tasks/multimedia-archive: update to service change

We'll also start using sops-nix to manage the secrets required for
extractors that have authentication.

modules/nixos/tasks/multimedia-archive/default.nix

@@ -12,7 +12,7 @@ in
     let
       yt-dlp-args = [
         # Make a global list of successfully downloaded videos as a cache for yt-dlp.
-        "--download-archive '${config.services.yt-dlp.archivePath}/videos'"
+        "--download-archive" "${config.services.yt-dlp.archivePath}/videos"
 
         # No overwriting of videos and related files.
         "--no-force-overwrites"
@@ -23,27 +23,28 @@ in
         # Embed chapter markers, if possible.
         "--embed-chapters"
 
-        # Write the subtitle file.
+        # Write the subtitle file with the preferred languages.
         "--write-subs"
+        "--sub-langs" "en.*,ja,ko,zh.*,fr,pt.*"
 
         # Write the description in a separate file.
         "--write-description"
 
         # The global output for all of the jobs.
-        "--output '%(uploader,artist,creator|Unknown)s/%(release_date>%F,upload_date>%F|Unknown)s-%(title)s.%(ext)s'"
+        "--output" "%(uploader,artist,creator|Unknown)s/%(release_date>%F,upload_date>%F|Unknown)s-%(title)s.%(ext)s"
 
         # Select only the most optimal format for my usecases.
-        "--format '(webm,mkv,mp4)[height<=?1280]'"
+        "--format" "(webm,mkv,mp4)[height<=?1280]"
 
         # Prefer MKV whenever possible for video formats.
-        "--merge-output-format mkv"
+        "--merge-output-format" "mkv"
 
         # Don't download any videos that are originally live streams.
-        "--match-filters '!was_live'"
+        "--match-filters" "!was_live"
 
         # Prefer Vorbis when audio-only downloads are used.
-        "--audio-format vorbis"
+        "--audio-format" "vorbis"
-        "--audio-quality 2"
+        "--audio-quality" "2"
       ];
       yt-dlp-archive-variant = pkgs.writeScriptBin "yt-dlp-archive-variant" ''
         ${pkgs.yt-dlp}/bin/yt-dlp ${lib.escapeShellArgs yt-dlp-args}
@@ -74,6 +75,18 @@ in
     in
     {
       environment.systemPackages = [ yt-dlp-archive-variant ];
+
+      sops.secrets =
+        let
+          getKey = key: {
+            inherit key;
+            sopsFile = lib.getSecret "multimedia-archive.yaml";
+          };
+        in
+        {
+          "multimedia-archive/secrets-config" = getKey "secrets-config";
+        };
+
       fileSystems."${mountName}" = {
         device = "/dev/disk/by-uuid/6ba86a30-5fa4-41d9-8354-fa8af0f57f49";
         fsType = "btrfs";
@@ -164,8 +177,18 @@ in
 
           # Write metadata to separate JSON files.
           "--write-metadata"
+
+          # The config file that contains the secrets for various services.
+          # We're putting as a separate config file instead of configuring it
+          # in the service properly since secrets decrypted by sops-nix cannot
+          # be read in Nix.
+          "--config" "${config.sops.secrets."multimedia-archive/secrets-config".path}"
         ];
 
+        settings.extractor = {
+          filename = "{date:%F}-{title}.{extension}";
+        };
+
         jobs = {
           arts = {
             urls = [

secrets/multimedia-archive.yaml

@@ -0,0 +1,42 @@
+secrets-config: ENC[AES256_GCM,data:DuOZXDbxX+ODhY/9P+bGBMVdl/OXKvv64WpncryJRR7cjYoOJtNKb6TrzUkZoCaO6kGdbZRhv0/EDkPwbyIsEWVcjGPAI14r3Wl1nly8pSnSpEuMUVAGQuix3zAnSw60WPlDuILZLNsneAB5,iv:LFt1959lDZn1xo4VMjX9O95BJ6rSUMwiXY/aHzzTrQU=,tag:UJFAJJ4pggSfbKNkzroudw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1say65zc678yc03tx4zexp20c9gvskvwrm4390j4x2jkepn97duhq9ptuj9
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0QlhCVFBzc25aVkJXWGdu
+            K1c1c2ZUQW5yTzNXN08wMHNBcGM4bEQ3YlhBCnUwOUpLZnR5V2h3YUl5SlNtVHhh
+            SmFuaVNDRURkd2xQYTBEemljNXdaZVEKLS0tIHBBMmEwR2gzaEViRmZlaXBNQkZi
+            TGlkQ3hBQmFscU9ZTnFQVjBZN0JEeEUKZ+KJl9JRhMMmxXyW6OhCRceaiMqMP+0y
+            oenqVW9r3yCaCw2kJSbzV2BbUar7fLYEeKDsOx+8Fe0KZFsiY2neFA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1dm9xugju4q5gx0zty8ckw655ea904c64gv9qw9fn3lu507ck8uzsag59y8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBST3Fla3EwTE8vVmlmbVlY
+            K2NaWDQ0WjAwZjhyQ1gwaVg0Q1dQU0JpN3dnCmxVcHRlTng0Ynp3eEJvb2JxQ1Fx
+            TXFQVVBOdnJQRHVNbWZYMjcza2lWTnMKLS0tIDZxaElMaFFCUWRGZzBnNmgxdFBz
+            MThjTXJzYU1MMDhCQ2hKdlN5ZTE3bm8KP9Su9bTmFkOwFa5EdYTh9jOUjmNESgza
+            Ngr+vPML9S1ssMNmR596y0qkbdYdJlOWx8sURbHaWxZvk4u3/m6+qw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2022-07-20T08:16:17Z"
+    mac: ENC[AES256_GCM,data:KOCuxHeg4VEcuzF5SWVRx5ahWAvFb+eGOyTvv5sNgA9JE7ectven0REXMM+2Qytn9+UmVVFRH4SSV89YB0BI2x2+GL+hLuLYIRCJ1/s4p9B+LIRfz6rqeo/w0ETHT+b2JjRhC99igHwksD+bLnHQo9XFcNvT2gDxvOaX+mSurSQ=,iv:+zrR7lSHLEhgtNR3/IMSnzBFoE59NJ/CzuoVz/KdauI=,tag:H59qLT3SLo4yYrzJexTryA==,type:str]
+    pgp:
+        - created_at: "2022-07-20T05:01:15Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hF4DFV150TdUJTsSAQdAR0ATG8vfRp7urdbmLo0OW3OpzqIoCnjO0WMMSDa7O00w
+            H54xE+m7rEPmblCrpcDks4G957R6Pk53cPzY8NtiNg1TNPCFf75s2jx6Mqr1RWtZ
+            1GYBCQIQupykx2Am0Vi4VKbmzx9ZELAH8IGyunxqr8xpYf3bGhfbDPfgKrFoO4U9
+            tKRio96L5UJx2qoY8vtIHB9PrbRoALNJaytmiDGj48rf1MUNubayDWbjPh9FISjB
+            Jpy89DizGzo=
+            =xcTu
+            -----END PGP MESSAGE-----
+          fp: 8FCE86932583783E515B6FE55F2B001E20ED3763
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3