encrypted gallery-dl secrets

2025-10-02 12:52:14 -06:00
parent b915571fb2
commit e4d8b16ee6
4 changed files with 75 additions and 10 deletions
--- a/modules/shell/multimedia.nix
+++ b/modules/shell/multimedia.nix
@@ -7,6 +7,11 @@
 {
  options.my.shell.multimedia.enable = lib.mkEnableOption "multimedia CLI tools and codecs";
  config = lib.mkIf config.my.shell.multimedia.enable {
+    sops.secrets."gallery-dl/secrets" = {
+      sopsFile = ../../secrets/gallery.yaml;
+      owner = "jawz";
+      mode = "0400";
+    };
    home-manager.users.jawz.programs = {
      yt-dlp = {
        enable = true;
@@ -21,6 +26,15 @@
        enable = true;
        settings = import ../../dotfiles/gallery-dl.nix;
      };
+      ${config.my.shell.type} = {
+        initExtra = lib.mkAfter ''
+          if [ -r "${config.sops.secrets."gallery-dl/secrets".path}" ]; then
+            set -a  # automatically export all variables
+            source "${config.sops.secrets."gallery-dl/secrets".path}"
+            set +a  # stop automatically exporting
+          fi
+        '';
+      };
    };
    users.users.jawz.packages = builtins.attrValues {
      inherit (pkgs)