rayandrew/nix
rayandrew/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add email sync-ing using mbsync

Browse source
This commit is contained in:
Ray Andrew 2025-03-04 16:14:32 -06:00
parent 4db41c080f
commit 9b0959797b
No known key found for this signature in database
14 changed files with 799 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.sops.yaml Normal file
View file

@ -0,0 +1,7 @@
keys:
- &pickwick age13cfe8fhp4m978qlcur46vkkxepsl93ggwe53kmhue9xtpgr5zu5q4y6ln2
creation_rules:
- path_regex: home/email/secrets.yaml$
key_groups:
- age:
- *pickwick

21
flake.lock
View file

@ -249,10 +249,31 @@
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"sops-nix": "sops-nix",
"treefmt-nix": "treefmt-nix", "treefmt-nix": "treefmt-nix",
"zen-browser": "zen-browser" "zen-browser": "zen-browser"
} }
}, },
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1741043164,
"narHash": "sha256-9lfmSZLz6eq9Ygr6cCmvQiiBEaPb54pUBcjvbEMPORc=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "3f2412536eeece783f0d0ad3861417f347219f4d",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,

2
flake.nix
View file

@ -17,6 +17,8 @@
treefmt-nix.inputs.nixpkgs.follows = "nixpkgs"; treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
git-hooks.url = "github:cachix/git-hooks.nix"; git-hooks.url = "github:cachix/git-hooks.nix";
git-hooks.inputs.nixpkgs.follows = "nixpkgs"; git-hooks.inputs.nixpkgs.follows = "nixpkgs";
sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = { outputs = {

