From af1159785425e17b12461423f3808b57362a5506 Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Wed, 22 Dec 2021 22:16:48 +0100 Subject: [PATCH] Much change, kinda broke my git history --- base.nix | 25 +++++++------- home-manager-modules/mails/default.nix | 2 +- home-manager-modules/neovim/default.nix | 1 + home-manager-modules/ssh-client/default.nix | 37 +++++++++++++++++++++ machines/lisa/home-julien.nix | 1 + machines/macintosh/home-julien.nix | 2 ++ machines/newton/home-julien.nix | 1 + modules/hmgr/default.nix | 4 +-- modules/secrets/default.nix | 23 +++++++++++++ modules/ssh-server/default.nix | 21 ++++++++++++ modules/zfs-mails/default.nix | 2 +- users/julien.nix | 2 +- 12 files changed, 104 insertions(+), 17 deletions(-) create mode 100644 home-manager-modules/ssh-client/default.nix create mode 100644 modules/secrets/default.nix create mode 100644 modules/ssh-server/default.nix diff --git a/base.nix b/base.nix index 904a8dd..87447b1 100644 --- a/base.nix +++ b/base.nix @@ -2,25 +2,26 @@ { - imports = [ + imports = [ ./users/default.nix - ./users/julien.nix + ./users/julien.nix ]; luj.nix.enable = true; + luj.secrets.enable = true; + luj.ssh-server.enable = true; sops.defaultSopsFile = ./secrets/secrets.yaml; - sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key"]; + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; time.timeZone = "Europe/Paris"; - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "fr"; - }; + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "fr"; + }; - - services.openssh.enable = true; - programs.mosh.enable = true; - programs.gnupg.agent.enable = true; + + programs.mosh.enable = true; + programs.gnupg.agent.enable = true; } diff --git a/home-manager-modules/mails/default.nix b/home-manager-modules/mails/default.nix index d60f5f9..219a8df 100644 --- a/home-manager-modules/mails/default.nix +++ b/home-manager-modules/mails/default.nix @@ -29,7 +29,7 @@ with lib; msmtp.enable = true; primary = true; realName = "Julien Malka"; - passwordCommand = "${pkgs.gnupg}/bin/gpg -q --batch --passphrase-file /home/julien/email-passphrase -d ${./ens.pass.gpg}"; + passwordCommand = "cat /home/julien/.config/ens-mail-passwd"; smtp = { host = "clipper.ens.fr"; }; diff --git a/home-manager-modules/neovim/default.nix b/home-manager-modules/neovim/default.nix index e7d5ad9..3d12ea2 100644 --- a/home-manager-modules/neovim/default.nix +++ b/home-manager-modules/neovim/default.nix @@ -54,6 +54,7 @@ with lib; rnix-lsp tree-sitter sumneko-lua-language-server + ripgrep ]; extraConfig = '' luafile ${./lua}/lsp.lua diff --git a/home-manager-modules/ssh-client/default.nix b/home-manager-modules/ssh-client/default.nix new file mode 100644 index 0000000..c000b2a --- /dev/null +++ b/home-manager-modules/ssh-client/default.nix @@ -0,0 +1,37 @@ +{ config, pkgs, lib, ... }: +let + cfg = config.luj.programs.ssh-client; +in +with lib; +{ + options.luj.programs.ssh-client = { + enable = mkEnableOption "Enable ssh client"; + }; + + config = mkIf cfg.enable { + programs.ssh = { + enable = true; + matchBlocks = { + newton = { + hostname = "newton.julienmalka.me"; + user = "julien"; + port = 45; + }; + lisa = { + hostname = "2a01:e0a:5f9:9681:5880:c9ff:fe9f:3dfb"; + user = "julien"; +# port = 45; + }; + newton-init = { + hostname = "newton.julienmalka.me"; + user = "root"; + port = 2222; + }; + sas = { + hostname = "sas.eleves.ens.fr"; + user = "jmalka"; + }; + }; + }; + }; +} diff --git a/machines/lisa/home-julien.nix b/machines/lisa/home-julien.nix index 41a3e3b..fe74320 100644 --- a/machines/lisa/home-julien.nix +++ b/machines/lisa/home-julien.nix @@ -2,6 +2,7 @@ { luj.hmgr.julien = { luj.programs.neovim.enable = true; + luj.programs.ssh-client.enable = true; luj.programs.git.enable = true; }; } diff --git a/machines/macintosh/home-julien.nix b/machines/macintosh/home-julien.nix index 3c3a87a..d26d10a 100644 --- a/machines/macintosh/home-julien.nix +++ b/machines/macintosh/home-julien.nix @@ -3,6 +3,7 @@ luj.hmgr.julien = { luj.programs.neovim.enable = true; + luj.programs.ssh-client.enable = true; luj.i3.enable = true; luj.polybar.enable = true; home.packages = with pkgs; [ @@ -28,6 +29,7 @@ ctags ungoogled-chromium networkmanagerapplet + sops ]; diff --git a/machines/newton/home-julien.nix b/machines/newton/home-julien.nix index 359b973..0c22622 100644 --- a/machines/newton/home-julien.nix +++ b/machines/newton/home-julien.nix @@ -3,6 +3,7 @@ luj.hmgr.julien = { luj.programs.neovim.enable = true; luj.programs.git.enable = true; + luj.programs.ssh-client.enable = true; luj.emails = { enable = true; backend.enable = true; diff --git a/modules/hmgr/default.nix b/modules/hmgr/default.nix index 220ec6b..0c9e32b 100644 --- a/modules/hmgr/default.nix +++ b/modules/hmgr/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, lib, inputs, ... }: let cfg = config.luj.hmgr; in @@ -13,7 +13,7 @@ with lib; lib.mapAttrs (name: value: { - imports = with builtins; map (x: ../../home-manager-modules + "/${x}/default.nix") (attrNames (readDir ../../home-manager-modules)); + imports = with builtins; (map (x: ../../home-manager-modules + "/${x}/default.nix") (attrNames (readDir ../../home-manager-modules))); home.username = "${name}"; home.homeDirectory = "/home/${name}"; home.stateVersion = "21.11"; diff --git a/modules/secrets/default.nix b/modules/secrets/default.nix new file mode 100644 index 0000000..a03e70c --- /dev/null +++ b/modules/secrets/default.nix @@ -0,0 +1,23 @@ +{ pkgs, config, lib, inputs, ... }: +let + cfg = config.luj.secrets; +in +with lib; +{ + options.luj.secrets = { + enable = mkEnableOption "Create secrets"; + }; + + config = mkIf cfg.enable + { + sops.secrets.ens-mail-passwd = { + owner = "julien"; + path = "/home/julien/.config/ens-mail-passwd"; + }; + + sops.secrets.sendinblue-mail-passwd = {}; + + }; + + +} diff --git a/modules/ssh-server/default.nix b/modules/ssh-server/default.nix new file mode 100644 index 0000000..7d45459 --- /dev/null +++ b/modules/ssh-server/default.nix @@ -0,0 +1,21 @@ +{ pkgs, config, lib, inputs, ... }: +let + cfg = config.luj.ssh-server; +in +with lib; +{ + options.luj.ssh-server = { + enable = mkEnableOption "Accept ssh connections"; + }; + + config = mkIf cfg.enable + { + services.openssh = { + enable = true; + ports = [ 45 ]; + passwordAuthentication = false; + permitRootLogin = "no"; + openFirewall = true; + }; + }; +} diff --git a/modules/zfs-mails/default.nix b/modules/zfs-mails/default.nix index 37b0dbc..83cb6f5 100644 --- a/modules/zfs-mails/default.nix +++ b/modules/zfs-mails/default.nix @@ -8,7 +8,7 @@ let host = "smtp-relay.sendinblue.com"; port = "587"; user = "julien.malka@me.com"; - passwordeval = "${pkgs.gnupg}/bin/gpg -q --batch --passphrase-file /home/julien/email-passphrase -d ${./sendinblue.pass.gpg}"; + passwordeval = "cat /run/secrets/sendinblue-mail-passwd"; from = emailFrom; }; diff --git a/users/julien.nix b/users/julien.nix index 677e140..ea6d1fb 100644 --- a/users/julien.nix +++ b/users/julien.nix @@ -7,7 +7,7 @@ users.users.julien = { isNormalUser = true; home = "/home/julien"; - extraGroups = [ "wheel" "keys"]; + extraGroups = [ "wheel" config.users.groups.keys.name]; shell = pkgs.fish; passwordFile = config.sops.secrets.user-julien-password.path; openssh.authorizedKeys.keyFiles = [