cdombroski/nix-configs
1
0
Fork 0
Code Activity Actions

MSMTP

Browse source
This commit is contained in:
Chris Dombroski 2024-04-26 14:14:50 -04:00
parent b2c02339db
commit 6633832dc5
9 changed files with 160 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
.sops.yaml Normal file
View file

@ -0,0 +1,28 @@
keys:
- &admin_cdombroski age15va8dthvmn30ymex0kkrrk034aq25drmsx4mkmf480a8uq4tvcyqw5s4uk
- &system_smolboi age1qmv6x6zwxhaks86nqtsvck56ucdyc9fakgp59a30afl95p6vp4aqyf22hp
- &system_zeus age1y06hfa8ctp3tr7g2rukmst4cl064hxaqfsx8w0yq4tgmcrv7qvksct7mnl
- &system_orangepihole age12g2kuerwhpyd4t0jrynfc0wlj66rltyp34lsca4y5llmly8jppcq5ug3kc
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *admin_cdombroski
- *system_smolboi
- *system_zeus
- *system_orangepihole
- path_regex: secrets/smolboi/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *admin_cdombroski
- *system_smolboi
- path_regex: secrets/zeus/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *admin_cdombroski
- *system_zeus
- path_regex: secrets/orangepihole/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *admin_cdombroski
- *system_orangepihole

40
flake.lock
View file

@ -91,6 +91,22 @@
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1713638189,
"narHash": "sha256-q7APLfB6FmmSMI1Su5ihW9IwntBsk2hWNXh8XtSdSIk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "74574c38577914733b4f7a775dd77d24245081dd",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1713995372,
@ -111,7 +127,29 @@
"deploy-rs": "deploy-rs",
"flake-utils": "flake-utils",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs_2"
"nixpkgs": "nixpkgs_2",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1713892811,
"narHash": "sha256-uIGmA2xq41vVFETCF1WW4fFWFT2tqBln+aXnWrvjGRE=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "f1b0adc27265274e3b0c9b872a8f476a098679bd",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {

9
flake.nix
View file

@ -8,8 +8,12 @@
url = github:nix-community/home-manager/release-23.11;
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
outputs = inputs@{ self, nixpkgs, flake-utils, home-manager, deploy-rs, ... }:
};
outputs = inputs@{ self, nixpkgs, flake-utils, home-manager, deploy-rs, sops-nix, ... }:
let
pkgs = import nixpkgs { system = "x86_64-linux"; };
aarch64Pkgs = import nixpkgs { system = "aarch64-linux"; };
@ -32,6 +36,7 @@
nixosConfigurations = {
smolboi = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./systems/smolboi/configuration.nix
home-manager.nixosModules.home-manager
@ -43,10 +48,12 @@
};
zeus = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [ ./systems/zeus/configuration.nix ];
};
orangepihole = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
specialArgs = { inherit inputs; };
modules = [ ./systems/orangepihole/configuration.nix ];
};
};

26
modules/common/msmtp.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, ... }: {
sops.secrets."gmail/password" = {};
programs.msmtp = {
enable = true;
accounts.default = {
auth = true;
tls = true;
host = "smtp.gmail.com";
port = 587;
from = "cdombroski@gmail.com";
user = "cdombroski";
passwordeval = "cat ${config.sops.secrets."gmail/password".path}";
};
defaults.aliases = "/etc/aliases";
};
environment.etc = {
"aliases" = {
text = ''
root: cdombroski@gmail.com
'';
mode = "0644";
};
};
}

7
modules/common/sops.nix Normal file
View file

@ -0,0 +1,7 @@
{ inputs, ... } : {
imports = [ inputs.sops-nix.nixosModules.sops ];
sops.defaultSopsFile = ../../secrets/secret.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
sops.age.generateKey = true;
}