186
home/email/default.nix
View file

@ -10,6 +10,7 @@
{ {
imports = [ imports = [
./davmail.nix ./davmail.nix
./neomutt
]; ];
options.custom.email = with lib; { options.custom.email = with lib; {
@ -23,9 +24,194 @@
url = "https://outlook.office365.com/EWS/Exchange.asmx"; url = "https://outlook.office365.com/EWS/Exchange.asmx";
config = { config = {
davmail.mode = "O365Manual"; davmail.mode = "O365Manual";
# davmail.mode = "O365Modern";
davmail.keepDelay = 30; davmail.keepDelay = 30;
# log4j.logger.davmail = "DEBUG"; # log4j.logger.davmail = "DEBUG";
}; };
}; };
programs = {
neomutt = {
macros = [
{
map = [
"index"
"pager"
];
key = "<f2>";
action = "<sync-mailbox><enter-command>source ~/.config/neomutt/uchicago<enter><change-folder>!<enter>";
}
{
map = [
"index"
"pager"
];
key = "<f3>";
action = "<sync-mailbox><enter-command>source ~/.config/neomutt/personal<enter><change-folder>!<enter>";
}
];
};
mbsync.enable = true;
msmtp = {
enable = true;
};
};
services = {
mbsync = {
enable = false;
frequency = "*:0/1";
};
};
accounts.email = let
cat = lib.getExe' pkgs.coreutils "cat";
in rec {
maildirBasePath = "${home-dir}/mail";
accounts = lib.mkMerge ([
{
"personal" = {
userName = "raydreww@gmail.com";
address = "raydreww@gmail.com";
realName = "Ray Andrew";
primary = !config.custom.email.davmail;
signature = {
text = ''
-- Ray Andrew
'';
showSignature = "append";
};
passwordCommand = "${cat} ${config.sops.secrets."personal".path}";
gpg = {
key = "1913ECC8FD7076BC8330E11607AA5254804C009F";
signByDefault = true;
};
smtp = {
host = "smtp.gmail.com";
};
imap = {
host = "imap.gmail.com";
};
mbsync = {
enable = true;
create = "both";
expunge = "both";
patterns = [
"*"
"!\"[Airmail]/Done\""
"!\"[Airmail]/Snooze\""
"!\"[Airmail]/To Do\""
"!\"[Airmail]/Send Later\""
"!\"[Gmail]/All Mail\""
"!\"[Gmail]/Important\""
"!\"[Gmail]/Starred\""
"!\"[Gmail]/Bin\""
];
};
msmtp = {
enable = true;
};
neomutt = rec {
enable = true;
mailboxName = "p";
extraConfig = ''
set use_from = yes
set pgp_verify_sig = yes
set pgp_sign_as = 0x07AA5254804C009F
set pgp_timeout = 3600
named-mailboxes "${mailboxName}/inbox" =Inbox
named-mailboxes "${mailboxName}/drafts" =Drafts
named-mailboxes "${mailboxName}/sent" =Sent
named-mailboxes "${mailboxName}/important" =Important
named-mailboxes "${mailboxName}/trash" =Trash
named-mailboxes "${mailboxName}/archive" =Archive
'';
};
};
}
(lib.mkIf config.custom.email.davmail {
"uchicago" = {
userName = "rayandrew@uchicago.edu";
address = "rayandrew@uchicago.edu";
realName = "Ray Andrew";
primary = true;
signature = {
text = ''
-- Ray Andrew
'';
showSignature = "append";
};
passwordCommand = "${cat} ${config.sops.secrets."uchicago".path}";
gpg = {
key = "0BADFAD0FB93296C84956F9CEEF04CFFE9DFE5FC";
signByDefault = false;
};
smtp = {
host = "127.0.0.1";
port = 1025;
tls = {
enable = false;
certificatesFile = null;
};
};
imap = {
host = "127.0.0.1";
port = 1143;
tls.enable = false;
};
mbsync = {
enable = true;
create = "both";
expunge = "both";
patterns = [
"*"
"!\"[Airmail]/Done\""
"!\"[Airmail]/Snooze\""
"!\"[Airmail]/To Do\""
"!\"[Airmail]/Send Later\""
];
extraConfig.account = {
TLSType = "None";
AuthMechs = "LOGIN";
Timeout = 0;
};
};
msmtp = {
enable = true;
extraConfig = {
auth = "plain";
};
};
neomutt = rec {
enable = true;
mailboxName = "u";
extraConfig = ''
set use_from = yes
set pgp_sign_as = 0xEEF04CFFE9DFE5FC
set pgp_verify_sig = yes
set pgp_timeout = 3600
named-mailboxes "${mailboxName}/inbox" =Inbox
named-mailboxes "${mailboxName}/drafts" =Drafts
named-mailboxes "${mailboxName}/sent" =Sent
named-mailboxes "${mailboxName}/important" =Important
named-mailboxes "${mailboxName}/trash" =Trash
named-mailboxes "${mailboxName}/archive" =Archive
named-mailboxes "${mailboxName}/teaching" =Teaching
'';
};
};
})
]);
};
sops = {
age.keyFile = "${home-dir}/.config/sops/age/keys.txt";
age.generateKey = true;
defaultSopsFile = ./secrets.yaml;
secrets = {
"personal" = { };
"uchicago" = { };
};
};
}; };
} }

48
home/email/mailcap.nix Normal file
View file

@ -0,0 +1,48 @@
{
pkgs,
lib,
config,
...
}:
let
w3m = lib.getExe pkgs.w3m;
zathura = lib.getExe config.programs.zathura.package;
# term = lib.getExe config.programs.kitty.package;
term = lib.getExe config.programs.wezterm.package;
in
{
options.custom.email = with lib; {
mailcap = mkEnableOption "Enable mailcap";
};
config = lib.mkIf config.custom.email.mailcap {
home.packages = with pkgs; [
mailcap
];
home.file.".mailcap" = {
text = ''
# HTML
text/html; ${w3m} -sixel -o tmp_dir=~/.cache/w3m -o auto_image=TRUE -o display_image=1 -T text/html %s; nametemplate=%s.html
# text/html; ${w3m} -o inline_img_protocol=4 -o tmp_dir=~/.cache/w3m -o auto_image=TRUE -o display_image=1 -T text/html %s; nametemplate=%s.html
# This second one is chosen by auto_view due to the copiousoutput tag
text/html; ${w3m} -I %{charset} -T text/html -cols 140 -o tmp_dir=~/.cache/w3m -o display_link_number=1 -dump; copiousoutput
text/plain; nvim %s
#PDFs
application/x-pdf; ${zathura} '%s'; test=test -n "$DISPLAY"
application/pdf; ${zathura} '%s'; test=test -n "$DISPLAY"
message/rfc822; nvim %s
#Images
# image/png; /usr/bin/feh %s
# image/jpeg; /usr/bin/feh %s
# image/*; (clear && ${term} +kitten icat %s); needsterminal
image/*; (clear && ${term} imgcat %s); needsterminal
'';
};
};
}

