Much change, kinda broke my git history

2025-03-25 21:30:52 +01:00 · 2021-12-22 22:16:48 +01:00 · 2021-12-22 22:16:48 +01:00 · 4b0d80d349
commit 4b0d80d349
parent 077322deaf
13 changed files with 108 additions and 19 deletions
--- a/base.nix
+++ b/base.nix
@ -2,25 +2,26 @@

 {

-  imports = [ 
+  imports = [
    ./users/default.nix
-    ./users/julien.nix 
+    ./users/julien.nix
  ];
  luj.nix.enable = true;
+  luj.secrets.enable = true;
+  luj.ssh-server.enable = true;

  sops.defaultSopsFile = ./secrets/secrets.yaml;
-  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key"];
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];

  time.timeZone = "Europe/Paris";
-    i18n.defaultLocale = "en_US.UTF-8";
-    console = {
-        font = "Lat2-Terminus16";
-        keyMap = "fr";
-    };
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "fr";
+  };

-   
-    services.openssh.enable = true;
-    programs.mosh.enable = true;
-    programs.gnupg.agent.enable = true;
+
+  programs.mosh.enable = true;
+  programs.gnupg.agent.enable = true;

 }
--- a/home-manager-modules/mails/default.nix
+++ b/home-manager-modules/mails/default.nix
@ -29,7 +29,7 @@ with lib;
          msmtp.enable = true;
          primary = true;
          realName = "Julien Malka";
-          passwordCommand = "${pkgs.gnupg}/bin/gpg -q --batch --passphrase-file /home/julien/email-passphrase -d ${./ens.pass.gpg}";
+          passwordCommand = "cat /home/julien/.config/ens-mail-passwd";
          smtp = {
            host = "clipper.ens.fr";
          };
--- a/home-manager-modules/neovim/default.nix
+++ b/home-manager-modules/neovim/default.nix
@ -54,6 +54,7 @@ with lib;
        rnix-lsp
        tree-sitter
        sumneko-lua-language-server
+        ripgrep
      ];
      extraConfig = ''
        luafile ${./lua}/lsp.lua
--- a/home-manager-modules/ssh-client/default.nix
+++ b/home-manager-modules/ssh-client/default.nix
@ -0,0 +1,37 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.luj.programs.ssh-client;
+in
+with lib;
+{
+  options.luj.programs.ssh-client = {
+    enable = mkEnableOption "Enable ssh client";
+  };
+
+  config = mkIf cfg.enable {
+    programs.ssh = {
+      enable = true;
+      matchBlocks = {
+        newton = {
+          hostname = "newton.julienmalka.me";
+          user = "julien";
+          port = 45;
+        };
+        lisa = {
+          hostname = "2a01:e0a:5f9:9681:5880:c9ff:fe9f:3dfb";
+          user = "julien";
+#          port = 45;
+        };
+        newton-init = {
+          hostname = "newton.julienmalka.me";
+          user = "root";
+          port = 2222;
+        };
+        sas = {
+          hostname = "sas.eleves.ens.fr";
+          user = "jmalka";
+        };
+      };
+    };
+  };
+}
--- a/machines/lisa/home-julien.nix
+++ b/machines/lisa/home-julien.nix
@ -2,6 +2,7 @@
 {
 luj.hmgr.julien = {
    luj.programs.neovim.enable = true;
+    luj.programs.ssh-client.enable = true;
    luj.programs.git.enable = true;
  };
 }
--- a/machines/macintosh/home-julien.nix
+++ b/machines/macintosh/home-julien.nix
@ -3,6 +3,7 @@

  luj.hmgr.julien = {
    luj.programs.neovim.enable = true;
+    luj.programs.ssh-client.enable = true;
    luj.i3.enable = true;
    luj.polybar.enable = true;
    home.packages = with pkgs; [
@ -28,6 +29,7 @@
      ctags
      ungoogled-chromium
      networkmanagerapplet
+      sops
    ];


--- a/machines/newton/home-julien.nix
+++ b/machines/newton/home-julien.nix
@ -3,6 +3,7 @@
  luj.hmgr.julien = {
    luj.programs.neovim.enable = true;
    luj.programs.git.enable = true;
+    luj.programs.ssh-client.enable = true;
    luj.emails = {
      enable = true;
      backend.enable = true;
--- a/modules/hmgr/default.nix
+++ b/modules/hmgr/default.nix
@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib, inputs, ... }:
 let
  cfg = config.luj.hmgr;
 in
@ -13,7 +13,7 @@ with lib;
      lib.mapAttrs
        (name: value:
          {
-            imports = with builtins; map (x: ../../home-manager-modules + "/${x}/default.nix") (attrNames (readDir ../../home-manager-modules)); 
+            imports = with builtins; (map (x: ../../home-manager-modules + "/${x}/default.nix") (attrNames (readDir ../../home-manager-modules))); 
            home.username = "${name}";
            home.homeDirectory = "/home/${name}";
            home.stateVersion = "21.11";
--- a/modules/secrets/default.nix
+++ b/modules/secrets/default.nix
@ -0,0 +1,23 @@
+{ pkgs, config, lib, inputs, ... }:
+let
+  cfg = config.luj.secrets;
+in
+with lib;
+{
+  options.luj.secrets = {
+    enable = mkEnableOption "Create secrets";
+  };
+
+  config = mkIf cfg.enable
+    {
+      sops.secrets.ens-mail-passwd = {
+        owner = "julien";
+        path = "/home/julien/.config/ens-mail-passwd";
+      };
+
+      sops.secrets.sendinblue-mail-passwd = {};
+      
+      };
+
+
+}
--- a/modules/ssh-server/default.nix
+++ b/modules/ssh-server/default.nix
@ -0,0 +1,21 @@
+{ pkgs, config, lib, inputs, ... }:
+let
+  cfg = config.luj.ssh-server;
+in
+with lib;
+{
+  options.luj.ssh-server = {
+    enable = mkEnableOption "Accept ssh connections";
+  };
+
+  config = mkIf cfg.enable
+    {
+      services.openssh = {
+        enable = true;
+        ports = [ 45 ];
+        passwordAuthentication = false;
+        permitRootLogin = "no";
+        openFirewall = true;
+      };
+    };
+}
--- a/modules/zfs-mails/default.nix
+++ b/modules/zfs-mails/default.nix
@ -8,7 +8,7 @@ let
    host = "smtp-relay.sendinblue.com";
    port = "587";
    user = "julien.malka@me.com";
-    passwordeval = "${pkgs.gnupg}/bin/gpg -q --batch --passphrase-file /home/julien/email-passphrase -d ${./sendinblue.pass.gpg}";
+    passwordeval = "cat /run/secrets/sendinblue-mail-passwd";
    from = emailFrom;
  };

