From f61fa33b7e71c3413780e7f2c1bbceef14217a2c Mon Sep 17 00:00:00 2001 From: Jimbo Date: Sat, 24 Aug 2024 23:09:23 -0400 Subject: [PATCH] Prepare to upload encrypted secrets file --- .gitattributes | 1 + home-manager/jimbo_desktop.nix | 4 ++-- home-manager/jimbo_server.nix | 4 ++-- home-manager/tuiapps/git.nix | 8 ++++++-- nixos/desktop.nix | 1 - nixos/modules/base.nix | 5 +++-- nixos/modules/gpg.nix | 6 ++++++ nixos/modules/networking.nix | 2 +- nixos/server.nix | 1 - nixos/server/acme.nix | 2 +- nixos/server/ddclient.nix | 2 +- nixos/server/element.nix | 2 +- nixos/server/firewall.nix | 2 +- nixos/server/gitea.nix | 2 +- nixos/server/lemmy.nix | 2 +- nixos/server/mailserver.nix | 2 +- nixos/server/mastodon.nix | 2 +- nixos/server/nextcloud.nix | 2 +- nixos/server/nginx.nix | 2 +- nixos/server/pufferpanel.nix | 2 +- nixos/server/synapse.nix | 2 +- nixos/server/vaultwarden.nix | 2 +- nixos/users/jimbo.nix | 2 +- 23 files changed, 35 insertions(+), 25 deletions(-) create mode 100644 .gitattributes create mode 100644 nixos/modules/gpg.nix diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..990b820 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +nixos/modules/secrets.nix filter=git-crypt diff=git-crypt diff --git a/home-manager/jimbo_desktop.nix b/home-manager/jimbo_desktop.nix index b246304..e95f2d0 100644 --- a/home-manager/jimbo_desktop.nix +++ b/home-manager/jimbo_desktop.nix @@ -44,8 +44,8 @@ auth = import ./common/auth.nix; in { nixdate = '' - ${auth.method} nixos-rebuild switch --flake /etc/nixos/.#JimNixDesktop; - home-manager switch --flake /etc/nixos/.#jimbo@JimNixDesktop; + ${auth.method} nixos-rebuild switch --flake /etc/nixos/NixOS-Config/.#JimNixDesktop; + home-manager switch --flake /etc/nixos/NixOS-Config/.#jimbo@JimNixDesktop; notify-send "NixOS switch finished." ''; }; diff --git a/home-manager/jimbo_server.nix b/home-manager/jimbo_server.nix index 720bc4f..3e77d5b 100644 --- a/home-manager/jimbo_server.nix +++ b/home-manager/jimbo_server.nix @@ -12,8 +12,8 @@ auth = import ./common/auth.nix; in { nixdate = '' - ${auth.method} nixos-rebuild switch --flake /etc/nixos/.#JimNixServer; - home-manager switch --flake /etc/nixos/.#jimbo@JimNixServer; + ${auth.method} nixos-rebuild switch --flake /etc/nixos/NixOS-Config/.#JimNixServer; + home-manager switch --flake /etc/nixos/NixOS-Config/.#jimbo@JimNixServer; ''; }; }; diff --git a/home-manager/tuiapps/git.nix b/home-manager/tuiapps/git.nix index 33388fc..0a05a06 100644 --- a/home-manager/tuiapps/git.nix +++ b/home-manager/tuiapps/git.nix @@ -1,11 +1,15 @@ -{ +{pkgs, ...}: { # Enable git and config programs.git = let - secrets = import ../../../secrets.nix; + secrets = import ../../nixos/modules/secrets.nix; in { enable = true; lfs.enable = true; userName = secrets.jimUsername; userEmail = secrets.jimEmail; }; + + home.packages = with pkgs; [ + git-crypt + ]; } diff --git a/nixos/desktop.nix b/nixos/desktop.nix index 6800a43..87e68a4 100644 --- a/nixos/desktop.nix +++ b/nixos/desktop.nix @@ -16,7 +16,6 @@ # Modules ./modules/security.nix - ./modules/networking.nix # Hardware ./hardware/machines/desktop.nix diff --git a/nixos/modules/base.nix b/nixos/modules/base.nix index 272b0b1..ae18e1a 100644 --- a/nixos/modules/base.nix +++ b/nixos/modules/base.nix @@ -10,7 +10,8 @@ }: { # You can import other NixOS modules here imports = [ - # My modules + ./networking.nix + ./gpg.nix ]; nixpkgs = { @@ -60,7 +61,7 @@ # Set timezone time.timeZone = let - secrets = import ../common/secrets.nix; + secrets = import ../modules/secrets.nix; in secrets.timeZone; # Select internationalisation properties. diff --git a/nixos/modules/gpg.nix b/nixos/modules/gpg.nix new file mode 100644 index 0000000..599315b --- /dev/null +++ b/nixos/modules/gpg.nix @@ -0,0 +1,6 @@ +{ + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; +} diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index a51f375..75e2b40 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -7,7 +7,7 @@ # Set hostnames hosts = let - ips = import ../common/ips.nix; + ips = import ../modules/ips.nix; in { "${ips.server}" = ["server"]; "${ips.pc}" = ["pc"]; diff --git a/nixos/server.nix b/nixos/server.nix index c15c732..4d55097 100644 --- a/nixos/server.nix +++ b/nixos/server.nix @@ -10,7 +10,6 @@ # Modules ./modules/security.nix - ./modules/networking.nix # Hardware ./hardware/machines/server.nix diff --git a/nixos/server/acme.nix b/nixos/server/acme.nix index 28d2fcb..316c3b5 100644 --- a/nixos/server/acme.nix +++ b/nixos/server/acme.nix @@ -1,6 +1,6 @@ { security.acme = let - secrets = import ../../../secrets.nix; + secrets = import ../modules/secrets.nix; in { acceptTerms = true; defaults.email = secrets.jimEmail; diff --git a/nixos/server/ddclient.nix b/nixos/server/ddclient.nix index 3f39a73..75d4c44 100644 --- a/nixos/server/ddclient.nix +++ b/nixos/server/ddclient.nix @@ -1,7 +1,7 @@ {pkgs, ...