feat: television (fuzzy finder)

config/hosts/imxyy-nix-server/build.nix

@@ -1,12 +1,12 @@
 {
   config,
   pkgs,
-  sopsRoot,
+  secrets,
   ...
 }:
 {
   sops.secrets.et-imxyy-nix-server-nixremote = {
-    sopsFile = sopsRoot + /et-imxyy-nix-server-nixremote.toml;
+    sopsFile = secrets.et-imxyy-nix-server-nixremote;
     format = "binary";
   };
   environment.systemPackages = [ pkgs.easytier ];

config/hosts/imxyy-nix-server/minio.nix

@@ -1,7 +1,7 @@
-{ config, sopsRoot, ... }:
+{ config, secrets, ... }:
 {
   sops.secrets.minio-env = {
-    sopsFile = sopsRoot + /minio.env;
+    sopsFile = secrets.minio;
     format = "dotenv";
   };
   services.minio = {

config/hosts/imxyy-nix-server/net.nix

@@ -3,7 +3,7 @@
   lib,
   pkgs,
   username,
-  sopsRoot,
+  secrets,
   ...
 }:
 {
@@ -143,7 +143,7 @@
   ];
 
   sops.secrets.dae-imxyy-nix-server = {
-    sopsFile = sopsRoot + /dae-imxyy-nix-server.dae;
+    sopsFile = secrets.dae-imxyy-nix-server;
     format = "binary";
   };
   services.dae = {
@@ -152,7 +152,7 @@
   };
   systemd.services.dae.after = [ "sops-nix.service" ];
   sops.secrets.mihomo = {
-    sopsFile = sopsRoot + /mihomo.yaml;
+    sopsFile = secrets.mihomo;
     format = "yaml";
     key = "";
   };
@@ -164,7 +164,7 @@
   };
 
   sops.secrets.frp-env = {
-    sopsFile = sopsRoot + /frp.env;
+    sopsFile = secrets.frp;
     format = "dotenv";
   };
   systemd.services.frp.serviceConfig.EnvironmentFile = [
@@ -475,7 +475,7 @@
   };
 
   sops.secrets.et-imxyy-nix-server = {
-    sopsFile = sopsRoot + /et-imxyy-nix-server.toml;
+    sopsFile = secrets.et-imxyy-nix-server;
     format = "binary";
   };
   environment.systemPackages = [ pkgs.easytier ];

config/hosts/imxyy-nix-server/nixos.nix

@@ -2,7 +2,7 @@
   lib,
   config,
   username,
-  sopsRoot,
+  secrets,
   ...
 }:
 {
@@ -23,7 +23,7 @@
   environment.variables.NIX_REMOTE = "daemon";
 
   sops.secrets.imxyy-nix-server-hashed-password = {
-    sopsFile = sopsRoot + /imxyy-nix-server-hashed-password.txt;
+    sopsFile = secrets.imxyy-nix-server-hashed-password;
     format = "binary";
     neededForUsers = true;
   };

config/hosts/imxyy-nix-server/note.nix

@@ -1,16 +1,16 @@
 {
   config,
-  sopsRoot,
+  secrets,
   ...
 }:
 {
   sops.secrets = {
     flatnote-env = {
-      sopsFile = sopsRoot + /flatnote.env;
+      sopsFile = secrets.flatnote;
       format = "dotenv";
     };
     siyuan-env = {
-      sopsFile = sopsRoot + /siyuan.env;
+      sopsFile = secrets.siyuan;
       format = "dotenv";
     };
   };

config/hosts/imxyy-nix-server/vault.nix

@@ -1,7 +1,7 @@
-{ config, sopsRoot, ... }:
+{ config, secrets, ... }:
 {
   sops.secrets.vaultwarden-env = {
-    sopsFile = sopsRoot + /vaultwarden.env;
+    sopsFile = secrets.vaultwarden;
     format = "dotenv";
   };
   services.postgresql.ensureUsers = [

config/hosts/imxyy-nix-x16/net.nix

@@ -1,7 +1,7 @@
 {
   config,
   pkgs,
-  sopsRoot,
+  secrets,
   ...
 }:
 {
@@ -53,7 +53,7 @@
   };
 
   sops.secrets.dae-imxyy-nix-x16 = {
-    sopsFile = sopsRoot + /dae-imxyy-nix-x16.dae;
+    sopsFile = secrets.dae-imxyy-nix-x16;
     format = "binary";
   };
   services.dae = {
@@ -62,7 +62,7 @@
   };
   systemd.services.dae.after = [ "sops-nix.service" ];
   sops.secrets.mihomo = {
-    sopsFile = sopsRoot + /mihomo.yaml;
+    sopsFile = secrets.mihomo;
     format = "yaml";
     key = "";
   };
@@ -74,7 +74,7 @@
   };
 
