diff --git a/base.nix b/base.nix
index 904a8dd..87447b1 100644
--- a/base.nix
+++ b/base.nix
@@ -2,25 +2,26 @@
{
- imports = [
+ imports = [
./users/default.nix
- ./users/julien.nix
+ ./users/julien.nix
];
luj.nix.enable = true;
+ luj.secrets.enable = true;
+ luj.ssh-server.enable = true;
sops.defaultSopsFile = ./secrets/secrets.yaml;
- sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key"];
+ sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
time.timeZone = "Europe/Paris";
- i18n.defaultLocale = "en_US.UTF-8";
- console = {
- font = "Lat2-Terminus16";
- keyMap = "fr";
- };
+ i18n.defaultLocale = "en_US.UTF-8";
+ console = {
+ font = "Lat2-Terminus16";
+ keyMap = "fr";
+ };
-
- services.openssh.enable = true;
- programs.mosh.enable = true;
- programs.gnupg.agent.enable = true;
+
+ programs.mosh.enable = true;
+ programs.gnupg.agent.enable = true;
}
diff --git a/home-manager-modules/mails/default.nix b/home-manager-modules/mails/default.nix
index d60f5f9..219a8df 100644
--- a/home-manager-modules/mails/default.nix
+++ b/home-manager-modules/mails/default.nix
@@ -29,7 +29,7 @@ with lib;
msmtp.enable = true;
primary = true;
realName = "Julien Malka";
- passwordCommand = "${pkgs.gnupg}/bin/gpg -q --batch --passphrase-file /home/julien/email-passphrase -d ${./ens.pass.gpg}";
+ passwordCommand = "cat /home/julien/.config/ens-mail-passwd";
smtp = {
host = "clipper.ens.fr";
};
diff --git a/home-manager-modules/neovim/default.nix b/home-manager-modules/neovim/default.nix
index e7d5ad9..3d12ea2 100644
--- a/home-manager-modules/neovim/default.nix
+++ b/home-manager-modules/neovim/default.nix
@@ -54,6 +54,7 @@ with lib;
rnix-lsp
tree-sitter
sumneko-lua-language-server
+ ripgrep
];
extraConfig = ''
luafile ${./lua}/lsp.lua
diff --git a/home-manager-modules/ssh-client/default.nix b/home-manager-modules/ssh-client/default.nix
new file mode 100644
index 0000000..c000b2a
--- /dev/null
+++ b/home-manager-modules/ssh-client/default.nix
@@ -0,0 +1,37 @@
+{ config, pkgs, lib, ... }:
+let
+ cfg = config.luj.programs.ssh-client;
+in
+with lib;
+{
+ options.luj.programs.ssh-client = {
+ enable = mkEnableOption "Enable ssh client";
+ };
+
+ config = mkIf cfg.enable {
+ programs.ssh = {
+ enable = true;
+ matchBlocks = {
+ newton = {
+ hostname = "newton.julienmalka.me";
+ user = "julien";
+ port = 45;
+ };
+ lisa = {
+ hostname = "2a01:e0a:5f9:9681:5880:c9ff:fe9f:3dfb";
+ user = "julien";
+# port = 45;
+ };
+ newton-init = {
+ hostname = "newton.julienmalka.me";
+ user = "root";
+ port = 2222;
+ };
+ sas = {
+ hostname = "sas.eleves.ens.fr";
+ user = "jmalka";
+ };
+ };
+ };
+ };
+}
diff --git a/machines/lisa/home-julien.nix b/machines/lisa/home-julien.nix
index 41a3e3b..fe74320 100644
--- a/machines/lisa/home-julien.nix
+++ b/machines/lisa/home-julien.nix