}: { # DDClient for Dynamic IPs services.ddclient = let - secrets = import ../../../secrets.nix; + secrets = import ../modules/secrets.nix; in { enable = true; protocol = "cloudflare"; diff --git a/nixos/server/element.nix b/nixos/server/element.nix index 3023b40..1319ef9 100644 --- a/nixos/server/element.nix +++ b/nixos/server/element.nix @@ -1,7 +1,7 @@ { # Configure the Element web server nixpkgs.config.element-web.conf = let - secrets = import ../../../secrets.nix; + secrets = import ../modules/secrets.nix; in { default_server_config = { "m.homeserver" = { diff --git a/nixos/server/firewall.nix b/nixos/server/firewall.nix index a94b56a..2744e3b 100644 --- a/nixos/server/firewall.nix +++ b/nixos/server/firewall.nix @@ -5,7 +5,7 @@ # Configure firewall networking = let ips = import ../modules/ips.nix; - secrets = import ../../../secrets.nix; + secrets = import ../modules/secrets.nix; in { firewall = { allowPing = false; diff --git a/nixos/server/gitea.nix b/nixos/server/gitea.nix index 6a95f8e..40014e4 100644 --- a/nixos/server/gitea.nix +++ b/nixos/server/gitea.nix @@ -1,6 +1,6 @@ { services.gitea = let - secrets = import ../../../secrets.nix; + secrets = import ../modules/secrets.nix; in { enable = true; settings = { diff --git a/nixos/server/lemmy.nix b/nixos/server/lemmy.nix index 229774a..a54fbf2 100644 --- a/nixos/server/lemmy.nix +++ b/nixos/server/lemmy.nix @@ -1,6 +1,6 @@ { services.lemmy = let - secrets = import ../../../secrets.nix; + secrets = import ../modules/secrets.nix; in { enable = true; nginx.enable = true; diff --git a/nixos/server/mailserver.nix b/nixos/server/mailserver.nix index 60cdd23..44177cd 100644 --- a/nixos/server/mailserver.nix +++ b/nixos/server/mailserver.nix @@ -1,5 +1,5 @@ {pkgs, ...}: let - secrets = import ../../../secrets.nix; + secrets = import ../modules/secrets.nix; in rec { # Mail server mailserver = rec { diff --git a/nixos/server/mastodon.nix b/nixos/server/mastodon.nix index 258eda4..381d85e 100644 --- a/nixos/server/mastodon.nix +++ b/nixos/server/mastodon.nix @@ -1,6 +1,6 @@ {pkgs, ...}: { services.mastodon = let - secrets = import ../../../secrets.nix; + secrets = import ../modules/secrets.nix; in { enable = true; localDomain = "social.${secrets.jimDomain}"; diff --git a/nixos/server/nextcloud.nix b/nixos/server/nextcloud.nix index cc2bb62..2aeaf11 100644 --- a/nixos/server/nextcloud.nix +++ b/nixos/server/nextcloud.nix @@ -1,5 +1,5 @@ {pkgs, ...}: let - secrets = import ../../../secrets.nix; + secrets = import ../modules/secrets.nix; in { services.nextcloud = { enable = true; diff --git a/nixos/server/nginx.nix b/nixos/server/nginx.nix index f8867a0..8cca4f8 100644 --- a/nixos/server/nginx.nix +++ b/nixos/server/nginx.nix @@ -1,6 +1,6 @@ {pkgs, ...}: { services.nginx = let - secrets = import ../../../secrets.nix; + secrets = import ../modules/secrets.nix; in { enable = true; package = (pkgs.nginx.override { diff --git a/nixos/server/pufferpanel.nix b/nixos/server/pufferpanel.nix index e911f1a..dc308f6 100644 --- a/nixos/server/pufferpanel.nix +++ b/nixos/server/pufferpanel.nix @@ -1,6 +1,6 @@ {pkgs, lib, ...}: { services.pufferpanel = let - secrets = import ../../../secrets.nix; + secrets = import ../modules/secrets.nix; in { enable = true; environment = { diff --git a/nixos/server/synapse.nix b/nixos/server/synapse.nix index 0810145..46aac9a 100644 --- a/nixos/server/synapse.nix +++ b/nixos/server/synapse.nix @@ -1,6 +1,6 @@ {pkgs, config, ...}: { services = let - secrets = import ../../../secrets.nix; + secrets = import ../modules/secrets.nix; in { # Synapse Matrix server matrix-synapse = with config.services.coturn; { diff --git a/nixos/server/vaultwarden.nix b/nixos/server/vaultwarden.nix index 119c5ac..789bbd9 100644 --- a/nixos/server/vaultwarden.nix +++ b/nixos/server/vaultwarden.nix @@ -1,6 +1,6 @@ { services.vaultwarden = let - secrets = import ../../../secrets.nix; + secrets = import ../modules/secrets.nix; in { enable = true; config = { diff --git a/nixos/users/jimbo.nix b/nixos/users/jimbo.nix index a4e4e1e..4433bb6 100644 --- a/nixos/users/jimbo.nix +++ b/nixos/users/jimbo.nix @@ -1,7 +1,7 @@ {pkgs, ...}: { users.users = { jimbo = let - secrets = import ../common/secrets.nix; + secrets = import ../modules/secrets.nix; in { description = "Jimbo"; hashedPassword = secrets.jimboAccPass;