diff --git a/flake.nix b/flake.nix index 0965a26..e6cf000 100644 --- a/flake.nix +++ b/flake.nix @@ -80,7 +80,9 @@ if machine.hostname != "109-199-104-83" then {config, ...}: { - imports = [./machines/${machine.hostname}/configuration.nix]; + imports = [ + ./machines/${machine.hostname}/configuration.nix + ]; networking.domain = config.networking.hostName; # temporary fix } else {imports = machine.modules;} diff --git a/machines.nix b/machines.nix index 90a2e61..69d0d14 100644 --- a/machines.nix +++ b/machines.nix @@ -10,6 +10,7 @@ ]; }; "109-199-104-83" = { + hostname = "109-199-104-83"; system = "x86_64-linux"; users = []; modules = [ diff --git a/machines/lenovo/configuration.nix b/machines/lenovo/configuration.nix index 05dd082..152d136 100644 --- a/machines/lenovo/configuration.nix +++ b/machines/lenovo/configuration.nix @@ -8,7 +8,6 @@ imports = [ ./impermanence.nix (modulesPath + "/installer/scan/not-detected.nix") - ../../modules/nixos/zulip.nix ]; boot.loader = { efi.canTouchEfiVariables = true; diff --git a/modules/nixos/common.nix b/modules/nixos/common.nix index 3c00de0..c0d1d73 100644 --- a/modules/nixos/common.nix +++ b/modules/nixos/common.nix @@ -1,4 +1,8 @@ -{config, ...}: { +{ + config, + lib, + ... +}: { # flakes usage nix.settings.experimental-features = [ "flakes" @@ -12,5 +16,5 @@ # cleans /tmp to maintain a tidy system boot.tmp.cleanOnBoot = true; - networking.domain = config.networking.hostname; + networking.domain = lib.mkDefault config.networking.hostName; } diff --git a/modules/nixos/networking/ssh-as-root.nix b/modules/nixos/networking/ssh-as-root.nix index d882a46..46cbde6 100644 --- a/modules/nixos/networking/ssh-as-root.nix +++ b/modules/nixos/networking/ssh-as-root.nix @@ -1,3 +1,3 @@ -{ - services.openssh.settings.PermitRootLogin = "yes"; +{lib, ...}: { + services.openssh.settings.PermitRootLogin = lib.mkForce "yes"; } diff --git a/modules/nixos/zulip.nix b/modules/nixos/zulip.nix index 736ffad..de88f9f 100644 --- a/modules/nixos/zulip.nix +++ b/modules/nixos/zulip.nix @@ -15,6 +15,7 @@ EXTERNAL_HOST = "chat.${config.networking.domain}"; }; }; + services.postgresql.enable = true; mailserver.loginAccounts = { "zulip+admin@${config.networking.domain}" = { hashedPasswordFile = builtins.toString config.age.secrets."mailserver-acc-zulip+admin-pw".path; diff --git a/pub-keys.nix b/pub-keys.nix index c02ac37..04fae14 100644 --- a/pub-keys.nix +++ b/pub-keys.nix @@ -5,6 +5,11 @@ mailserver-acc-test-pw.file = ./secrets/mailserver-acc-test-pw.age; mailserver-acc-admin-pw.file = ./secrets/mailserver-acc-admin-pw.age; "mailserver-acc-zulip+admin-pw".file = ./secrets + "/mailserver-acc-zulip+admin-pw.age"; + zulip-avatarSaltKey.file = ./secrets/zulip-avatarSaltKey.age; + zulip-camoKey.file = ./secrets/zulip-camoKey.age; + zulip-rabbitmqPassword.file = ./secrets/zulip-rabbitmqPassword.age; + zulip-secretKey.file = ./secrets/zulip-secretKey.age; + zulip-sharedSecretKey.file = ./secrets/zulip-sharedSecretKey.age; }; pub-keys = { ssh = { diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 56de4d5..62ec92a 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -9,4 +9,9 @@ in { "mailserver-acc-test-pw.age".publicKeys = [andromeda lenovo _109-199-104-83]; "mailserver-acc-admin-pw.age".publicKeys = [andromeda lenovo _109-199-104-83]; "mailserver-acc-zulip+admin-pw.age".publicKeys = [andromeda lenovo _109-199-104-83]; + "zulip-avatarSaltKey.age".publicKeys = [andromeda lenovo _109-199-104-83]; + "zulip-camoKey.age".publicKeys = [andromeda lenovo _109-199-104-83]; + "zulip-rabbitmqPassword.age".publicKeys = [andromeda lenovo _109-199-104-83]; + "zulip-secretKey.age".publicKeys = [andromeda lenovo _109-199-104-83]; + "zulip-sharedSecretKey.age".publicKeys = [andromeda lenovo _109-199-104-83]; } diff --git a/secrets/zulip-avatarSaltKey.age b/secrets/zulip-avatarSaltKey.age new file mode 100644 index 0000000..9d0ad8a Binary files /dev/null and b/secrets/zulip-avatarSaltKey.age differ diff --git a/secrets/zulip-camoKey.age b/secrets/zulip-camoKey.age new file mode 100644 index 0000000..b3913f2 Binary files /dev/null and b/secrets/zulip-camoKey.age differ diff --git a/secrets/zulip-rabbitmqPassword.age b/secrets/zulip-rabbitmqPassword.age new file mode 100644 index 0000000..742689b --- /dev/null +++ b/secrets/zulip-rabbitmqPassword.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 mT2fyg N+K4UqHYGQTzqq5wMhEs5ijh8a8uXarYy2BpWH2GAUY +7mWlRNsudiBCr34QMXkzwkyRZa9K6pAPLX0phQBIH1A +-> ssh-ed25519 UHxfvA i5e8E+FMsG+n+jl5ASBYbPvnME7X58sMMAlYelZAm3A +ARlV+vWRRsFVAsjdk+JgUMgp49muyGFF5g+iyzpyJQY +-> ssh-ed25519 Xoin5w 0EH6bLW0DwwVi8GMjq4ZjlBak1QQ0cxh/+KK/e1rPTY +yIpSegzmBeJ86jApt23Kv9vZ2sVLC8dFYa9t43/x8MM +--- c4PhDnZ271mJc2sc7DSIRqVF503JSsZhBj2ANwcT2po +PKF !"Mgo/gF0@gA΄Pm+uLo  {,ʰF'E|- \ No newline at end of file diff --git a/secrets/zulip-secretKey.age b/secrets/zulip-secretKey.age new file mode 100644 index 0000000..b56cf40 Binary files /dev/null and b/secrets/zulip-secretKey.age differ diff --git a/secrets/zulip-sharedSecretKey.age b/secrets/zulip-sharedSecretKey.age new file mode 100644 index 0000000..f227908 Binary files /dev/null and b/secrets/zulip-sharedSecretKey.age differ