72
home/email/neomutt/colors.nix Normal file
View file

@ -0,0 +1,72 @@
{ pkgs, ... }:
''
# Header colors:
color header blue default ".*"
color header brightmagenta default "^(From)"
color header brightcyan default "^(Subject)"
color header brightwhite default "^(CC|BCC)"
mono bold bold
mono underline underline
mono indicator reverse
mono error bold
color normal default default
color indicator brightyellow default # currently selected message. default makes bar clear, disabled arrow to save space.
color sidebar_highlight red default
color sidebar_divider brightblack black
color sidebar_flagged red black
color sidebar_new green black
color normal brightyellow default
color error red default
color tilde black default
color message cyan default
color markers red white
color attachment white default
color search brightmagenta default
color status brightyellow black
color hdrdefault brightgreen default
color quoted green default
color quoted1 blue default
color quoted2 cyan default
color quoted3 yellow default
color quoted4 red default
color quoted5 brightred default
color signature brightgreen default
color bold black default
color underline black default
color normal default default
color body brightred default "[\-\.+_a-zA-Z0-9]+@[\-\.a-zA-Z0-9]+" # Email addresses
color body brightblue default "(https?|ftp)://[\-\.,/%~_:?&=\#a-zA-Z0-9]+" # URL
color body green default "\`[^\`]*\`" # Green text between ` and `
color body brightblue default "^# \.*" # Headings as bold blue
color body brightcyan default "^## \.*" # Subheadings as bold cyan
color body brightgreen default "^### \.*" # Subsubheadings as bold green
color body yellow default "^(\t| )*(-|\\*) \.*" # List items as yellow
color body brightcyan default "[;:][-o][)/(|]" # emoticons
color body brightcyan default "[;:][)(|]" # emoticons
color body brightcyan default "[ ][*][^*]*[*][ ]?" # more emoticon?
color body brightcyan default "[ ]?[*][^*]*[*][ ]" # more emoticon?
color body red default "(BAD signature)"
color body cyan default "(Good signature)"
color body brightblack default "^gpg: Good signature .*"
color body brightyellow default "^gpg: "
color body brightyellow red "^gpg: BAD signature from.*"
mono body bold "^gpg: Good signature"
# mohttps://neomutt.org/code/config_vars.htmlno body bold "^gpg: BAD signature from.*"
color body red default "([a-z][a-z0-9+-]*://(((([a-z0-9_.!~*'();:&=+$,-]|%[0-9a-f][0-9a-f])*@)?((([a-z0-9]([a-z0-9-]*[a-z0-9])?)\\.)*([a-z]([a-z0-9-]*[a-z0-9])?)\\.?|[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+)(:[0-9]+)?)|([a-z0-9_.!~*'()$,;:@&=+-]|%[0-9a-f][0-9a-f])+)(/([a-z0-9_.!~*'():@&=+$,-]|%[0-9a-f][0-9a-f])*(;([a-z0-9_.!~*'():@&=+$,-]|%[0-9a-f][0-9a-f])*)*(/([a-z0-9_.!~*'():@&=+$,-]|%[0-9a-f][0-9a-f])*(;([a-z0-9_.!~*'():@&=+$,-]|%[0-9a-f][0-9a-f])*)*)*)?(\\?([a-z0-9_.!~*'();/?:@&=+$,-]|%[0-9a-f][0-9a-f])*)?(#([a-z0-9_.!~*'();/?:@&=+$,-]|%[0-9a-f][0-9a-f])*)?|(www|ftp)\\.(([a-z0-9]([a-z0-9-]*[a-z0-9])?)\\.)*([a-z]([a-z0-9-]*[a-z0-9])?)\\.?(:[0-9]+)?(/([-a-z0-9_.!~*'():@&=+$,]|%[0-9a-f][0-9a-f])*(;([-a-z0-9_.!~*'():@&=+$,]|%[0-9a-f][0-9a-f])*)*(/([-a-z0-9_.!~*'():@&=+$,]|%[0-9a-f][0-9a-f])*(;([-a-z0-9_.!~*'():@&=+$,]|%[0-9a-f][0-9a-f])*)*)*)?(\\?([-a-z0-9_.!~*'();/?:@&=+$,]|%[0-9a-f][0-9a-f])*)?(#([-a-z0-9_.!~*'();/?:@&=+$,]|%[0-9a-f][0-9a-f])*)?)[^].,:;!)? \t\r\n<>\"]"
# Default index colors:
color index yellow default '.*'
color index_author red default '.*'
color index_number blue default
color index_subject cyan default '.*'
# For new mail:
color index brightyellow black "~N"
color index_author brightred black "~N"
color index_subject brightcyan black "~N"
color progress black cyan
''