   sops.secrets.et-imxyy-nix-x16 = {
-    sopsFile = sopsRoot + /et-imxyy-nix-x16.toml;
+    sopsFile = secrets.et-imxyy-nix-x16;
     format = "binary";
   };
   environment.systemPackages = with pkgs; [

config/hosts/imxyy-nix-x16/nixos.nix

@@ -1,9 +1,8 @@
 {
-  lib,
   pkgs,
   config,
   username,
-  sopsRoot,
+  secrets,
   ...
 }:
 {
@@ -134,7 +133,7 @@
   ];
 
   sops.secrets.imxyy-nix-rclone = {
-    sopsFile = sopsRoot + /imxyy-nix-rclone.conf;
+    sopsFile = secrets.imxyy-nix-rclone;
     format = "binary";
   };
   fileSystems = {

config/hosts/imxyy-nix/net.nix

@@ -2,8 +2,7 @@
   config,
   lib,
   pkgs,
-  sopsRoot,
-  username,
+  secrets,
   ...
 }:
 {
@@ -86,7 +85,7 @@
   };
 
   sops.secrets.dae-imxyy-nix = {
-    sopsFile = sopsRoot + /dae-imxyy-nix.dae;
+    sopsFile = secrets.dae-imxyy-nix;
     format = "binary";
   };
   services.dae = {
@@ -95,7 +94,7 @@
   };
   systemd.services.dae.after = [ "sops-nix.service" ];
   sops.secrets.mihomo = {
-    sopsFile = sopsRoot + /mihomo.yaml;
+    sopsFile = secrets.mihomo;
     format = "yaml";
     key = "";
   };
@@ -107,7 +106,7 @@
   };
 
   sops.secrets.et-imxyy-nix = {
-    sopsFile = sopsRoot + /et-imxyy-nix.toml;
+    sopsFile = secrets.et-imxyy-nix;
     format = "binary";
   };
   environment.systemPackages = [ pkgs.easytier ];

config/hosts/imxyy-nix/nixos.nix

@@ -3,7 +3,7 @@
   pkgs,
   config,
   username,
-  sopsRoot,
+  secrets,
   ...
 }:
 let
@@ -225,7 +225,7 @@ in
   ];
 
   sops.secrets.imxyy-nix-rclone = {
-    sopsFile = sopsRoot + /imxyy-nix-rclone.conf;
+    sopsFile = secrets.imxyy-nix-rclone;
     format = "binary";
   };
   fileSystems = {

flake.nix

@@ -185,7 +185,14 @@
               outputs
               hostname
               ;
-            sopsRoot = ./secrets;
+            secrets =
+              with lib.haumea;
+              load {
+                src = ./secrets;
+                loader = [
+                  (matchers.always loaders.path)
+                ];
+              };
           }
           // vars;
           modules =

modules/cli/misc.nix

@@ -80,6 +80,10 @@ lib.my.makeSwitch {
         enableAutoUpdates = true;
         settings.updates.auto_update = true;
       };
+      programs.television = {
+        enable = true;
+        enableZshIntegration = true;
+      };
     };
   };
 }

modules/nix.nix

@@ -3,6 +3,7 @@
   config,
   lib,
   pkgs,
+  secrets,
   ...
 }:
 lib.my.makeSwitch {
@@ -48,6 +49,14 @@ lib.my.makeSwitch {
       ];
     };
 
+    sops.secrets.nix-github-token = {
+      sopsFile = secrets.nix-github-token;
+      format = "binary";
+    };
+    nix.extraOptions = ''
+      !include ${config.sops.secrets.nix-github-token.path}
+    '';
+
     # uncomment to enable auto gc
     /*
       nix.gc = {

modules/user.nix

@@ -4,7 +4,7 @@
   pkgs,
   username,
   userdesc,
-  sopsRoot,
+  secrets,
   ...
 }:
 lib.my.makeSwitch {
@@ -16,7 +16,7 @@ lib.my.makeSwitch {
     programs.zsh.enable = true;
 
     sops.secrets.imxyy-nix-hashed-password = {
-      sopsFile = sopsRoot + /imxyy-nix-hashed-password.txt;
+      sopsFile = secrets.imxyy-nix-hashed-password;
       format = "binary";
       neededForUsers = true;
     };

