From 9fef15263a41f8d8547d15349c4a759447953020 Mon Sep 17 00:00:00 2001 From: joy Date: Sat, 12 Oct 2024 21:12:58 +0200 Subject: [PATCH] neomutt and secrets --- .sops.yaml | 7 ++ flake.lock | 65 +++++++++--- flake.nix | 7 +- modules/default.nix | 1 + modules/programs/home/default.nix | 1 + modules/programs/home/mail/accounts.nix | 34 +++++++ modules/programs/home/mail/default.nix | 58 +++++++++++ modules/programs/home/mail/muttrc | 127 ++++++++++++++++++++++++ modules/programs/norm/default.nix | 1 - modules/programs/norm/mutt/default.nix | 16 --- modules/secrets/default.nix | 24 +++++ modules/secrets/secrets.yaml | 23 +++++ modules/services/default.nix | 1 + modules/services/forgejo/default.nix | 4 + modules/services/invidious/default.nix | 4 + modules/wm/hyprland/default.nix | 2 +- modules/wm/screen/default.nix | 2 +- 17 files changed, 344 insertions(+), 33 deletions(-) create mode 100644 .sops.yaml create mode 100644 modules/programs/home/mail/accounts.nix create mode 100644 modules/programs/home/mail/default.nix create mode 100644 modules/programs/home/mail/muttrc delete mode 100644 modules/programs/norm/mutt/default.nix create mode 100644 modules/secrets/default.nix create mode 100644 modules/secrets/secrets.yaml create mode 100644 modules/services/forgejo/default.nix diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..445966f --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,7 @@ +keys: + - &primary age18duqdfl29gdtgddzh22sd7xz2ngjjcdn8lzwu5k0c4zjkz0unp4s8q98cu +creation_rules: + - path_regex: modules/secrets/secrets.yaml$ + key_groups: + - age: + - *primary diff --git a/flake.lock b/flake.lock index acd2d74..ccec0fc 100644 --- a/flake.lock +++ b/flake.lock @@ -96,11 +96,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1728596790, - "narHash": "sha256-RTWhRczv04uFJzGf6thqvJ90sL3dTX9hoteu0VGMcB4=", + "lastModified": 1728728052, + "narHash": "sha256-c3a3lFl+dscjyQHgTwZ8cxmn3ZL2haU6pBEpWdYSMcA=", "owner": "rycee", "repo": "nur-expressions", - "rev": "610a9c92c573bf57959ffd371cb4921dd681b272", + "rev": "8f2c44880171bdb4ddf3d2ab55227259b02e61e2", "type": "gitlab" }, "original": { @@ -202,11 +202,11 @@ ] }, "locked": { - "lastModified": 1728597384, - "narHash": "sha256-vMAPqOkEgXlTSFXtb9wCNQrsNp9QZu/nZ8D9UtHgSYc=", + "lastModified": 1728660969, + "narHash": "sha256-V/2veQnsNM/vJL5iALPyaJ6Y8PE7l0ITSEjPeXkr5HE=", "owner": "joygnu", "repo": "home-manager", - "rev": "18f8d4d0d39f36efb4fbc036cff168ef28b5f8f2", + "rev": "bab6334f3d26731ae74a084de1aea5a3cbbe571d", "type": "github" }, "original": { @@ -373,6 +373,22 @@ "type": "github" } }, + "nixpkgs-stable_2": { + "locked": { + "lastModified": 1728156290, + "narHash": "sha256-uogSvuAp+1BYtdu6UWuObjHqSbBohpyARXDWqgI12Ss=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "17ae88b569bb15590549ff478bab6494dde4a907", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nmd": { "inputs": { "nixpkgs": [ @@ -418,6 +434,7 @@ "home-manager": "home-manager", "nix-on-droid": "nix-on-droid", "nixpkgs": "nixpkgs", + "sops": "sops", "sops-nix": "sops-nix", "stylix": "stylix" } @@ -438,7 +455,7 @@ "type": "github" } }, - "sops-nix": { + "sops": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -459,6 +476,27 @@ "type": "github" } }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_2" + }, + "locked": { + "lastModified": 