66
home/email/neomutt/default.nix Normal file
View file

@ -0,0 +1,66 @@
{
pkgs,
config,
lib,
...
}:
let
keybinds = import ./keybind.nix rec {
inherit config lib pkgs;
};
colors = import ./colors.nix rec {
inherit config lib pkgs;
};
in
{
options.custom.email = with lib; {
neomutt = mkEnableOption "Enable NeoMutt";
};
config = lib.mkIf (config.custom.email.enable && config.custom.email.neomutt) {
programs.neomutt = {
enable = true;
vimKeys = false;
sort = "threads";
unmailboxes = true;
binds = keybinds.binds ++ [ ];
macros = keybinds.macros ++ [ ];
extraConfig = ''
set abort_key = "<Esc>"
set editor = "nvim"
set edit_headers = yes
set sidebar_visible
set sidebar_format = "%D%?F? [%F]?%* %?N?%N/?%S"
set mail_check_stats
# set new_mail_command="notify-send 'New Email' '%n new messages, %u unread.' &"
# status bar, date format, finding stuff etc.
set status_chars = " *%A"
# set status_format = "[ Folder: %f ] [%r%m messages%?n? (%n new)?%?d? (%d to delete)?%?t? (%t tagged)? ]%>─%?p?( %p postponed )?"
set status_format = "[ Folder: %D ] [%r%m messages%?n? (%n new)?%?d? (%d to delete)?%?t? (%t tagged)? ]%>%?p?( %p postponed )?"
set date_format = "%d.%m.%Y %H:%M"
set uncollapse_jump
set sort_re
set reply_regexp = "^(([Rr][Ee]?(\[[0-9]+\])?: *)?(\[[^]]+\] *)?)*"
set quote_regexp = "^( {0,4}[>|:#%]| {0,4}[a-z0-9]+[>|]+)+"
set send_charset = "utf-8:iso-8859-1:us-ascii"
set charset = "utf-8"
set arrow_cursor = "no" # Change `color indicator` depending
# Pager View Options
set pager_index_lines = 10 # Shows 10 lines of index when pager is active
set pager_context = 3
set pager_stop
set menu_scroll
set tilde
unset markers
${colors}
'';
};
};
}

