about summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorSoispha <soispha@vhack.eu>2024-03-28 11:01:33 +0100
committerSoispha <soispha@vhack.eu>2024-03-28 11:01:33 +0100
commit815dfcc69f82e6ae37633185d4c0fe487793bcd4 (patch)
tree930f69ebeffd9e59571ec739f02b9a077c3bd629
parentfix(hm/conf/gpg): Add my nixpkgs fork to ensure a working gpg-agent (diff)
downloadnixos-config-815dfcc69f82e6ae37633185d4c0fe487793bcd4.tar.gz
nixos-config-815dfcc69f82e6ae37633185d4c0fe487793bcd4.zip
chore(treewide): Move away from git-crypt
Diffstat (limited to '')
-rw-r--r--hm/soispha/conf/git/default.nix18
-rw-r--r--hm/soispha/conf/mail/accounts/benedikt.nix48
-rw-r--r--hm/soispha/conf/mail/accounts/soispha.nix49
-rw-r--r--hm/soispha/conf/mail/default.nix55
-rw-r--r--hm/soispha/conf/mail/non_public_accounts.nixbin1018 -> 0 bytes
-rw-r--r--hm/soispha/conf/taskwarrior/default.nix5
-rw-r--r--hm/soispha/conf/taskwarrior/taskd/user_id.nixbin84 -> 0 bytes
-rw-r--r--sys/options/default.nix3
-rw-r--r--sys/options/secret.nixbin533 -> 25 bytes
-rw-r--r--sys/secrets/default.nix6
-rw-r--r--sys/secrets/secrets.nix1
-rw-r--r--sys/secrets/taskserver/credentials15
12 files changed, 130 insertions, 70 deletions
diff --git a/hm/soispha/conf/git/default.nix b/hm/soispha/conf/git/default.nix
index 491b3648..0593df77 100644
--- a/hm/soispha/conf/git/default.nix
+++ b/hm/soispha/conf/git/default.nix
@@ -107,8 +107,9 @@ in {
         defaultBranch = "prime";
       };
       user = {
-        email = "soispha@vhack.eu";
-        name = "Soispha";
+        name = "Benedikt Peetz";
+        email = "benedikt.peetz@b-peetz.de";
+        # signingKey = "9A254A935C25B0419EAE495014D2BC012F572AD7!";
       };
       help = {
         autocorrect = 5;
@@ -159,17 +160,6 @@ in {
         };
       };
     };
-    includes = [
-      {
-        condition = "gitdir:~/school/";
-        contents = {
-          user = {
-            inherit (nixosConfig.soispha.secret.me) name email;
-            signingKey = nixosConfig.soispha.secret.me.gpgKey;
-          };
-        };
-      }
-    ];
     delta = {
       enable = true;
       options = {
@@ -184,7 +174,7 @@ in {
       };
     };
     signing = {
-      key = "9606FC749FCE16360723D4ADA5E94010C3A642AD!";
+      key = "9A254A935C25B0419EAE495014D2BC012F572AD7!";
       signByDefault = true;
     };
   };
diff --git a/hm/soispha/conf/mail/accounts/benedikt.nix b/hm/soispha/conf/mail/accounts/benedikt.nix
new file mode 100644
index 00000000..87ede61b
--- /dev/null
+++ b/hm/soispha/conf/mail/accounts/benedikt.nix
@@ -0,0 +1,48 @@
+{pkgs}: {
+  address = "benedikt.peetz@b-peetz.de";
+  userName = "benedikt.peetz@b-peetz.de";
+  realName = "Benedikt Peetz";
+  primary = true;
+  passwordCommand = "${pkgs.libsecret}/bin/secret-tool lookup account benedikt.peetz@b-peetz.de";
+  aliases = [
+    "@b-peetz.de"
+  ];
+  folders = {};
+  gpg = {
+    encryptByDefault = true;
+    key = "9A254A935C25B0419EAE495014D2BC012F572AD7";
+    signByDefault = true;
+  };
+  signature = {
+    # TODO:
+  };
+  neomutt = {
+    enable = true;
+  };
+  mbsync = {
+    enable = true;
+    create = "both";
+  };
+  # himalaya = {
+  #   enable = true;
+  #   backend = "imap";
+  #   sender = "smtp";
+  #   settings = {
+  #     # TODO:
+  #   };
+  # };
+  smtp = {
+    host = "server1.vhack.eu";