--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@ -1,5 +1,7 @@
 user-julien-password: ENC[AES256_GCM,data:v1mzJTqMTIVcy/qTV6s98/RVjlDSKj/HPTpawRv5PbL8OVszjO9IJKRlNJJfzNZ9o3euVV8bhGvaHRkoqLhflp1ULpCqZ/uLeDXbCG700Hlr61jahyYA1vDORl4QXTm+b4hhyGc4xrExHg==,iv:Gv6y9DnKuxVz+QxSIW9IVCv9DdU5cA6+WR/OSA0SNfQ=,tag:sEIqwf24eYbpevnUlXxOkg==,type:str]
 user-root-password: ENC[AES256_GCM,data:RPdunJvhHm7jKVCjtUEjrWvICCMUy/iMNgu/ApE+X04xnQUzI16+utlhEyJreRUzqu/qjV76Iep+WC8Bqn3XOEHSFOKxTqhwrbrgBX52zwVzDFUTGsLYMp9vLazl69qwB41rokpC35hcTA==,iv:062Qn5BkGC+McSSCjNXeSPZ+r2KgrYEuDq/PHf87nac=,tag:HdOWNw1iS3XoLm8CfDcTvQ==,type:str]
+ens-mail-passwd: ENC[AES256_GCM,data:NLJ2D09xUNXVdA==,iv:rql17Ox9QIVtfkZWUS7+M3rgEOOd02hn390zNdSBAj0=,tag:SbajW6RjNWIJsiikFMliww==,type:str]
+sendinblue-mail-passwd: ENC[AES256_GCM,data:XpB255skeWKwwK2AqMwqEw==,iv:cuS58ISY9J1qMkAAjxWdHpEYHPFBBmCS8hwNX4BBV4w=,tag:dhJSN6ozThH4wKsw8M8Mug==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -33,8 +35,8 @@ sops:
            YlZjaTNZL29VcHlReGxWRENobHcyUDgK1518yGevHiTP1WiaIvqeqYBi8Y9ZhoJZ
            okemTbpj3Svv/TVIjKp3iO/KHHPYrCZPOQAmvxf/PP14ahOmEv255g==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2021-12-22T13:06:39Z"
-    mac: ENC[AES256_GCM,data:UuvZbrFbw3/hiU1ETOot172VxQu3+rqy1NzHssqJvq7sZkBKbP9YQq7BaEDBw+uX0ZWnZXontBT7tDoufCtzuuAaCARRupDHYTBq5jKA2eMQFgudTG3Cxs8g/pYgaYDxtMcRzz0b8sXLs0PmLoAewF+qZYNN2rfmMgUePxIcl70=,iv:RuchRXHDuqmhru4gGaepz4szMJLav0zh1GxAN8cpGYI=,tag:eT0//dTSQjBr3+8y7CmyRQ==,type:str]
+    lastmodified: "2021-12-22T14:29:36Z"
+    mac: ENC[AES256_GCM,data:hZtqIZEm71CFkAWZPEBkbxolajds3wqPLW2D+RRVU+3r39IYe65KZe9tC7Jpfscj2XPAf8ay+2Vmhp+e+Ddu8nZe7f2MP2ep3BkQUfdTPTFim6HoIvI2Vis1seyoIKjXai1tJ7TbSH6DwdbXfFubccnWpMgBiSS6om83SRhHhHY=,iv:qOaS+BHhep5mnNTCtZKquFjEJMGwZHaCFTNRNFi1BDI=,tag:xoTXnOCgeAgw3S1zuPEO6w==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.1
--- a/users/julien.nix
+++ b/users/julien.nix
@ -7,7 +7,7 @@
  users.users.julien = {
    isNormalUser = true;
    home = "/home/julien";
-    extraGroups = [ "wheel" "keys"]; 
+    extraGroups = [ "wheel" config.users.groups.keys.name]; 
    shell = pkgs.fish;
    passwordFile = config.sops.secrets.user-julien-password.path;
    openssh.authorizedKeys.keyFiles = [