secrets/nix-github-token.conf

@@ -0,0 +1,27 @@
+{
+	"data": "ENC[AES256_GCM,data:qSfqMFxikz62vn1V+RxswNkkwqyQQriu1uwtMp/D94MKc4eLL+nbXbL7y5KzR1/DndMQMfrqmJdLpyPEUHkJT5r5jzW/nWVr38blvw1aqyU7TZFOiE+hKnQOJmjY+3Aq4Hgs4pDNNWUdHlphkf1vhMNJ2feZyjPlbw==,iv:ANO9NAKltzSS1EpM8om+7fjOdLMkdw3oYqeGpis+vgE=,tag:JI6RHeNDQINLKUSijEyxbw==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age1jf5pg2x6ta8amj40xdy0stvcvrdlkwc2nrwtmkpymu0qclk0eg5qmm9kns",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJY2J3dEJpTnhhVHcwY2tR\nSUttdW9vVCtnVDlPSjY1RmgyaVBLU0haV0FFCkR4Z0lIT3pEclZwc0FvNnozNzVa\nY05SaHZYeXJsUmhLYWxLN2JFRzllWGMKLS0tIHdqK3Zwb2FtY3lPVUc3TUloMXpk\nWlpyWFpLZnRNVnRZeHVCTmcxd1dob1kKe8GkgjHfA7i0N+Uurf4blkoAKrIgqKFK\n3Oore9s6WepbA81eA+xAuozQGLbCISufcmePKa7S1UWTYdsWTW1Tfg==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1hpgg6psejh4y6jcdd34wxuml75fnweqpe0kh8376yqsctsfn9qxs037kk6",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiNUxEWDJTUys1RnVrTW9x\nWDBQVitHV0tUSFdJTGZNUGVseHdOWFJ2NHcwCkxlT2xXUDZRUk5pUWNJdU9GUS9H\nNEtzdlVsckdscWZiQUZYL0RwWFd4SUUKLS0tIEF1NjZZNVVDdTc1ckpBRHNaSlQ2\nc1o4ZnFaWkpZL1d0MUtaWExTTWh5RjAKcR5TAybOqaYZBBZpm2OUcS919x1SBvuw\nH/1bgJTRLzzLeSgMRz0Uq/Gf4UPhcs25Um/Y6l4l5bNuqKNGhZEyzA==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1r0fv0tagxupfacv0aaxk5ss7sqvswv6kq8tk3x46ndqrj6f5afvqegahxq",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwUmJodXN4THBraGpsVytO\nTkpWNHpmTm1NVnFiand4aGdnKzdELzY4emhBCldZRVdWSHBmZ2hDZ2F3bWR6eVBs\ncUF2eEg1alpYaE5sOGN6SU1jOC8zU00KLS0tIE5FeG5MTW80dG5NSkc0Qzl4WElE\nSmFHcmFwcHNsN0hjOGJJNjhMK3pyL3cKZ9NscSDpi7gaRDPIZweq70YwHEp73Z3Q\nUby/vj/LUl3ellAKFWiMibuZ3TjdfZrjGfhxN1Hq4eN4zd3n5UbLnw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1tp7th3rrv3x0l6jl76n0hjqjp223w2y586pkgr0hcjwdm254jd5shkj6a8",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3WUNZZGQrY05SUDJ5ZUdM\nRnc0MUc3SW5pK1JkTW1HT1oraDJhV0pvNlhRCmdwNHpLSzFYaUVtR2U2dzREa3h4\nWGVpbElES2dKalk0aGZSY3VBKzFNRW8KLS0tIFU0RmVuUWZsU2w2eUJ0QTYvTU5U\nTEFBdElDYnRaWDdkUE5HVUJ4Yy9nczAKAClAVe5wDhv3Ibt9auzTW1Jd8lej59uh\nSIC9MicNIm8Vkbc8MflGW07wkFWZE84KXw2eoP0e0vdHSWxP99hchg==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2025-07-22T09:31:55Z",
+		"mac": "ENC[AES256_GCM,data:fm3hg9bCZP71zLnOYCRofWAB2ohIVIW+2M5QgzkmaO7pnnXHtsnCXrtOiNn5nM/p9Sx29o9reL3iAzMiD5gWT2crnSVu5dWglbpp1HGHnGCycxmCRcQcXuUWWAHNl0+HGBMOW9Bh8gxug9Hhs0eRPYhAMoqFCyiCtlpJT/dROHQ=,iv:2cSLRaa1MKlZvHaXt9Mz5houkBVHaehlxiqbSN4nhNE=,tag:Vhi9ObK6uYA9Dh68+gMe8A==,type:str]",
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.10.2"
+	}
+}