+    port = 465;
+  };
+  imap = {
+    host = "server1.vhack.eu";
+    port = 993;
+  };
+  jmap = {
+    # TODO:
+  };
+  maildir = {
+    path = "bpeetz";
+  };
+}
diff --git a/hm/soispha/conf/mail/accounts/soispha.nix b/hm/soispha/conf/mail/accounts/soispha.nix
new file mode 100644
index 00000000..012e84d6
--- /dev/null
+++ b/hm/soispha/conf/mail/accounts/soispha.nix
@@ -0,0 +1,49 @@
+{pkgs}: {
+  address = "soispha@vhack.eu";
+  userName = "soispha@vhack.eu";
+  realName = "Soispha";
+  primary = false;
+  passwordCommand = "${pkgs.libsecret}/bin/secret-tool lookup account soispha@vhack.eu";
+  aliases = [
+    "admin@vhack.eu"
+  ];
+  folders = {
+  };
+  gpg = {
+    encryptByDefault = true;
+    key = "9606FC749FCE16360723D4ADA5E94010C3A642AD";
+    signByDefault = true;
+  };
+  signature = {
+    # TODO:
+  };
+  neomutt = {
+    enable = true;
+  };
+  mbsync = {
+    enable = true;
+    create = "both";
+  };
+  # himalaya = {
+  #   enable = true;
+  #   backend = "imap";
+  #   sender = "smtp";
+  #   settings = {
+  #     # TODO:
+  #   };
+  # };
+  smtp = {
+    host = "server1.vhack.eu";
+    port = 465;
+  };
+  imap = {
+    host = "server1.vhack.eu";
+    port = 993;
+  };
+  jmap = {
+    # TODO:
+  };
+  maildir = {
+    path = "soispha";
+  };
+}
diff --git a/hm/soispha/conf/mail/default.nix b/hm/soispha/conf/mail/default.nix
index 7ca65e1a..0ecbe40a 100644
--- a/hm/soispha/conf/mail/default.nix
+++ b/hm/soispha/conf/mail/default.nix
@@ -1,61 +1,12 @@
 {
   config,
   pkgs,
-  lib,
   ...
 }: let
-  non_public_accounts = import ./non_public_accounts.nix {inherit pkgs;};
-  accounts = lib.recursiveUpdate {inherit soispha;} non_public_accounts;
+  benedikt = import ./accounts/benedikt.nix {inherit pkgs;};
+  soispha = import ./accounts/soispha.nix {inherit pkgs;};
 
-  soispha = {
-    address = "soispha@vhack.eu";
-    userName = "soispha@vhack.eu";
-    realName = "Soispha";
-    primary = true;
-    passwordCommand = "${pkgs.libsecret}/bin/secret-tool lookup account soispha@vhack.eu";
-    aliases = [
-      "admin@vhack.eu"
-    ];
-    folders = {
-    };
-    gpg = {
-      encryptByDefault = true;
-      key = "9606FC749FCE16360723D4ADA5E94010C3A642AD";
-      signByDefault = true;
-    };
-    signature = {
-      # TODO:
-    };
-    neomutt = {
-      enable = true;
-    };
-    mbsync = {
-      enable = true;
-      create = "both";
-    };
-    # himalaya = {
-    #   enable = true;
-    #   backend = "imap";
-    #   sender = "smtp";
-    #   settings = {
-    #     # TODO:
-    #   };
-    # };
-    smtp = {
-      host = "server1.vhack.eu";
-      port = 465;
-    };
-    imap = {
-      host = "server1.vhack.eu";
-      port = 993;
-    };
-    jmap = {
-      # TODO:
-    };
-    maildir = {
-      path = "soispha";
-    };
-  };
+  accounts = {inherit soispha benedikt;};
 in {
   accounts.email = {
     maildirBasePath = "${config.xdg.dataHome}/maildir";
diff --git a/hm/soispha/conf/mail/non_public_accounts.nix b/hm/soispha/conf/mail/non_public_accounts.nix
deleted file mode 100644
index 7ab1bbc6..00000000
--- a/hm/soispha/conf/mail/non_public_accounts.nix
+++ /dev/null
Binary files differdiff --git a/hm/soispha/conf/taskwarrior/default.nix b/hm/soispha/conf/taskwarrior/default.nix
index 3bd7c03d..d7aec156 100644
--- a/hm/soispha/conf/taskwarrior/default.nix