1728345710, + "narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, "stylix": { "inputs": { "base16": "base16", @@ -478,11 +516,11 @@ "tinted-tmux": "tinted-tmux" }, "locked": { - "lastModified": 1728487226, - "narHash": "sha256-gTOUdO94Y24QgnPVnHTQ/Kch0eM6pHEk/c1WoIxg+qE=", + "lastModified": 1728640680, + "narHash": "sha256-JH2+RXJNooFtZIN6ZhaGZWn2KChMrso4H7Fkp1Ujrdo=", "owner": "danth", "repo": "stylix", - "rev": "5699ba97c60455ebafde0fd4e78ca0a2e5a58282", + "rev": "f95022bb6e74f726a87975aec982a5aa9fad8691", "type": "github" }, "original": { @@ -540,16 +578,17 @@ "tinted-kitty": { "flake": false, "locked": { - "lastModified": 1727867815, - "narHash": "sha256-cghdwzPyve13JFeW+Mpqy/sDswlJ4DTffY24R0R7r/U=", + "lastModified": 1716423189, + "narHash": "sha256-2xF3sH7UIwegn+2gKzMpFi3pk5DlIlM18+vj17Uf82U=", "owner": "tinted-theming", "repo": "tinted-kitty", - "rev": "81b15cb9eb696247af857808d37122188423f73b", + "rev": "eb39e141db14baef052893285df9f266df041ff8", "type": "github" }, "original": { "owner": "tinted-theming", "repo": "tinted-kitty", + "rev": "eb39e141db14baef052893285df9f266df041ff8", "type": "github" } }, diff --git a/flake.nix b/flake.nix index 7df1d82..ec7c6fc 100644 --- a/flake.nix +++ b/flake.nix @@ -6,12 +6,13 @@ ags, stylix, home-manager, + sops-nix, ... } @ inputs: let systemConfig = {modules}: nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; - modules = modules ++ [home-manager.nixosModules.default]; + modules = modules ++ [home-manager.nixosModules.default sops-nix.nixosModules.sops]; }; in { nixOnDroidConfigurations.default = nix-on-droid.lib.nixOnDroidConfiguration { @@ -56,5 +57,9 @@ url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + sops = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; } diff --git a/modules/default.nix b/modules/default.nix index 1573c04..d19bb5a 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -6,5 +6,6 @@ ./hardware ./services ./programs + ./secrets ]; } diff --git a/modules/programs/home/default.nix b/modules/programs/home/default.nix index 956247c..eeba4ea 100644 --- a/modules/programs/home/default.nix +++ b/modules/programs/home/default.nix @@ -12,5 +12,6 @@ ./bat ./cmus ./tmux + ./mail ]; } diff --git a/modules/programs/home/mail/accounts.nix b/modules/programs/home/mail/accounts.nix new file mode 100644 index 0000000..54bc5c3 --- /dev/null +++ b/modules/programs/home/mail/accounts.nix @@ -0,0 +1,34 @@ +{ + accounts.email = { + maildirBasePath = ".local/share/mail"; + + accounts = { + "mail@joygnu.org" = { + primary = true; + address = "mail@joygnu.org"; + userName = "mail"; + realName = "Joy"; + passwordCommand = "cat /run/secrets/mail"; + imap.host = "mail.joygnu.org"; + smtp.host = "mail.joygnu.org"; + }; + "spyware@joygnu.org" = { + address = "spyware@joygnu.org"; + userName = "spyware"; + realName = "Joy"; + passwordCommand = "cat /run/secrets/spyware"; + imap.host = "mail.joygnu.org"; + smtp.host = "mail.joygnu.org"; + }; + "contact@joygnu.org" = { + address = "contact@joygnu.org"; + userName = "contact"; + realName = "Joy"; + passwordCommand = "cat /run/secrets/contact"; + # passwordCommand = "sh /home/joy/nix/modules/programs/home/mail/contact.sh"; + imap.host = "mail.joygnu.org"; + smtp.host = "mail.joygnu.org"; + }; + }; + }; +} diff --git a/modules/programs/home/mail/default.nix