snippets: add secret snippets

hosts/common/secrets.nix

@@ -72,6 +72,12 @@
     sopsFile = ../../secrets/universal.yaml;
   };
 
+  sops.secrets."snippets" = {
+    sopsFile = ../../secrets/universal/snippets.bin;
+    format = "binary";
+    owner = config.users.users.colin.name;
+  };
+
   sops.secrets."bt/car" = {
     sopsFile = ../../secrets/universal/bt/car.bin;
     format = "binary";

modules/gui/sway.nix

@@ -83,6 +83,7 @@ in
       wrapperFeatures.gtk = true;
       config = let
         fuzzel = "${pkgs.fuzzel}/bin/fuzzel";
+        sed = "${pkgs.gnused}/bin/sed";
         wtype = "${pkgs.wtype}/bin/wtype";
         kitty = "${pkgs.kitty}/bin/kitty";
         lock-cmd = "${pkgs.swaylock}/bin/swaylock --indicator-idle-visible --indicator-radius 100 --indicator-thickness 30";
@@ -95,7 +96,10 @@ in
         # "bookmarking"/snippets inspired by Luke Smith:
         # - <https://www.youtube.com/watch?v=d_11QaTlf1I>
         snip-file = ./snippets.txt;
-        snip-cmd = "${wtype} $(cat ${snip-file} | ${fuzzel} -d -i -w 60)";
+        # TODO: querying sops here breaks encapsulation
+        list-snips = "cat ${snip-file} ${config.sops.secrets.snippets.path}";
+        strip-comments = "${sed} 's/ #.*$//'";
+        snip-cmd = "${wtype} $(${list-snips} | ${fuzzel} -d -i -w 60 | ${strip-comments})";
         # TODO: next splatmoji release should allow `-s none` to disable skin tones
         emoji-cmd = "${pkgs.splatmoji}/bin/splatmoji -s medium-light type";
       in rec {