+++ b/hm/soispha/conf/taskwarrior/default.nix
@@ -74,6 +74,10 @@
   in {
     enable = true;
     colorTheme = ./nord.theme;
+    extraConfig = ''
+      # This include just contains my taskd user credentials
+      include ${nixosConfig.age.secrets.taskserverCredentials.path}
+    '';
     config = {
       news.version = "2.6.0";
       complete.all.tags = true;
@@ -115,7 +119,6 @@
           nixosConfig.age.secrets.taskserverPrivate.path;
         certificate =
           nixosConfig.age.secrets.taskserverPublic.path;
-        credentials = import ./taskd/user_id.nix {};
       };
     };
   };
diff --git a/hm/soispha/conf/taskwarrior/taskd/user_id.nix b/hm/soispha/conf/taskwarrior/taskd/user_id.nix
deleted file mode 100644
index 06c6543a..00000000
--- a/hm/soispha/conf/taskwarrior/taskd/user_id.nix
+++ /dev/null
Binary files differdiff --git a/sys/options/default.nix b/sys/options/default.nix
index 2beba855..72ebc4fb 100644
--- a/sys/options/default.nix
+++ b/sys/options/default.nix
@@ -5,9 +5,6 @@
 }: let
   cfg = config.soispha;
 in {
-  imports = [
-    ./secret.nix
-  ];
   options.soispha = {
     laptop = {
       enable = lib.mkEnableOption "Laptop improvemens";
diff --git a/sys/options/secret.nix b/sys/options/secret.nix
index 7fe04f86..06b1bc21 100644
--- a/sys/options/secret.nix
+++ b/sys/options/secret.nix
Binary files differdiff --git a/sys/secrets/default.nix b/sys/secrets/default.nix
index 86118d10..d69014bf 100644
--- a/sys/secrets/default.nix
+++ b/sys/secrets/default.nix
@@ -56,6 +56,12 @@ in {
             owner = "soispha";
             group = "users";
           };
+          taskserverCredentials = {
+            file = ./taskserver/credentials;
+            mode = "700";
+            owner = "soispha";
+            group = "users";
+          };
         };
       };
     };
diff --git a/sys/secrets/secrets.nix b/sys/secrets/secrets.nix
index dd5bf022..4bbf895f 100644
--- a/sys/secrets/secrets.nix
+++ b/sys/secrets/secrets.nix
@@ -16,4 +16,5 @@ in {
   "taskserver/private.key".publicKeys = [soispha tiamat apzu];
   "taskserver/public.cert".publicKeys = [soispha tiamat apzu];
   "taskserver/ca.cert".publicKeys = [soispha tiamat apzu];
+  "taskserver/credentials".publicKeys = [soispha tiamat apzu];
 }
diff --git a/sys/secrets/taskserver/credentials b/sys/secrets/taskserver/credentials
new file mode 100644
index 00000000..f3aaf502
--- /dev/null
+++ b/sys/secrets/taskserver/credentials
@@ -0,0 +1,15 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqdGQ3a0pWb3lvZXFWbTFQ
+UG1JbGREZW9SS3ZuWXJhbTdvTTBqZUdhN0Q0CjF1cnJFM1d2ZFNyRW44Rzlvamlz
+VWQycXhmWnB4L1hiSE5qbFozWFlGMU0KLT4gc3NoLWVkMjU1MTkgelpFb25nIEFk
+bVQ3U3BsU1FkeWxBY0sySTV2UkxocXJpVXMyd1FrMXA3YUR0NWtTR1kKeUtHODVy
+aXE3aXh4WkFmYTJtdlZyZ1A1QlhYZGZuTUYxYVVlblRUV1BqOAotPiBzc2gtZWQy
+NTUxOSA3SGZGVXcgdGR4cFMya3p6TEx5cnhYcWNXR2FlVEk3UTBEcHQ3Y3RmK0lY
+YlpwRXJGcwpwZUVqODB3SUZUdTlQVW4yaWlZaTE0RE9OT1dLanZlSGV6cnlJRElQ
+UjBBCi0+ICFALWdyZWFzZSB0MFU2IDZoIEJPWUZIP1sKN1l2dzdWN1JDbEhEeXBq
+THV0cWJIV1RLalVsVVp3RCtwbk5NS2pnd3kxS1RhNTNaa3pqWXZFVm9FM2N2cFp5
+TQpYR2MKLS0tIEhLQWdwL0VoT1ZGNU5UUWs0SVVqK0ZQTndkTURPb0VtNEtJN3or
+S0Q0K1UKRfhyrcVb0EbsKj9gL5kqaIpfrsWd2cizrVQ67y9ZOwWilWgk/gkoXadf
+q7QeYjnWsHeIVtSZIaHSa8+9pvKAwiYW+B6DjRi7EXkCYz8zGeanMuoKA4by5Q9x
+VMKJlWk7c0WIzSuviw==
+-----END AGE ENCRYPTED FILE-----