49
secrets/secret.yaml Normal file
View file

@ -0,0 +1,49 @@
gmail:
password: ENC[AES256_GCM,data:rCL2RzU1INRT5KOyl1JriQ==,iv:jhFDcNHgIJnZTBN9msECQWvy75IH1wO5IFAxqR4Ugng=,tag:cK+A4Os/9xchpNjpb2KAbQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age15va8dthvmn30ymex0kkrrk034aq25drmsx4mkmf480a8uq4tvcyqw5s4uk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRbEdQaDZhUVdIMUFjSVlK
WUF6NDU2SnUrRHNQUmNRKzVKV0NtYnljMjNJCkdIbGNvZVN5Mkl1Uk5qclZNcnBJ
MlBEbUlUdFIxM0krRnZ2ZWgwVThpYXMKLS0tIDVxZjRMUjBQM2oySmJFR2RnSWpT
TnprMkgzckJRUmF4VkJjMGJIWWdQbmcKr82c2dd+xN+aNA7dnH0ewD/Y3Ed8/qcE
JP5U19gTNah/DmeKB0X0J+iX5akjxNAfe2LmgYGJseLqqaIj9uyatg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1qmv6x6zwxhaks86nqtsvck56ucdyc9fakgp59a30afl95p6vp4aqyf22hp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRUpyOFJSeS9XN0NWUDI5
QS9nZDVOWGlRNmZXa0ZnSGNIMGtMTDV5TDBBCkkwcHBtcjVRLzhiejhreWxXS2Fj
dWpRaXByS1hlWCs4U2tQdCtWOWpSRzQKLS0tIFhheWxDNjNxOGlsdzNyN1FUblNa
ZEMrUmhYUXhZVStjRlhVYVB2U25PRW8KMruYhZ46Yf2K/DiUu6SUWMAWmCqKE6dm
ijtyMzEI5JLlQs8NfbujlGx9giVtUD9tHiNcNim2cb5m49nriaIuTg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1y06hfa8ctp3tr7g2rukmst4cl064hxaqfsx8w0yq4tgmcrv7qvksct7mnl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0WjBBMnRERWsyUkQ5WCt6
Tndvdml0UFlnS3RRY0FyT2thYkpDYmZFeTA4ClY5QXN1SWFxYWsydm55QmZIaldT
WFI4VC9CdjFqOUdWeDhOcDIveDN4ZjgKLS0tIEI0c3Y0SnlJTGl0T3JjSlRpYVpF
MW4rYXM5SFg2T1dRN2FBelRVQTBvMXcK32StTJfp44BepZ4pAZbZQJ0qZxF/FkZd
xhzpwvzG0ztrRA3uQy5tEhNYuge4hyn2gNV4lgT13RJSngXULXVt+A==
-----END AGE ENCRYPTED FILE-----
- recipient: age12g2kuerwhpyd4t0jrynfc0wlj66rltyp34lsca4y5llmly8jppcq5ug3kc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1eFJSeVJQSjRmZ1cyUGRt
SXF3bUdLZjIrb1JHMzFQeVpaTFVxNk02b2lJCkVSUysyQVlNajNjNzhmUFhjTk1s
bzQ2VVU0RXhVNnYwTEhzRlRMK2NyK0kKLS0tIFdzN0xIOHM0YnRqaDBHRXBqeWJs
OFd1RTNYcGJGSXJOaFpnbjR6YzhjQzAKUZxz47g2MKCVTS1gGJ7p6XCubBu+/CUM
IPQ9uBaW99BB9W9JuIih34/qMVxd/1EHDVk3IDiNB3F3bM8f2LL1yA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-26T17:48:10Z"
mac: ENC[AES256_GCM,data:H2ZvNgVmtUgeNOvXGWxLFC6t8sCzingICyD6Raj42FIYRVaFLbrVblhESVrCYM2LclehBlSS9ceCk6+B/zaYyd5iE8ENzgz287S6t6RfZR9kfWFrtOJ4RINyGDKIFQ4mlt7+QB83DeW7jONeIRbrdI2Imx7fhXes3uHDc51wjGQ=,iv:PDiijPXwGneoo/QQBovxpoT5b0EBpgAGpExnrQ8lfvQ=,tag:PveY9JhZxpMHIbFHLGoSgA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

1
systems/orangepihole/configuration.nix
View file

@ -4,6 +4,7 @@
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
../../modules/common.nix
];
boot.loader.grub.enable = false;

1
systems/smolboi/configuration.nix
View file

@ -8,6 +8,7 @@
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
../../modules/common.nix
../../modules/smartd.nix
];

1
systems/zeus/configuration.nix
View file

@ -8,6 +8,7 @@
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
../../modules/common.nix
../../modules/smartd.nix
];