nicotine: ship creds statically, as secrets
This commit is contained in:
@@ -1,18 +1,23 @@
|
||||
# soulseek filesharing GUI app
|
||||
# note that when you run this GUI, that seems to kick off the slskd daemon
|
||||
{ pkgs, ... }:
|
||||
{ ... }:
|
||||
{
|
||||
sane.programs.nicotine-plus = {
|
||||
sandbox.method = "bwrap";
|
||||
sandbox.whitelistDri = true; #< required, else it fails to launch the gui
|
||||
sandbox.whitelistWayland = true;
|
||||
sandbox.net = "vpn";
|
||||
|
||||
persist.byStore.private = [
|
||||
# ".config/nicotine": contains the config file, with plaintext creds.
|
||||
# TODO: define this as a secret instead of persisting it.
|
||||
sandbox.extraHomePaths = [
|
||||
"Music"
|
||||
# on run, nicotine will try to move the initial config to `config.old`
|
||||
# and then update the config on disk. it errors if it can't `mv` it like that.
|
||||
".config/nicotine"
|
||||
];
|
||||
|
||||
# the config has loooads of options, but the only critical one is auth/creds.
|
||||
# run with ~/.config/nicotine in the sandbox and nicotine will derive the whole config
|
||||
# and write back *all* options for you to then edit further.
|
||||
secrets.".config/nicotine/config" = ../../../secrets/common/nicotine-config.bin;
|
||||
persist.byStore.plaintext = [
|
||||
".local/share/nicotine/downloads"
|
||||
];
|
||||
|
||||
52
secrets/common/nicotine-config.bin
Normal file
52
secrets/common/nicotine-config.bin
Normal file
@@ -0,0 +1,52 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:rZRPvSvOM8nmdEQRASCuAuuzNp9hyAxf96JfVVhReV4iiXBYYL5vtZwEgqF7lBrp+jiCrca45R5avW5xrNxNulFVJU22qqrqiF7uwFmk++4t2xI0ummFS4GtlG+eqk4GB5z5AHKSW1LYHW8G6ABSlOExgM986BQkBb4S5RFOs3hBY1CSXaiCTBn89DGHFrWs/tt9bYaGolu/IJKMpAP+sndXAz3U0cwqnd+XsGLEmgo8xBha25qE5ZPeoW+zUIGb4Cu4IUabUFYc9Rtjqf9CxEPqHKomuQwHpnCmzhM1paEOHsv4ZHYIW27N/lZl/zjZ3+lXGUd9exw74C32Um50ZZeTPd4t,iv:kWyFPz/qb0PSWewAF4/CuUnApWQ5+IUv9zeoOlncYP0=,tag:SbVLdIpqhK+dtn6zG5Xg3g==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1VVZXRjIxOGNsbXJ4MXdB\nbUJwZ2dicnhKbmZweG9FTXJhRXpoVmFsaEVvCm9SWkxBQjBBSFpQRnY4amZXa2x4\nZEZybjRBYnVITURtdHlKRlg4blNkNEUKLS0tIHF4NFk3Qmw1QVBPK3J6bDFYNjBk\na0VVaEV5Q3NXVHQvMXRKd1RHZjFBVEkKCdZqOo2NERQcdn75HolVm3CatVfUt9mv\nqr5aoc0kkXCr9qN4CpHi39LYoBepxbTMS4OjIqlB/c+/n0U5RfddnQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVYlFYSVVydXhYWERHV05p\nenlCak4wM0d3YTJiL1J2bm5VTEg3eGE4cmxvClA5T25JT0FFUFhOdWxNUVdDU01t\naVV3d0F2dllsWVJvaTV0bC9VV2hvMUEKLS0tIEhSRnFtZThiUEhWUlBGVk50ZDBw\neVpUaWxQb1hwZHN2U21qN0YyMUV2WHMKyIPAceXSsfOPDT+HAyBcDox+/Ryjd0LI\nMqpw+7f3GbI49mzew1NLgPJHOFLusHr/iAGykCBnnJoed38exHTOMg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5ZXNURlJIeXRGK2RZSkhD\nTy9Ud0FNMllYRFFEKzBwL0k2Mkk1S0lPS0VFCmplU24vdmVrZ3NKd1FsY0NWZHRC\nczRLWm5iUkhmZm83ZnhSMFZVN1dPcncKLS0tIDRSajAvQTBPUWpsMkhLQmE3UGhP\ncDlYYzllSmF3TmNldm1tNGU2azNqMDQKd5skauMW66NfM8mrwNcs/U9VrqadhAej\ncZTTAcDBIqVpWxmBm8xlScBTuMRbBcR4+WX9bLv3ENRi5THHVDXG3w==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