secrets/universal/snippets.bin

@@ -0,0 +1,48 @@
+{
+	"data": "ENC[AES256_GCM,data:6DbXAd9wFIdEBBdiesGiJ8ddyQ5p65XpnitIqItIBcR6taZ20HwrwAmCmDbsxPJ0FSDUnIzzsEdN3ad44e4tQW/o8iLNqRBMMB2rXLJyOiOFDg==,iv:ocfbDt0nLB+1CGSMh82XzLZEDHV3tZD6qCKDR//nIk8=,tag:S2hJR3rK2G6WJCQTBO61sw==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJSWtaTS91bS9JRjA2b0VY\ncEl6ZklsNnYzZGVKeTEyQ3JzYnNINitoZ2g0CkhqVXR4bVV6WXlsemFIZUFHczNu\nTTNJbXJvVFpJWExSWW1CN3lVZ3BYTWMKLS0tIEZzZDlmbTlDT1ZLU01EQWU2eVo5\nRmNOWlc4NDVuNG8yd2g1T2tWQUwybXMKwsTiiSFXYTzzyr7ksp6q3MviI4uAPFVB\nuWBxstuloxkcGSvklQk3zR+Y8s/BjyWFRB2dMvz7xMhTJupup0M0Tg==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBNDhHY2YxZlBBOEdzTGdS\neG9GVW9aSXUzVkpqMTcyT29IZFBCeGljRW5vClU1T2c4enhnL29PeWpOTVN0Kzlm\ndHQzQnpmZXFTZFp5aTJYaEpiRzFhRWMKLS0tIGlFVjByWXp3cE5aRU4wa2RGVkNn\nZUFicVJrUUlnZ2M3VkplOTFYUXB6ekEK4iIwDQZ5+/oB6h85yWD2jWdfE+qIr2fG\nfL3AyEIjWLdTgtFNNwoMiEWyZLKYYDNYKL4DqL+XOgh6O2XcE9wOcw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3dGtJakRaWi91REV4cUlz\nZXFPZGdScnJiRjhZZ2NsZVNjQVRuOUhMM1JRCldOVzdCK3ROQ3BSN0lCNmJBK2lr\nb0xQSkR4aEcwZHFVN3o1RTNDSDFzeXMKLS0tIC9xSGc2VTBoaHpYWkhzL2ZEeEhM\nZE4xZXdSOWkwd0U1SGVJRHhGVE1leW8KDs1OITgmYQ0VBrRzmXYmhDTTPbjjDm3g\na2F86dBYHQwyigBHGIcfOJGENSOV9gDmLnAOgc7j8krfUm1PRTjXjQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1zsrsvd7j6l62fjxpfd2qnhqlk8wk4p8r0dtxpe4sdgnh2474095qdu7xj9",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSNGhZK0MvWHNVMXdEMGQ4\nSWR2eWpiSGV2ZHFtWHNIUkU1ZWc1VmtmK0ZJClRvUE55ckZmNGp4U0t3U1BoRjNE\nbFdpYzJrbENHbVNGK3RZaEgwWnNibWMKLS0tIGhUREFaODlmMTZpMGFZZkJ6Z3VV\nQU9ZUURCL3NFZXpWUGM3ZURzcllUWHMKOAdCwbkRmZC1Ns7W2DaToIupJJZyJESe\nDBAYfynr3vCMCT5hjLm6boYbMyZAmvE4HSJs7hDgsrVfoReN9dYnyw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1vnw7lnfpdpjn62l3u5nyv5xt2c965k96p98kc43mcnyzpetrts9q54mc9v",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSNnFuNjFHSGhxbzVMY3BW\nano4YUpENmhiNm9lczgxcU1rTUhHTlMwR20wCmFaeDNFTFRJSDdmMXFFQklUdldQ\nM0lkZVhhMlltUU43ZUNGaG5PL3lCM28KLS0tIHBXNlZQZFV1V2x6cG5RNlZVN0Fj\nNnNtdXhGVldpTU4vNnVkNDZ6aERQdlkKjeYpM0lu31oO19SJuc4EJIl56GVmQi/b\nPHFOMrX1ERD6laF9/8hsPwsWUTBIhC9dHZqdRBddpRmYZZFAulyCbg==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1w7mectcjku6x3sd8plm8wkn2qfrhv9n6zhzlf329e2r2uycgke8qkf9dyn",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhL3dUWEpJaitBTWs1MDV1\nMHlWUExWcTRMcWtrVUg2ZkFWZlNpTklzWDA0ClNlMzhhYnpocWkwNWZDV3lVcGpL\nU0pJcDdWNjk1eE4xSXRWZzJqbHd3YXMKLS0tIHgydmF3NkpFcHlWLzc5K1ZrM0cr\nREhLRDlCU3FnNzhiME85U3dKNlcvMjAKw27C++42fb0Ky3GwaA9VU9P9p9+TfV+L\nhXnHArh4PQ9dSXBB1gNrpBqB60wizkbWFHZcyZax6pxdtyqIspXDfQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwNHN1NlZ4bXg1OGZ6Y3kw\nUlJFK1R3UTljdnNCdjlrZXM1eXEvby9oZ3dNCkQwN2srdVVKSjg3MUVzOEFwM2Vy\nMk9pbTdGN1p0RGtRSk0zaFhuSzF2MW8KLS0tIFNtay9FcmY3L0hjNXFaNmhlY3hm\nc05Ja2pGVWM0dFlxdCs5ODlCQ1J5b00KDZbAGiDc0yP1GtxwjASm1CZs93tQwvrO\n3jkC1rTtNCxfh8TE3tk/qFBquQcS9hmF84JWzf3LBAwr2J3VHK5AgA==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age18vq5ktwgeaysucvw9t67drqmg5zd5c5k3le34yqxckkfj7wqdqgsd4ejmt",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByTXlSVVhxczNIRGIwZEdW\nSm14aFYzTEFoSGt2SzZKc21OaVpTVmNrSXd3Cis5UTRQMzJSaVdwTkdrQmxLSlRp\nUXBGZ0huUUJnVHVHaUtyUGI4cXdrTVkKLS0tIHVWeEVsOXRRTFRZalI4bWdwcy9a\nV1EwTHhqemRFVHlZR3N4SGRibDhWZzAKVfqqfrKPWtxnIgdvgo7yTe24dleOZAIZ\nZKFCZ3NqibMaRI324E2PrJSAij0lNJyulxpLx4chA7yN84v4vuQToA==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2022-12-26T09:13:29Z",
+		"mac": "ENC[AES256_GCM,data:/bKnjVzoiyqz+HD+rT76tQiT8+bqmJfEonFK9z+c+6uDFGCLeockZ5WIHcULU3VU1kfgmkr9R8vlArIYN5vrEm8g6jS8iQgcehjGiqbF5KQHDIarHzBJdqa3ca3G98BF3HlaMYR/hpWquR7sLBcsayf6LcHdGCqiP5TnERd0TzY=,iv:TanC7jAdbH1UXNFbNN6dAOL4hiJY1U0GRWdPmaiY/Sg=,tag:gNsXTb2BTZiOhBoQmcJVDw==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.7.3"
+	}
+}