Andromeda/conf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init

Browse Source
This commit is contained in:
andromeda
2026-01-06 18:30:12 +01:00
parent c9a5c521db
commit beaceffff0
13 changed files with 32 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
flake.nix
View File

@@ -80,7 +80,9 @@
if machine.hostname != "109-199-104-83" if machine.hostname != "109-199-104-83"
then then
{config, ...}: { {config, ...}: {
imports = [./machines/${machine.hostname}/configuration.nix]; imports = [
./machines/${machine.hostname}/configuration.nix
];
networking.domain = config.networking.hostName; # temporary fix networking.domain = config.networking.hostName; # temporary fix
} }
else {imports = machine.modules;} else {imports = machine.modules;}

1
machines.nix
View File

@@ -10,6 +10,7 @@
]; ];
}; };
"109-199-104-83" = { "109-199-104-83" = {
hostname = "109-199-104-83";
system = "x86_64-linux"; system = "x86_64-linux";
users = []; users = [];
modules = [ modules = [

1
machines/lenovo/configuration.nix
View File

@@ -8,7 +8,6 @@
imports = [ imports = [
./impermanence.nix ./impermanence.nix
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
../../modules/nixos/zulip.nix
]; ];
boot.loader = { boot.loader = {
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;

8
modules/nixos/common.nix
View File

@@ -1,4 +1,8 @@
{config, ...}: { {
config,
lib,
...
}: {
# flakes usage # flakes usage
nix.settings.experimental-features = [ nix.settings.experimental-features = [
"flakes" "flakes"
@@ -12,5 +16,5 @@
# cleans /tmp to maintain a tidy system # cleans /tmp to maintain a tidy system
boot.tmp.cleanOnBoot = true; boot.tmp.cleanOnBoot = true;
networking.domain = config.networking.hostname; networking.domain = lib.mkDefault config.networking.hostName;
} }

4
modules/nixos/networking/ssh-as-root.nix
View File

@@ -1,3 +1,3 @@
{ {lib, ...}: {
services.openssh.settings.PermitRootLogin = "yes"; services.openssh.settings.PermitRootLogin = lib.mkForce "yes";
} }

1
modules/nixos/zulip.nix
View File

@@ -15,6 +15,7 @@
EXTERNAL_HOST = "chat.${config.networking.domain}"; EXTERNAL_HOST = "chat.${config.networking.domain}";
}; };
}; };
services.postgresql.enable = true;
mailserver.loginAccounts = { mailserver.loginAccounts = {
"zulip+admin@${config.networking.domain}" = { "zulip+admin@${config.networking.domain}" = {
hashedPasswordFile = builtins.toString config.age.secrets."mailserver-acc-zulip+admin-pw".path; hashedPasswordFile = builtins.toString config.age.secrets."mailserver-acc-zulip+admin-pw".path;

5
pub-keys.nix
View File

@@ -5,6 +5,11 @@
mailserver-acc-test-pw.file = ./secrets/mailserver-acc-test-pw.age; mailserver-acc-test-pw.file = ./secrets/mailserver-acc-test-pw.age;
mailserver-acc-admin-pw.file = ./secrets/mailserver-acc-admin-pw.age; mailserver-acc-admin-pw.file = ./secrets/mailserver-acc-admin-pw.age;
"mailserver-acc-zulip+admin-pw".file = ./secrets + "/mailserver-acc-zulip+admin-pw.age"; "mailserver-acc-zulip+admin-pw".file = ./secrets + "/mailserver-acc-zulip+admin-pw.age";
zulip-avatarSaltKey.file = ./secrets/zulip-avatarSaltKey.age;
zulip-camoKey.file = ./secrets/zulip-camoKey.age;
zulip-rabbitmqPassword.file = ./secrets/zulip-rabbitmqPassword.age;
zulip-secretKey.file = ./secrets/zulip-secretKey.age;
zulip-sharedSecretKey.file = ./secrets/zulip-sharedSecretKey.age;
}; };
pub-keys = { pub-keys = {
ssh = { ssh = {

5
secrets/secrets.nix
View File

@@ -9,4 +9,9 @@ in {
"mailserver-acc-test-pw.age".publicKeys = [andromeda lenovo _109-199-104-83]; "mailserver-acc-test-pw.age".publicKeys = [andromeda lenovo _109-199-104-83];
"mailserver-acc-admin-pw.age".publicKeys = [andromeda lenovo _109-199-104-83]; "mailserver-acc-admin-pw.age".publicKeys = [andromeda lenovo _109-199-104-83];
"mailserver-acc-zulip+admin-pw.age".publicKeys = [andromeda lenovo _109-199-104-83]; "mailserver-acc-zulip+admin-pw.age".publicKeys = [andromeda lenovo _109-199-104-83];
"zulip-avatarSaltKey.age".publicKeys = [andromeda lenovo _109-199-104-83];
"zulip-camoKey.age".publicKeys = [andromeda lenovo _109-199-104-83];
"zulip-rabbitmqPassword.age".publicKeys = [andromeda lenovo _109-199-104-83];
"zulip-secretKey.age".publicKeys = [andromeda lenovo _109-199-104-83];
"zulip-sharedSecretKey.age".publicKeys = [andromeda lenovo _109-199-104-83];
} }

BIN
secrets/zulip-avatarSaltKey.age Normal file
View File

Binary file not shown.

BIN
secrets/zulip-camoKey.age Normal file
View File

Binary file not shown.

9
secrets/zulip-rabbitmqPassword.age Normal file
View File

@@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 mT2fyg N+K4UqHYGQTzqq5wMhEs5ijh8a8uXarYy2BpWH2GAUY
7mWlRNsudiBCr34QMXkzwkyRZa9K6pAPLX0phQBIH1A
-> ssh-ed25519 UHxfvA i5e8E+FMsG+n+jl5ASBYbPvnME7X58sMMAlYelZAm3A
ARlV+vWRRsFVAsjdk+JgUMgp49muyGFF5g+iyzpyJQY
-> ssh-ed25519 Xoin5w 0EH6bLW0DwwVi8GMjq4ZjlBak1QQ0cxh/+KK/e1rPTY
yIpSegzmBeJ86jApt23Kv9vZ2sVLC8dFYa9t43/x8MM
--- c4PhDnZ271mJc2sc7DSIRqVF503JSsZhBj2ANwcT2po
PK<EFBFBD>F <0C><0E>!"<22><08><><EFBFBD>Mgo<67>/<2F><><EFBFBD>gF<67><46>0@<19><><EFBFBD>gA<15><>΄<EFBFBD>P<EFBFBD><50><EFBFBD>m+u<><75>Lo<4C>

BIN
secrets/zulip-secretKey.age Normal file
View File

Binary file not shown.

BIN
secrets/zulip-sharedSecretKey.age Normal file
View File

Binary file not shown.