1zsrsvd7j6l62fjxpfd2qnhqlk8wk4p8r0dtxpe4sdgnh2474095qdu7xj9",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMbWU1RExQb25yN0xRQllV\nbTZZMVZTRHovSnJhYWlCRGlFVHBUaldxSFg0CjBGeGpRclRBSjd2MWE5T0l1SnZo\nL2grMDBiVWZwQ1ZWUXdFSGR0RGhFVFUKLS0tIHJTUlJMYlZ4UUVyc1F2Q2xxdjZS\nUnZSdWxyNUdtWEtYemZ2MlJmZEtxYUEKw/PZkP/tYyguXrjHGVw+cACRiQV6kQ+t\ncGqlM8fpnce6Jnk9jDZZM0z1Xf/nov0IHMl1Nk/VA9UOBvQMXJY5zA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1hl50ufuxnqy0jnk8fqeu4tclh4vte2xn2d59pxff0gun20vsmv5sp78chj",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsR2N5QWFkanZQN3k2SEgr\nZXAxRGdPOTB3NG5TWjhwSWJyenpidmFidVRZCnFDd0VVZ1I5c2JBOVBYWUx1UXVW\ncnRIZFpleVhBejBONzE4YzFuSHoxbWcKLS0tIG4rR3RPQ0lpV0JPTU9NUml4aEhk\nc083ZzB4cXdxdkRMekpWWWhRdnlJRGMK+B1O1eP8SAUFbUSqTpZ0tO7/i36sioZD\nZklWSqtPUxMlF7v7dzCv4NsZpMxuJEizMY1buLwQcwfWjrBWI64UpA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1vnw7lnfpdpjn62l3u5nyv5xt2c965k96p98kc43mcnyzpetrts9q54mc9v",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmWE9oT0hoNTlTVDJtbEt3\nVFhPcDk1MURhenA5N2NLQVdvcVlOZGxyVnk4CkkyL3RJU3pLVmx4MzRMNFprcW1C\nb2xNU1NvdURscng0NFo4dVJWd1FSNGMKLS0tIG04dVozWE5vV0hGcmNXemFCeWNI\nVGRKUlVob1ZtMDJ0SFFHNlZNL1FpL0kKv1UxfRRill7AjNOTG4uWBoc3Oh87xZtV\nerciHpaERvQkpuyT5XAjqWOMDOaLCX90xSn3v4U9QqGjv81aZPh1Uw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1w7mectcjku6x3sd8plm8wkn2qfrhv9n6zhzlf329e2r2uycgke8qkf9dyn",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDRFVYa2dMeUxrUlAzbFVs\nVUdVNGx1ZlhRdU1JODFoRWZROVFCcnhGbEQ4CjJNaWFXK0NKMWYyZnBrV2ZEMzNq\nODNnZU5VV2VXcDFxUHdTbkwxY05VZ0UKLS0tIE12cWhBM2VDN0xIKzFURy9tL1Rw\nY0huYmZ4N1BLeTlZQTkycFFBaGMxa00KhzUIav484KueGtfaJAyEFvABZuQkIdU8\nBMqQbTBGzxrZOkbyL1o0d1wu3yGNIFr2gDIwiVQhmQSJXzRhyrkqAg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmTGpCKzRsRUlkbWtjTTNQ\naEh3NUNDZWpFOEk4NmFUOE9BMTlMYUJwTkNFCjFxUGJMcXFMZkVKczFNa2RTb3Rr\nZ2J1R1dHRURVT2pzVERTRWlaYkkrYU0KLS0tIFR3WWUvRG5oaENUSjFiV0tMbFpR\ndUMvb2FQN2tSS2Y1Y3dGU3o1c01tODAKulK/vIUSAVhw28xBg+XenlvloD/C2hqs\n9kX3SYlXXvkossxVbk7HJVoiOiBvKjNq8mj7Uyy7Psn3ymYN4CKApQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age18vq5ktwgeaysucvw9t67drqmg5zd5c5k3le34yqxckkfj7wqdqgsd4ejmt",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVV1FweXE1UEE5alovaDVq\nNDFZN0VYc3NERVFoWWFCWWV6T2M2WlJMVlRZCkdSY2IrVHVHeXI0OGVZV3FSbUp1\nNEY5VlZid0xoaHM1Zm9TY1FVSUIrbnMKLS0tIE02ZXVkOXFQNGVaR052eGlMQjMz\nbE0vazlXVmtidWEwaDhzVjc4eWJ6ZEUK1ZT6/eLfusTMBhkocOALl/L4wB2lEemf\nmF4fojRZ8sgQpX5rjKs0491Ytbpikh4iFz1mUuxZrOMhMF0tgPIzZw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-07-20T15:06:40Z",
|
||||
"mac": "ENC[AES256_GCM,data:ber4hNVCWN9FboUMCcZQu+AgiR8B94gR71d/q+g0AJ4o53gn3/1bm2WP27hRBPFSyP1BK9DxPTAGXbvQKwyovGQ1iV+tXn+TJDK1udef6QO9zWWkTzvXGTI2zbIA3omVJh8wguvOCm/IBGTgyLQcKCDA8b9EojgRZUFX37odrpw=,iv:Fr/in53apRdbyUxIzSZXv4vzpXoa74wAunwvRMY1y3w=,tag:D+2gLgGQ6HUxllETtmj6gQ==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.9.0"
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user