Prepare to upload encrypted secrets file

.gitattributes

@@ -0,0 +1 @@
+nixos/modules/secrets.nix filter=git-crypt diff=git-crypt

home-manager/jimbo_desktop.nix

@@ -44,8 +44,8 @@
       auth = import ./common/auth.nix;
     in {
       nixdate = ''
-        ${auth.method} nixos-rebuild switch --flake /etc/nixos/.#JimNixDesktop;
-        home-manager switch --flake /etc/nixos/.#jimbo@JimNixDesktop;
+        ${auth.method} nixos-rebuild switch --flake /etc/nixos/NixOS-Config/.#JimNixDesktop;
+        home-manager switch --flake /etc/nixos/NixOS-Config/.#jimbo@JimNixDesktop;
         notify-send "NixOS switch finished."
       '';
     };

home-manager/jimbo_server.nix

@@ -12,8 +12,8 @@
       auth = import ./common/auth.nix;
     in {
       nixdate = ''
-        ${auth.method} nixos-rebuild switch --flake /etc/nixos/.#JimNixServer;
-        home-manager switch --flake /etc/nixos/.#jimbo@JimNixServer;
+        ${auth.method} nixos-rebuild switch --flake /etc/nixos/NixOS-Config/.#JimNixServer;
+        home-manager switch --flake /etc/nixos/NixOS-Config/.#jimbo@JimNixServer;
       '';
     };
   };

home-manager/tuiapps/git.nix

@@ -1,11 +1,15 @@
-{
+{pkgs, ...}: {
   # Enable git and config
   programs.git = let
-    secrets = import ../../../secrets.nix;
+    secrets = import ../../nixos/modules/secrets.nix;
   in {
     enable = true;
     lfs.enable = true;
     userName = secrets.jimUsername;
     userEmail = secrets.jimEmail;
   };
+
+  home.packages = with pkgs; [
+    git-crypt
+  ];
 }

nixos/desktop.nix

@@ -16,7 +16,6 @@
 
     # Modules
     ./modules/security.nix
-    ./modules/networking.nix
 
     # Hardware
     ./hardware/machines/desktop.nix

nixos/modules/base.nix

@@ -10,7 +10,8 @@
 }: {
   # You can import other NixOS modules here
   imports = [
-    # My modules
+    ./networking.nix
+    ./gpg.nix
   ];
 
   nixpkgs = {
@@ -60,7 +61,7 @@
 
   # Set timezone
   time.timeZone = let
-    secrets = import ../common/secrets.nix;
+    secrets = import ../modules/secrets.nix;
   in secrets.timeZone;
 
   # Select internationalisation properties.

nixos/modules/gpg.nix

@@ -0,0 +1,6 @@
+{
+  programs.gnupg.agent = {
+   enable = true;
+   enableSSHSupport = true;
+  };
+}

nixos/modules/networking.nix

@@ -7,7 +7,7 @@
 
     # Set hostnames
     hosts = let
-      ips = import ../common/ips.nix;
+      ips = import ../modules/ips.nix;
     in {
       "${ips.server}" = ["server"];
       "${ips.pc}" = ["pc"];

nixos/server.nix

@@ -10,7 +10,6 @@
 
     # Modules
     ./modules/security.nix
-    ./modules/networking.nix
 
     # Hardware
     ./hardware/machines/server.nix

nixos/server/acme.nix

@@ -1,6 +1,6 @@
 {
   security.acme = let
-    secrets = import ../../../secrets.nix;
+    secrets = import ../modules/secrets.nix;
   in { 
     acceptTerms = true;
     defaults.email = secrets.jimEmail;

nixos/server/ddclient.nix

@@ -1,7 +1,7 @@
 {pkgs, ...}: {
   # DDClient for Dynamic IPs
   services.ddclient = let
-    secrets = import ../../../secrets.nix;
+    secrets = import ../modules/secrets.nix;
   in {
     enable = true;
     protocol = "cloudflare";

nixos/server/element.nix

@@ -1,7 +1,7 @@
 {
   # Configure the Element web server
   nixpkgs.config.element-web.conf = let
-    secrets = import ../../../secrets.nix;
+    secrets = import ../modules/secrets.nix;
   in {
     default_server_config = {
       "m.homeserver" = {

nixos/server/firewall.nix

@@ -5,7 +5,7 @@
   # Configure firewall
   networking = let
     ips = import ../modules/ips.nix;
-    secrets = import ../../../secrets.nix;
+    secrets = import ../modules/secrets.nix;
   in {
     firewall = {
       allowPing = false;

nixos/server/gitea.nix

@@ -1,6 +1,6 @@
 {
   services.gitea = let
-    secrets = import ../../../secrets.nix;
+    secrets = import ../modules/secrets.nix;
   in {
     enable = true;
     settings = {

nixos/server/lemmy.nix

@@ -1,6 +1,6 @@
 {
   services.lemmy = let
-    secrets = import ../../../secrets.nix;
+    secrets = import ../modules/secrets.nix;
   in {
     enable = true;
     nginx.enable = true;

nixos/server/mailserver.nix

@@ -1,5 +1,5 @@
 {pkgs, ...}: let
-  secrets = import ../../../secrets.nix;
+  secrets = import ../modules/secrets.nix;
 in rec {
   # Mail server
   mailserver = rec {

nixos/server/mastodon.nix

@@ -1,6 +1,6 @@
 {pkgs, ...}: {
   services.mastodon = let 
-    secrets = import ../../../secrets.nix;
+    secrets = import ../modules/secrets.nix;
   in {
     enable = true;
     localDomain = "social.${secrets.jimDomain}";

nixos/server/nextcloud.nix

@@ -1,5 +1,5 @@
 {pkgs, ...}: let
-  secrets = import ../../../secrets.nix;
+  secrets = import ../modules/secrets.nix;
 in {
   services.nextcloud = {
     enable = true;

nixos/server/nginx.nix

@@ -1,6 +1,6 @@
 {pkgs, ...}: {
   services.nginx = let
-    secrets = import ../../../secrets.nix;
+    secrets = import ../modules/secrets.nix;
   in {
     enable = true;
     package = (pkgs.nginx.override {

nixos/server/pufferpanel.nix

@@ -1,6 +1,6 @@
 {pkgs, lib, ...}: {
   services.pufferpanel = let
-    secrets = import ../../../secrets.nix;
+    secrets = import ../modules/secrets.nix;
   in {
     enable = true;
     environment = {

nixos/server/synapse.nix

@@ -1,6 +1,6 @@
 {pkgs, config, ...}: {
   services = let
-    secrets = import ../../../secrets.nix;
+    secrets = import ../modules/secrets.nix;
   in {
     # Synapse Matrix server
     matrix-synapse = with config.services.coturn; {

nixos/server/vaultwarden.nix

@@ -1,6 +1,6 @@
 {
   services.vaultwarden = let
-    secrets = import ../../../secrets.nix;
+    secrets = import ../modules/secrets.nix;
   in {
     enable = true;
     config = {

nixos/users/jimbo.nix

@@ -1,7 +1,7 @@
 {pkgs, ...}: {
   users.users = {
     jimbo = let
-      secrets = import ../common/secrets.nix;
+      secrets = import ../modules/secrets.nix;
     in {
       description = "Jimbo";
       hashedPassword = secrets.jimboAccPass;