@@ -2,6 +2,7 @@
{
luj.hmgr.julien = {
luj.programs.neovim.enable = true;
+ luj.programs.ssh-client.enable = true;
luj.programs.git.enable = true;
};
}
diff --git a/machines/macintosh/home-julien.nix b/machines/macintosh/home-julien.nix
index 3c3a87a..d26d10a 100644
--- a/machines/macintosh/home-julien.nix
+++ b/machines/macintosh/home-julien.nix
@@ -3,6 +3,7 @@
luj.hmgr.julien = {
luj.programs.neovim.enable = true;
+ luj.programs.ssh-client.enable = true;
luj.i3.enable = true;
luj.polybar.enable = true;
home.packages = with pkgs; [
@@ -28,6 +29,7 @@
ctags
ungoogled-chromium
networkmanagerapplet
+ sops
];
diff --git a/machines/newton/home-julien.nix b/machines/newton/home-julien.nix
index 359b973..0c22622 100644
--- a/machines/newton/home-julien.nix
+++ b/machines/newton/home-julien.nix
@@ -3,6 +3,7 @@
luj.hmgr.julien = {
luj.programs.neovim.enable = true;
luj.programs.git.enable = true;
+ luj.programs.ssh-client.enable = true;
luj.emails = {
enable = true;
backend.enable = true;
diff --git a/modules/hmgr/default.nix b/modules/hmgr/default.nix
index 220ec6b..0c9e32b 100644
--- a/modules/hmgr/default.nix
+++ b/modules/hmgr/default.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib, inputs, ... }:
let
cfg = config.luj.hmgr;
in
@@ -13,7 +13,7 @@ with lib;
lib.mapAttrs
(name: value:
{
- imports = with builtins; map (x: ../../home-manager-modules + "/${x}/default.nix") (attrNames (readDir ../../home-manager-modules));
+ imports = with builtins; (map (x: ../../home-manager-modules + "/${x}/default.nix") (attrNames (readDir ../../home-manager-modules)));
home.username = "${name}";
home.homeDirectory = "/home/${name}";
home.stateVersion = "21.11";
diff --git a/modules/secrets/default.nix b/modules/secrets/default.nix
new file mode 100644
index 0000000..a03e70c
--- /dev/null
+++ b/modules/secrets/default.nix
@@ -0,0 +1,23 @@
+{ pkgs, config, lib, inputs, ... }:
+let
+ cfg = config.luj.secrets;
+in
+with lib;
+{
+ options.luj.secrets = {
+ enable = mkEnableOption "Create secrets";
+ };
+
+ config = mkIf cfg.enable
+ {
+ sops.secrets.ens-mail-passwd = {
+ owner = "julien";
+ path = "/home/julien/.config/ens-mail-passwd";
+ };
+
+ sops.secrets.sendinblue-mail-passwd = {};
+
+ };
+
+
+}
diff --git a/modules/ssh-server/default.nix b/modules/ssh-server/default.nix
new file mode 100644
index 0000000..7d45459
--- /dev/null
+++ b/modules/ssh-server/default.nix
@@ -0,0 +1,21 @@
+{ pkgs, config, lib, inputs, ... }:
+let
+ cfg = config.luj.ssh-server;
+in
+with lib;
+{
+ options.luj.ssh-server = {
+ enable = mkEnableOption "Accept ssh connections";
+ };
+
+ config = mkIf cfg.enable
+ {
+ services.openssh = {
+ enable = true;
+ ports = [ 45 ];
+ passwordAuthentication = false;
+ permitRootLogin = "no";
+ openFirewall = true;
+ };
+ };
+}
