diff --git a/hive.nix b/hive.nix index 427c671..4171de7 100644 --- a/hive.nix +++ b/hive.nix @@ -12,7 +12,7 @@ in { networking.hostName = name; }; - kat-probook = { name, nodes, ... }: { + kat-probook = { name, nodes, users, ... }: { deployment.allowLocalDeployment = true; imports = [ diff --git a/machines/kat-probook/configuration.nix b/machines/kat-probook/configuration.nix index a845e1d..3be8e02 100644 --- a/machines/kat-probook/configuration.nix +++ b/machines/kat-probook/configuration.nix @@ -1,11 +1,11 @@ -# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). - { config, lib, pkgs, mods, ... }: { imports = [ ./hardware-configuration.nix + + ./secrets.nix # ./router.nix ]; @@ -14,7 +14,7 @@ boot.supportedFilesystems = [ "bcachefs" ]; boot.kernelPackages = pkgs.linuxPackages_latest; - networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + networking.networkmanager.enable = true; time.timeZone = "Europe/Paris"; i18n.defaultLocale = "en_US.UTF-8"; @@ -23,21 +23,7 @@ keyMap = "fr"; }; - # Enable the X11 windowing system. - # services.xserver.enable = true; - - # security.polkit.enable = true; - # programs.light.enable = true; - nixpkgs.config.allowUnfree = true; - - # Configure keymap in X11 - # services.xserver.xkb.layout = "us"; - # services.xserver.xkb.options = "eurosign:e,caps:escape"; - - # Enable CUPS to print documents. - # services.printing.enable = true; - hardware = { pulseaudio = { enable = true; @@ -49,12 +35,6 @@ }; }; - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - programs.zsh.enable = true; - environment.systemPackages = with pkgs; [ (pkgs.callPackage {}) wget @@ -74,9 +54,6 @@ font-awesome ]; - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; programs.gnupg.agent = { enable = true; enableSSHSupport = true; @@ -101,43 +78,9 @@ }; services.netbird.enable = true; - boot.kernelModules = [ "kvm-intel" "kvm-amd" ]; - programs.virt-manager.enable = true; - virtualisation.libvirtd.enable = true; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system. - # - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.stateVersion = "23.11"; # Did you read the comment? + # boot.kernelModules = [ "kvm-intel" "kvm-amd" ]; + # programs.virt-manager.enable = true; + # virtualisation.libvirtd.enable = true; + system.stateVersion = "23.11"; } - diff --git a/machines/kat-probook/secrets.nix b/machines/kat-probook/secrets.nix new file mode 100644 index 0000000..e1d59df --- /dev/null +++ b/machines/kat-probook/secrets.nix @@ -0,0 +1,20 @@ +let + cat-owned = { + owner = "catvayor"; + group = "users"; + mode = "400"; + }; +in +{ + age.identityPaths = [ + "/root/.ssh/passwd" + ]; + age.secrets = { + mails-laposte = cat-owned // { file = ./secrets/mails-laposte.age; }; + mails-dgnum = cat-owned // { file = ./secrets/mails-dgnum.age; }; + mails-kat = cat-owned // { file = ./secrets/mails-kat.age; }; + clipper = cat-owned // { file = ./secrets/clipper.age; }; + "geek.gle" = cat-owned // { file = ./secrets/geek.gle.age; }; + "pro.gle" = cat-owned // { file = ./secrets/pro.gle.age; }; + }; +} diff --git a/machines/kat-probook/secrets/clipper.age b/machines/kat-probook/secrets/clipper.age new file mode 100644 index 0000000..7f0ce32 --- /dev/null +++ b/machines/kat-probook/secrets/clipper.age @@ -0,0 +1,6 @@ +age-encryption.org/v1 +-> ssh-ed25519 E2Pe/w fKbPvFIJAXM8TDFmo4XTPJE4pGgd7wlaESQStoarJzU +stVwG/E9IZrBFERM5nvFZ90cPTU9h5jhvyxPzyPdiJw +--- 5GMhLnktvFb3jPYjdUtBluxtBy/Qh2RwHiaWevBBpxk +Y 86 +좻)F?