316
home/email/neomutt/keybind.nix Normal file
View file

@ -0,0 +1,316 @@
{ pkgs, ... }:
{
binds = [
{
map = [ "attach" ];
key = "<return>";
action = "view-mailcap";
}
{
map = [ "attach" ];
key = "l";
action = "view-mailcap";
}
# {
# map = [ "attach" ];
# key = "O";
# action = "<enter-command>unset wait_key<enter><shell-escape>rm -f /tmp/mutt-attach<enter><save-entry><kill-line>/tmp/mutt-attach<enter>^A";
# }
{
map = [ "editor" ];
key = "<space>";
action = "noop";
}
{
map = [ "pager" ];
key = "c";
action = "imap-fetch-mail";
}
{
map = [ "index" ];
key = "G";
action = "last-entry";
}
{
map = [ "index" ];
key = "g";
action = "noop";
}
{
map = [ "index" ];
key = "gg";
action = "first-entry";
}
{
map = [
"pager"
"attach"
];
key = "h";
action = "exit";
}
{
map = [ "pager" ];
key = "j";
action = "next-line";
}
{
map = [ "pager" ];
key = "k";
action = "previous-line";
}
{
map = [ "pager" ];
key = "l";
action = "view-attachments";
}
{
map = [ "index" ];
key = "D";
action = "delete-message";
}
{
map = [ "index" ];
key = "U";
action = "undelete-message";
}
{
map = [ "index" ];
key = "L";
action = "limit";
}
{
map = [ "index" ];
key = "h";
action = "noop";
}
{
map = [
"browser"
"pager"
"index"
];
key = "n";
action = "search-next";
}
{
map = [
"browser"
"pager"
"index"
];
key = "N";
action = "search-opposite";
}
{
map = [ "index" ];
key = "l";
action = "display-message";
}
{
map = [ "browser" ];
key = "h";
action = "goto-parent";
}
{
map = [ "browser" ];
key = "l";
action = "select-entry";
}
{
map = [
"pager"
"browser"
];
key = "gg";
action = "top-page";
}
{
map = [
"pager"
"browser"
];
key = "G";
action = "bottom-page";
}
{
map = [
"index"
"pager"
"browser"
];
key = "d";
action = "half-down";
}
{
map = [
"index"
"pager"
"browser"
];
key = "u";
action = "half-up";
}
{
map = [ "index" ];
key = "R";
action = "group-reply";
}
{
map = [ "index" ];
key = "\\031";
action = "previous-undeleted";
}
{
map = [ "index" ];
key = "\\005";
action = "next-undeleted";
}
{
map = [ "pager" ];
key = "\\031";
action = "previous-line";
}
{
map = [ "pager" ];
key = "\\005";
action = "next-line";
}
{
map = [ "editor" ];
key = "<Tab>";
action = "complete-query";
}
{
map = [
"index"
"pager"
];
key = "\\Ck";
action = "sidebar-prev";
}
{
map = [
"index"
"pager"
];
key = "\\Cj";
action = "sidebar-next";
}
{
map = [
"index"
"pager"
];
key = "\\Co";
action = "sidebar-open";
}
{
map = [
"index"
"pager"
];
key = "\\Cp";
action = "sidebar-prev-new";
}
{
map = [
"index"
"pager"
];
key = "\\Cn";
action = "sidebar-next-new";
}
{
map = [
"index"
"pager"
];
key = "B";
action = "sidebar-toggle-visible";
}
{
map = [
"index"
"pager"
];
key = "@";
action = "compose-to-sender";
}
{
map = [
"index"
"pager"
];
key = "D";
action = "purge-message";
}
{
map = [ "index" ];
key = "<tab>";
action = "sync-mailbox";
}
{
map = [ "index" ];
key = "<space>";
action = "collapse-thread";
}
{
map = [ "editor" ];
key = "<Tab>";
action = "complete-query";
}
{
map = [ "editor" ];
key = "^T";
action = "complete";
}
# {
# map = [
# "index"
# "pager"
# ];
# key = "<f2>";
# action = "<sync-mailbox><enter-command>source ~/.config/neomutt/accounts/uchicago<enter><change-folder>!<enter>";
# }
# {
# map = [
# "index"
# "pager"
# ];
# key = "<f3>";
# action = "<sync-mailbox><enter-command>source ~/.config/neomutt/accounts/personal<enter><change-folder>!<enter>";
# }
# {
# map = [ "attach" ];
# key = "V";
# action = "<pipe-entry>iconv -c --to-code=UTF8 > ~/.cache/mutt-mail.html<enter><shell-escape>xdg-open ~/.cache/mutt-mail.html<enter>";
# }
];
macros = [
{
map = [
"index"
"pager"
];
key = "a";
action = ":set confirmappend=no delete=yes\\n<tag-prefix><save-message>=Archive\\n<sync-mailbox>:set confirmappend=yes delete=ask-yes\\n";
}
{
map = [
"index"
"pager"
];
key = "n";
action = "<tag-prefix><clear-flag>N<untag-pattern>.<enter>\\n";
}
{
map = [
"attach"
];
key = "O";
action = "<enter-command>unset wait_key<enter><shell-escape>rm -f /tmp/mutt-attach<enter><save-entry><kill-line>/tmp/mutt-attach<enter>^A";
}
];
}