b/modules/programs/home/mail/default.nix new file mode 100644 index 0000000..bfc8686 --- /dev/null +++ b/modules/programs/home/mail/default.nix @@ -0,0 +1,58 @@ +let + muttrc = builtins.readFile (./. + "/muttrc"); +in { + accounts.email.accounts = { + "mail@joygnu.org" = { + imap.port = 993; + mbsync.enable = true; + mbsync.create = "both"; + neomutt = { + enable = true; + extraMailboxes = [ + {mailbox = "Sent";} + {mailbox = "Junk";} + {mailbox = "Trash";} + {mailbox = "Drafts";} + ]; + }; + }; + "spyware@joygnu.org" = { + imap.port = 993; + mbsync.enable = true; + mbsync.create = "both"; + neomutt = { + enable = true; + extraMailboxes = [ + {mailbox = "Sent";} + {mailbox = "Junk";} + {mailbox = "Trash";} + {mailbox = "Drafts";} + ]; + }; + }; + "contact@joygnu.org" = { + imap.port = 993; + mbsync.enable = true; + mbsync.create = "both"; + neomutt = { + enable = true; + extraMailboxes = [ + {mailbox = "Sent";} + {mailbox = "Junk";} + {mailbox = "Trash";} + {mailbox = "Drafts";} + ]; + }; + }; + }; + programs.mbsync = { + enable = true; + }; + + programs.neomutt = { + enable = true; + extraConfig = muttrc; + }; + + imports = [./accounts.nix]; +} diff --git a/modules/programs/home/mail/muttrc b/modules/programs/home/mail/muttrc new file mode 100644 index 0000000..97df9f1 --- /dev/null +++ b/modules/programs/home/mail/muttrc @@ -0,0 +1,127 @@ +bind index i noop +bind pager i noop +macro index,pager i1 'source /home/joy/.config/neomutt/contact@joygnu.org!;' "switch to contact@joygnu.org" +macro index,pager i2 'source /home/joy/.config/neomutt/mail@joygnu.org!;' "switch to mail@joygnu.org" +macro index,pager i3 'source /home/joy/.config/neomutt/spyware@joygnu.org!;' "switch to spyware@joygnu.org" + +# Sidebar mappings +set sidebar_visible = yes +set sidebar_width = 20 +set sidebar_short_path = yes +set sidebar_next_new_wrap = yes +set mail_check_stats +set sidebar_format = '%D%?F? [%F]?%* %?N?%N/? %?S?%S?' +bind index,pager \Ck sidebar-prev +bind index,pager \Cj sidebar-next +bind index,pager \Co sidebar-open +bind index,pager \Cp sidebar-prev-new +bind index,pager \Cn sidebar-next-new +bind index,pager B sidebar-toggle-visible + + +color normal white black +color error brightwhite default +color status white brightblack +color sidebar_highlight blue default + +# Default index colors +color index white black '.*' +color index_author blue default '.*' +color index_number blue default +color index_subject white default '.*' + +# New mail +color index brightwhite brightblack "~N" +color index_author brightblue brightblack "~N" +color index_subject brightwhite brightblack "~N" + +# Tagged mail +color index brightwhite blue "~T" +color index_author brightblue blue "~T" +color index_subject brightwhite blue "~T" + +# Other colors and aesthetic settings +mono bold bold +mono underline underline +mono indicator reverse +mono error bold +color indicator brightblack white +color sidebar_divider brightblack black +color sidebar_flagged blue black +color sidebar_new white black +color normal white default +color message cyan default +color markers brightwhite white +color attachment white default +color search cyan default +color hdrdefault brightgreen default + +# Quoted text +color quoted white default +color quoted1 blue default +color quoted2 cyan default +color quoted3 brightwhite default +color quoted4 brightblue default +color quoted5 brightcyan default + +# Signature +color signature brightgreen default + +# Bold and Underline +color bold black default +color underline black default + +bind index,pager g noop +bind index \Cf noop +bind index,pager M noop +bind index,pager C noop + +# General rebindings +bind index gg first-entry +bind index j next-entry +bind index k previous-entry +bind attach view-mailcap +bind attach l view-mailcap +bind editor noop +bind index G last-entry +bind index gg first-entry +bind pager,attach h exit +bind pager j next-line +bind pager k previous-line +bind pager l view-attachments +bind index D delete-message +bind index U undelete-message +bind index L limit +bind index h noop +bind index l display-message +bind index,query tag-entry +#bind browser h goto-parent +macro browser h '..' "Go to parent folder" +bind index,pager H view-raw-message +bind browser l select-entry +bind pager,browser gg top-page +bind pager,browser G bottom-page +bind index,pager,browser d half-down +bind index,pager,browser u half-up +bind index,pager S sync-mailbox +bind index,pager R group-reply +bind editor complete-query + +macro index,pager gi "=Inbox" "go to inbox" +macro index,pager Mi ";=Inbox" "move mail to inbox" +macro index,pager Ci ";=Inbox" "copy mail to inbox" +macro index,pager gd "=Drafts" "go to drafts" +macro index,pager Md ";=Drafts" "move mail to drafts" +macro index,pager Cd ";=Drafts" "copy mail to drafts" +macro index,pager gj "=Junk" "go to junk" +macro index,pager Mj ";=Junk" "move mail to junk" +macro index,pager Cj ";=Junk" "copy mail to junk" +macro index,pager gt "=Trash" "go to trash" +macro index,pager Mt ";=Trash" "move mail to trash" +macro index,pager Ct ";=Trash" "copy mail to trash" +macro index,pager gs "=Sent" "go to sent" +macro index,pager Ms ";=Sent" "move mail to sent" +macro index,pager Cs ";=Sent" "copy mail to sent" +macro index,pager ga "=Archive" "go to archive" +macro index,pager Ma ";=Archive" "move mail to archive" +macro index,pager Ca ";=Archive" "copy mail to archive" diff --git a/modules/programs/norm/default.nix b/modules/programs/norm/default.nix index aa32bbe..30e56d3 100644 --- a/modules/programs/norm/default.nix +++ b/modules/programs/norm/default.nix @@ -4,7 +4,6 @@ ./gpg ./nemo ./misc - ./mutt ./code ]; } diff --git a/modules/programs/norm/mutt/default.nix b/modules/programs/norm/mutt/default.nix deleted file mode 100644 index 3454204..0000000 --- a/modules/programs/norm/mutt/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{pkgs, ...}: { - environment.systemPackages = with pkgs; [ - mutt-wizard - neomutt - msmtp - curl - isync - pass - lynx - notmuch - abook - mpop - urlscan - vim - ]; -} diff --git a/modules/secrets/default.nix b/modules/secrets/default.nix new file mode 100644 index 0000000..689e700 --- /dev/null +++ b/modules/secrets/default.nix @@ -0,0 +1,24 @@ +{ + sops.defaultSopsFile = ./secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/home/joy/.config/age/keys.txt"; + + sops.secrets.mail = { + owner = "joy"; + }; + sops.secrets.spyware = { + owner = "joy"; + }; + sops.secrets.contact = { + owner = "joy"; + }; + + users.users.sometestservice = { + home = "/var/lib/sometestservice"; + createHome = true; + isSystemUser = true; + group = "sometestservice"; + }; + users.groups.sometestservice = {}; +} diff --git a/modules/secrets/secrets.yaml b/modules/secrets/secrets.yaml new file mode 100644 index 0000000..2934484 --- /dev/null +++ b/modules/secrets/secrets.yaml @@ -0,0 +1,23 @@ +mail: ENC[AES256_GCM,data:fczs+TGhEprQIq90Mj6b+7YMcdc=,iv:VDPWXJ4j0lCB/lGPEav7tc2UyDSeP4pWjwc1GdJaRvc=,tag:dcegyG0iWTNHWwiok9LeCw==,type:str] +spyware: ENC[AES256_GCM,data:qMIq9wxQEWQ12yv3TS5L+vKJ7k0=,iv:4CcYjHu5P/NG2TJHIQGrHxGLpvJkJQwi43vEUTuHzcc=,tag:IkEBbib9sCEYvplLSK6FaQ==,type:str] +contact: ENC[AES256_GCM,data:Ar1oEaGVJrzk2tZjjC1oJevP3ms=,iv:W0ZZe1Okk2DgTRsNaDfwpdUhkXZHdVdENOudUZarhm0=,tag:xUgtoxMkO4WBVn2Ly2ADtA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age18duqdfl29gdtgddzh22sd7xz2ngjjcdn8lzwu5k0c4zjkz0unp4s8q98cu + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYaHpVR29HM2NtY3ZyZWt5 + YXVtcC9KVjRMMkp1ell3U2s2SElOK29QODFjCk5CWC85cU85L3JLQWhzQ3RWVzU2 + SytsaEVoNHNGdlRQZkpCODlJOEhhcncKLS0tIG4yZGdPeG5uOEhLM1M0a0dTUStV + OFFGTHdpNmpvU0NxRkZKakp6d1ZQOHcKlyLSgKBK3W6uRlkFpTTrbClwAmEx7DPL + KpxncKiz0MoFsnlIP2evqPrxS/K9RP3EYRmdSKKr9VuLeWTIg+/nJA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-10-12T18:25:06Z" + mac: ENC[AES256_GCM,data:MizKpqos6NOhBMmph5FldnaluqOm/9FBqjexacgmFW+H+3ApyCWSMY85gezXPTkGOPrP1Ic8DIc/ioYH7IlI84KX9fSJ+zbOEqb/mhS1NraSDxo9IC2Xckct/lYfPiOWXmwU6d45oEgCuV9XkrWuZUE6CuaLeAPIYa5RYfFDy4o=,iv:TB7NwNzsXYkEmyEloy4YDfE5GptLSZOny9R6j5dv4wY=,tag:C7FikIcMIBFcoOkHIwcnrw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/modules/services/default.nix b/modules/services/default.nix index df31d4a..6f8e980 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -7,6 +7,7 @@ ./syncthing ./docker ./invidious + ./forgejo ./misc ]; } diff --git a/modules/services/forgejo/default.nix b/modules/services/forgejo/default.nix new file mode 100644 index 0000000..9f91b23 --- /dev/null +++ b/modules/services/forgejo/default.nix @@ -0,0 +1,4 @@ +{ + services.forgejo.enable = true; + services.forgejo.settings.server.HTTP_PORT = 2000; +} diff --git a/modules/services/invidious/default.nix b/modules/services/invidious/default.nix index eb20c92..7de1f3d 100644 --- a/modules/services/invidious/default.nix +++ b/modules/services/invidious/default.nix @@ -8,4 +8,8 @@ }; }; }; + # services.invidious.domain = "yt.joygnu.org"; + # services.invidious.nginx.enable = true; + # security.acme.defaults.email = "mail@joygnu.org"; + # security.acme.acceptTerms = true; } diff --git a/modules/wm/hyprland/default.nix b/modules/wm/hyprland/default.nix index 9b05c1c..2db4296 100644 --- a/modules/wm/hyprland/default.nix +++ b/modules/wm/hyprland/default.nix @@ -72,7 +72,7 @@ "$mod, E, exec, nemo" "$mod, S, exec, firefox" "$mod, X, exec, keepassxc" - "$mod, M, exec, mw -Y && alacritty -e neomutt" + "$mod, M, exec, mbsync -a && alacritty -e neomutt" "$mod, N, exec, alacritty -e newsboat" "$mod, A, exec, rofi -show drun" "$mod, F, exec, freetube" diff --git a/modules/wm/screen/default.nix b/modules/wm/screen/default.nix index 63679a3..d48a4a3 100644 --- a/modules/wm/screen/default.nix +++ b/modules/wm/screen/default.nix @@ -2,7 +2,7 @@ home-manager.users.joy = { home.file.".config/swappy/config".text = '' [Default] - save_dir=$HOME/media/pic/screen + save_dir=$HOME/media/pics/screen ''; home.packages = with pkgs; [