`1>3zT7:2 \ No newline at end of file diff --git a/machines/kat-probook/secrets/geek.gle.age b/machines/kat-probook/secrets/geek.gle.age new file mode 100644 index 0000000..f0ae36e --- /dev/null +++ b/machines/kat-probook/secrets/geek.gle.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 E2Pe/w IBQxzBU0CK1apU9wBAHzK0KRBz6+oOtNKPJf7xop5Rk +VPvTUf/E4ufpMcV/rcA86vqaGorbeYotkfi+WJvszrY +--- M1xL9158btC4gMcnkzW4O1AIq0Cp29vbuMHgx7r/ikk +Wvw,a0UwTaî !,-Qa \ No newline at end of file diff --git a/machines/kat-probook/secrets/mails-dgnum.age b/machines/kat-probook/secrets/mails-dgnum.age new file mode 100644 index 0000000..b62f3fe --- /dev/null +++ b/machines/kat-probook/secrets/mails-dgnum.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 E2Pe/w Q5+tIZotkH9PWuowU9kFoPxWhNZxV2VnATpZWNJNgCA +uAfcjgxBaZFIqbgJ0McQ00zJehvuStu93OxuGUpUfzw +--- 9/EmJlBSamkUNoIO6FcvJgTh1uUNp/I2DDEdBULq1vA +U= 3V;47Wxg(Č)i/ CAKVbnܞ@|{x`dLtFr7Φͯe^ߋEcUcDJzZoZVͤ &.qF8dr ̻^#IϛDLJnwNua! w!Te:11q \ No newline at end of file diff --git a/machines/kat-probook/secrets/mails-kat.age b/machines/kat-probook/secrets/mails-kat.age new file mode 100644 index 0000000..333804c --- /dev/null +++ b/machines/kat-probook/secrets/mails-kat.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 E2Pe/w vxqJ5Fi91BQTuDee/sfgCP/OKSr0MI0+ZW9Z1ANatSo +n2tjy8ZGys903UL3Jds+DZdITPleaiog9tiVxbTQKK4 +--- D/267emJgBVqQs8zwXJXyVaX/w9PHIrw1xQWF379Qt0 +|ruDpۯ2B5t) ~M.2fc/ ]=3qL*"30ɫ \ No newline at end of file diff --git a/machines/kat-probook/secrets/mails-laposte.age b/machines/kat-probook/secrets/mails-laposte.age new file mode 100644 index 0000000..25fa4de --- /dev/null +++ b/machines/kat-probook/secrets/mails-laposte.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 E2Pe/w 5BundyCk4QzQLGoJH1gK1MnTz1Fq3SVBRoIQfGfKkR4 +5K/y5un1RaYDr+k4I1NMqlPgZ4YppTwsIv7QckonlH0 +--- OiYieMVqXV1kkd4/NdeZH7tK4xSMTJaYii89jC0XuLw +hA qf@o鉒Vc|6k{0X2nJw \ No newline at end of file diff --git a/machines/kat-probook/secrets/pro.gle.age b/machines/kat-probook/secrets/pro.gle.age new file mode 100644 index 0000000..a69e8cb --- /dev/null +++ b/machines/kat-probook/secrets/pro.gle.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 E2Pe/w CbIRO5NPZT3HFrlXldeBrrZKWV32RSYhPl/7AyLP9xw +NC/F2n3q0DSOzj7DOvtC3GazTQLGFTY3eDNE+z9+rnM +--- d05OfbEL/yBRLe/Gg7b8aha41wuL6gTJfkFgSVPdVfM +%JUO˿I?˭8"bH0/1Z@ʀQV&^Kg~2&d-1"N8Nl7jmtOxEEB£A؍#6n"=9s\@zי&F_v\G \ No newline at end of file diff --git a/machines/kat-probook/secrets/secrets.nix b/machines/kat-probook/secrets/secrets.nix new file mode 100644 index 0000000..77e20a4 --- /dev/null +++ b/machines/kat-probook/secrets/secrets.nix @@ -0,0 +1,10 @@ +let + pub-key = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBtlIx8XVse0m+Aqf4DuxzYdeF6gh/nObNzfrHJOn3Ik" ]; +in { + "mails-laposte.age".publicKeys = pub-key; + "mails-dgnum.age".publicKeys = pub-key; + "mails-kat.age".publicKeys = pub-key; + "clipper.age".publicKeys = pub-key; + "geek.gle.age".publicKeys = pub-key; + "pro.gle.age".publicKeys = pub-key; +} diff --git a/modules/mail.nix b/modules/mail.nix index b38ce35..a14145d 100644 --- a/modules/mail.nix +++ b/modules/mail.nix @@ -1,18 +1,15 @@ -{ - programs.thunderbird = { +{ pkgs, config, ... }: { + programs.aerc = { + extraConfig.general.unsafe-accounts-conf = true; enable = true; - profiles."nix" = { - isDefault = true; - }; }; - accounts.email.accounts = let - thunderbird = { enable = true; profiles = [ "nix" ]; }; + aerc = { enable = true; }; in { "ens" = { primary = true; - inherit thunderbird; + inherit aerc; address = "lubin.bailly@ens.psl.eu"; realName = "Lubin Bailly"; userName = "lbailly"; @@ -21,7 +18,7 @@ showSignature = "append"; text = "Lubin Bailly"; }; - # passwordCommand + passwordCommand = "cat /run/agenix/clipper"; imap = { host = "clipper.ens.psl.eu"; port = 993; @@ -34,7 +31,7 @@ }; }; "katmail" = { - inherit thunderbird; + inherit aerc; address = "catvayor@katvayor.net"; realName = "catvayor"; userName = "catvayor@katvayor.net"; @@ -43,7 +40,7 @@ showSignature = "append"; text = "catvayor"; }; - # passwordCommand + passwordCommand = "cat /run/agenix/mails-kat"; imap = { host = "ssl0.ovh.net"; port = 993; @@ -56,7 +53,7 @@ }; }; "dgnum" = { - inherit thunderbird; + inherit aerc; address = "catvayor@dgnum.eu"; realName = "catvayor"; userName = "catvayor@dgnum.eu"; @@ -65,7 +62,7 @@ showSignature = "append"; text = "catvayor"; }; - # passwordCommand + passwordCommand = "cat /run/agenix/mails-dgnum"; imap = { host = "kurisu.lahfa.xyz"; port = 993; @@ -79,7 +76,7 @@ }; }; "gmail.geek" = { - inherit thunderbird; + inherit aerc; address = "lubin.geek@gmail.com"; realName = "Lubin Bailly"; userName = "lubin.geek@gmail.com"; @@ -88,7 +85,7 @@ showSignature = "append"; text = "Lubin Bailly"; }; - # passwordCommand + passwordCommand = "cat /run/agenix/geek.gle"; imap = { host = "imap.gmail.com"; port = 993; @@ -101,7 +98,7 @@ }; }; "gmail.pro" = { - inherit thunderbird; + inherit aerc; address = "lubin.bailly@gmail.com"; realName = "Lubin Bailly"; userName = "lubin.bailly@gmail.com"; @@ -110,7 +107,7 @@ showSignature = "append"; text = "Lubin Bailly"; }; - # passwordCommand + passwordCommand = "cat /run/agenix/pro.gle"; imap = { host = "imap.gmail.com"; port = 993; @@ -123,7 +120,7 @@ }; }; "laposte" = { - inherit thunderbird; + inherit aerc; address = "lubin-bailly@laposte.net"; realName = "Lubin Bailly"; userName = "lubin-bailly"; @@ -132,7 +129,7 @@ showSignature = "append"; text = "Lubin Bailly"; }; - # passwordCommand + passwordCommand = "cat /run/agenix/mails-laposte"; imap = { host = "imap.laposte.net"; port = 993; diff --git a/users/catvayor.nix b/users/catvayor.nix index e668411..c5b55bd 100644 --- a/users/catvayor.nix +++ b/users/catvayor.nix @@ -24,7 +24,7 @@ home-manager.users.catvayor = { home.stateVersion = "23.11"; - imports = with mods.home; [ neovim zsh sway ssh ]; + imports = with mods.home; [ neovim zsh sway ssh mail ]; home.packages = with pkgs; [ wl-clipboard