22
home/email/secrets.yaml Normal file
View file

@ -0,0 +1,22 @@
personal: ENC[AES256_GCM,data:aaZAYmnoQfGIH6bBneKtTA==,iv:xiy1eCyBhFulfRXGz0WDFLaqPj3kXsMD4Xkk7D4s5XA=,tag:Nk0KsgICo505VEMwVUt3TA==,type:str]
uchicago: ENC[AES256_GCM,data:3ZkuIfvzOkKfQD0iyTk=,iv:aCfFrxDM5Ly/qLdLAQkK2tOxb89dFkCc9RhN5GVSGRw=,tag:7D54pkVX2F6IhM38JOUFQg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age13cfe8fhp4m978qlcur46vkkxepsl93ggwe53kmhue9xtpgr5zu5q4y6ln2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwTkZDUjFSaXFNMlJDc2xY
VHE4WWo4K0xCWElFMUxwbmRSNE1BUS9LOHpzCjEwRjRjS1pDeGkzMnBnRjc2ZUpp
SEpFaFQrUXZCbko4bkFRU3R0L2NtVTQKLS0tIGUwREh6TDJvMld5RnFmNVhXK3Fj
MWt0T2FzeE1Zd3Yrck04T05DRkVRUzQKtqX30UPHvyKhxNSpbqUNFY+elXugzG9r
/18Itxj/YqjlzY3HN+3AvwvCxUUP/OdOhyUl0YHiGx6ec5nevYiNkw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-04T21:54:28Z"
mac: ENC[AES256_GCM,data:r+2SOcW7xLHee9kL8369yB6l/Z2XdnzGkeFygSrDgcZVfBfp/fT1xeMvu5tuu8aqsUeJ7lkFD2VKiBue95XSojdlM+5YyTerqdzLyMCRbkRivC3O2xXe90B4hVqm+twE9uu74mIznAQ2e0EO9E0MMlMNBo3EwsEcYA8gyVuB5mc=,iv:plNu3BircQ+kpPaXqlNvYlLAL5V5RX/yiETs+nY1pfw=,tag:7gVuOpzx5YsHtwodIRr4TQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

2
hosts/default.nix
View file

@ -43,6 +43,7 @@ let
users.${user} = { users.${user} = {
imports = [ imports = [
inputs.nix-index-database.hmModules.nix-index inputs.nix-index-database.hmModules.nix-index
inputs.sops-nix.homeManagerModules.sops
../home ../home
] ++ lib.optional(builtins.pathExists ./${host}/home.nix) ./${host}/home.nix; ] ++ lib.optional(builtins.pathExists ./${host}/home.nix) ./${host}/home.nix;
}; };
@ -55,6 +56,7 @@ let
user user
]) ])
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
inputs.sops-nix.nixosModules.sops
]; ];
}; };
in in

1
hosts/pickwick/default.nix
View file

@ -27,6 +27,7 @@
_1password.enable = true; _1password.enable = true;
audio.enable = true; audio.enable = true;
bluetooth.enable = true; bluetooth.enable = true;
sops.enable = true;
}; };
services.fwupd.enable = true; services.fwupd.enable = true;

2
nixos/default.nix
View file

@ -13,6 +13,8 @@
./bluetooth.nix ./bluetooth.nix
./displaymanager.nix ./displaymanager.nix
./keyd.nix ./keyd.nix
./gnupg.nix
./sops.nix
]; ];
nix = let nix = let

15
nixos/gnupg.nix Normal file
View file

@ -0,0 +1,15 @@
{
pkgs,
config,
lib,
...
}:
{
programs.gnupg = {
agent = {
enable = true;
enableSSHSupport = true;
};
};
}

39
nixos/sops.nix Normal file
View file

@ -0,0 +1,39 @@
{
config,
lib,
pkgs,
user,
...
}:
let
home-dir = config.hm.home.homeDirectory;
in
{
options.custom = with lib; {
sops.enable = mkEnableOption "sops" // {
default = true;
};
};
config = lib.mkIf config.custom.sops.enable {
environment.systemPackages = with pkgs; [
sops
];
sops = {
defaultSopsFile = ../hosts/secrets.yaml;
defaultSopsFormat = "yaml";
# use full path to persist as the secrets activation script runs at the start
# of stage 2 boot before impermanence
gnupg.sshKeyPaths = [ ];
age = {
sshKeyPaths = [ "${home-dir}/.ssh/id_ed25519" ];
keyFile = "${home-dir}/.config/sops/age/keys.txt";
# This will generate a new key if the key specified above does not exist
generateKey = false;
};
};
};
}