbc6hcWLNRX8Vyl27eyXeh++agOBpmCDgxZLX/jSFc=,iv:r0Cv5bwPzCxTgDNjUJ3ExYBR5BUfuf4+8bNs2kOTzEU=,tag:SqCcc89wRwDjwEazV7M5nw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -21,8 +26,8 @@ sops:
             VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK
             ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-22T12:28:32Z"
-    mac: ENC[AES256_GCM,data:0aEEjxPmDhiBz0IaptZqBjCD8yrSSYnhmiF81qD8KqhpvOfFyx9QvAhcfJKi5ZC5eECDyu0pt95VLzCdJqD11DqGu9CcQBV2Y23i4qgbPoognV0q1KZ4AJpuViGUqFQt2QW/ESNgjVRnmOteoaOkvB3K9EWr0Jt8eXMfoOE3lMw=,iv:P/Bcbpbq0mMNm6qHPWnT2gq7fn4xirDifJdHHrDidmU=,tag:P8eHjW6oHvBzz1fcxmnEIA==,type:str]
+    lastmodified: "2024-11-22T14:39:51Z"
+    mac: ENC[AES256_GCM,data:IbgSuP9+6fzS7MqPPDwqH1JPLvoeJOUuGTlPGQDdMBkO03A8dLwjMLwipHmSX4HBMX3sUkUyZanDHFoW3LBdMSpP3jSCOUSYo2K0NeUDKKKrbuJE2J9xFRuCpQIABXfdJrbaQhG/xK1jQEkV8u6nq4bthDhyxhgV7HZmL0nqLl8=,iv:LpXyJYITejYg2zlPy9KOWr+YkHUztw3WrwgL8Ii2qzk=,tag:0s2RGAMfMGzVoNSEwPXknA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.1