diff --git a/modules/zfs-mails/default.nix b/modules/zfs-mails/default.nix
index 37b0dbc..83cb6f5 100644
--- a/modules/zfs-mails/default.nix
+++ b/modules/zfs-mails/default.nix
@@ -8,7 +8,7 @@ let
host = "smtp-relay.sendinblue.com";
port = "587";
user = "julien.malka@me.com";
- passwordeval = "${pkgs.gnupg}/bin/gpg -q --batch --passphrase-file /home/julien/email-passphrase -d ${./sendinblue.pass.gpg}";
+ passwordeval = "cat /run/secrets/sendinblue-mail-passwd";
from = emailFrom;
};
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index 105c138..0499728 100644
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -1,5 +1,7 @@
user-julien-password: ENC[AES256_GCM,data:v1mzJTqMTIVcy/qTV6s98/RVjlDSKj/HPTpawRv5PbL8OVszjO9IJKRlNJJfzNZ9o3euVV8bhGvaHRkoqLhflp1ULpCqZ/uLeDXbCG700Hlr61jahyYA1vDORl4QXTm+b4hhyGc4xrExHg==,iv:Gv6y9DnKuxVz+QxSIW9IVCv9DdU5cA6+WR/OSA0SNfQ=,tag:sEIqwf24eYbpevnUlXxOkg==,type:str]
user-root-password: ENC[AES256_GCM,data:RPdunJvhHm7jKVCjtUEjrWvICCMUy/iMNgu/ApE+X04xnQUzI16+utlhEyJreRUzqu/qjV76Iep+WC8Bqn3XOEHSFOKxTqhwrbrgBX52zwVzDFUTGsLYMp9vLazl69qwB41rokpC35hcTA==,iv:062Qn5BkGC+McSSCjNXeSPZ+r2KgrYEuDq/PHf87nac=,tag:HdOWNw1iS3XoLm8CfDcTvQ==,type:str]
+ens-mail-passwd: ENC[AES256_GCM,data:NLJ2D09xUNXVdA==,iv:rql17Ox9QIVtfkZWUS7+M3rgEOOd02hn390zNdSBAj0=,tag:SbajW6RjNWIJsiikFMliww==,type:str]
+sendinblue-mail-passwd: ENC[AES256_GCM,data:XpB255skeWKwwK2AqMwqEw==,iv:cuS58ISY9J1qMkAAjxWdHpEYHPFBBmCS8hwNX4BBV4w=,tag:dhJSN6ozThH4wKsw8M8Mug==,type:str]
sops:
kms: []
gcp_kms: []
@@ -33,8 +35,8 @@ sops:
YlZjaTNZL29VcHlReGxWRENobHcyUDgK1518yGevHiTP1WiaIvqeqYBi8Y9ZhoJZ
okemTbpj3Svv/TVIjKp3iO/KHHPYrCZPOQAmvxf/PP14ahOmEv255g==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2021-12-22T13:06:39Z"
- mac: ENC[AES256_GCM,data:UuvZbrFbw3/hiU1ETOot172VxQu3+rqy1NzHssqJvq7sZkBKbP9YQq7BaEDBw+uX0ZWnZXontBT7tDoufCtzuuAaCARRupDHYTBq5jKA2eMQFgudTG3Cxs8g/pYgaYDxtMcRzz0b8sXLs0PmLoAewF+qZYNN2rfmMgUePxIcl70=,iv:RuchRXHDuqmhru4gGaepz4szMJLav0zh1GxAN8cpGYI=,tag:eT0//dTSQjBr3+8y7CmyRQ==,type:str]
+ lastmodified: "2021-12-22T14:29:36Z"
+ mac: ENC[AES256_GCM,data:hZtqIZEm71CFkAWZPEBkbxolajds3wqPLW2D+RRVU+3r39IYe65KZe9tC7Jpfscj2XPAf8ay+2Vmhp+e+Ddu8nZe7f2MP2ep3BkQUfdTPTFim6HoIvI2Vis1seyoIKjXai1tJ7TbSH6DwdbXfFubccnWpMgBiSS6om83SRhHhHY=,iv:qOaS+BHhep5mnNTCtZKquFjEJMGwZHaCFTNRNFi1BDI=,tag:xoTXnOCgeAgw3S1zuPEO6w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.1
diff --git a/users/julien.nix b/users/julien.nix
index 677e140..ea6d1fb 100644
--- a/users/julien.nix
+++ b/users/julien.nix
@@ -7,7 +7,7 @@
users.users.julien = {
isNormalUser = true;
home = "/home/julien";
- extraGroups = [ "wheel" "keys"];
+ extraGroups = [ "wheel" config.users.groups.keys.name];
shell = pkgs.fish;
passwordFile = config.sops.secrets.user-julien-password.path;
openssh.authorizedKeys.keyFiles = [