init

13 files changed, 32 insertions, 6 deletions

diff --git a/flake.nix b/flake.nix
index 0965a26..e6cf000 100644
--- a/flake.nix
+++ b/flake.nix
@@ -80,7 +80,9 @@
               if machine.hostname != "109-199-104-83"
               then
                 {config, ...}: {
-                  imports = [./machines/${machine.hostname}/configuration.nix];
+                  imports = [
+                    ./machines/${machine.hostname}/configuration.nix
+                  ];
                   networking.domain = config.networking.hostName; # temporary fix
                 }
               else {imports = machine.modules;}
diff --git a/machines.nix b/machines.nix
index 90a2e61..69d0d14 100644
--- a/machines.nix
+++ b/machines.nix
@@ -10,6 +10,7 @@
     ];
   };
   "109-199-104-83" = {
+    hostname = "109-199-104-83";
     system = "x86_64-linux";
     users = [];
     modules = [
diff --git a/machines/lenovo/configuration.nix b/machines/lenovo/configuration.nix
index 05dd082..152d136 100644
--- a/machines/lenovo/configuration.nix
+++ b/machines/lenovo/configuration.nix
@@ -8,7 +8,6 @@
   imports = [
     ./impermanence.nix
     (modulesPath + "/installer/scan/not-detected.nix")
-    ../../modules/nixos/zulip.nix
   ];
   boot.loader = {
     efi.canTouchEfiVariables = true;
diff --git a/modules/nixos/common.nix b/modules/nixos/common.nix
index 3c00de0..c0d1d73 100644
--- a/modules/nixos/common.nix
+++ b/modules/nixos/common.nix
@@ -1,4 +1,8 @@
-{config, ...}: {
+{
+  config,
+  lib,
+  ...
+}: {
   # flakes usage
   nix.settings.experimental-features = [
     "flakes"
@@ -12,5 +16,5 @@
   # cleans /tmp to maintain a tidy system
   boot.tmp.cleanOnBoot = true;
 
-  networking.domain = config.networking.hostname;
+  networking.domain = lib.mkDefault config.networking.hostName;
 }
diff --git a/modules/nixos/networking/ssh-as-root.nix b/modules/nixos/networking/ssh-as-root.nix
index d882a46..46cbde6 100644
--- a/modules/nixos/networking/ssh-as-root.nix
+++ b/modules/nixos/networking/ssh-as-root.nix
@@ -1,3 +1,3 @@
-{
-  services.openssh.settings.PermitRootLogin = "yes";
+{lib, ...}: {
+  services.openssh.settings.PermitRootLogin = lib.mkForce "yes";
 }
diff --git a/modules/nixos/zulip.nix b/modules/nixos/zulip.nix
index 736ffad..de88f9f 100644
--- a/modules/nixos/zulip.nix
+++ b/modules/nixos/zulip.nix
@@ -15,6 +15,7 @@
       EXTERNAL_HOST = "chat.${config.networking.domain}";
     };
   };
+  services.postgresql.enable = true;
   mailserver.loginAccounts = {
     "zulip+admin@${config.networking.domain}" = {
       hashedPasswordFile = builtins.toString config.age.secrets."mailserver-acc-zulip+admin-pw".path;
diff --git a/pub-keys.nix b/pub-keys.nix
index c02ac37..04fae14 100644
--- a/pub-keys.nix
+++ b/pub-keys.nix
@@ -5,6 +5,11 @@
     mailserver-acc-test-pw.file = ./secrets/mailserver-acc-test-pw.age;
     mailserver-acc-admin-pw.file = ./secrets/mailserver-acc-admin-pw.age;
     "mailserver-acc-zulip+admin-pw".file = ./secrets + "/mailserver-acc-zulip+admin-pw.age";
+    zulip-avatarSaltKey.file = ./secrets/zulip-avatarSaltKey.age;
+    zulip-camoKey.file = ./secrets/zulip-camoKey.age;
+    zulip-rabbitmqPassword.file = ./secrets/zulip-rabbitmqPassword.age;
+    zulip-secretKey.file = ./secrets/zulip-secretKey.age;
+    zulip-sharedSecretKey.file = ./secrets/zulip-sharedSecretKey.age;
   };
   pub-keys = {
     ssh = {
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 56de4d5..62ec92a 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -9,4 +9,9 @@ in {
   "mailserver-acc-test-pw.age".publicKeys = [andromeda lenovo _109-199-104-83];
   "mailserver-acc-admin-pw.age".publicKeys = [andromeda lenovo _109-199-104-83];
   "mailserver-acc-zulip+admin-pw.age".publicKeys = [andromeda lenovo _109-199-104-83];
+  "zulip-avatarSaltKey.age".publicKeys = [andromeda lenovo _109-199-104-83];
+  "zulip-camoKey.age".publicKeys = [andromeda lenovo _109-199-104-83];
+  "zulip-rabbitmqPassword.age".publicKeys = [andromeda lenovo _109-199-104-83];
+  "zulip-secretKey.age".publicKeys = [andromeda lenovo _109-199-104-83];
+  "zulip-sharedSecretKey.age".publicKeys = [andromeda lenovo _109-199-104-83];
 }
diff --git a/secrets/zulip-avatarSaltKey.age b/secrets/zulip-avatarSaltKey.age
new file mode 100644
index 0000000..9d0ad8a
--- /dev/null
+++ b/secrets/zulip-avatarSaltKey.age
diff --git a/secrets/zulip-camoKey.age b/secrets/zulip-camoKey.age
new file mode 100644
index 0000000..b3913f2
--- /dev/null
+++ b/secrets/zulip-camoKey.age
diff --git a/secrets/zulip-rabbitmqPassword.age b/secrets/zulip-rabbitmqPassword.age
new file mode 100644
index 0000000..742689b
--- /dev/null
+++ b/secrets/zulip-rabbitmqPassword.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 mT2fyg N+K4UqHYGQTzqq5wMhEs5ijh8a8uXarYy2BpWH2GAUY
+7mWlRNsudiBCr34QMXkzwkyRZa9K6pAPLX0phQBIH1A
+-> ssh-ed25519 UHxfvA i5e8E+FMsG+n+jl5ASBYbPvnME7X58sMMAlYelZAm3A
+ARlV+vWRRsFVAsjdk+JgUMgp49muyGFF5g+iyzpyJQY
+-> ssh-ed25519 Xoin5w 0EH6bLW0DwwVi8GMjq4ZjlBak1QQ0cxh/+KK/e1rPTY
+yIpSegzmBeJ86jApt23Kv9vZ2sVLC8dFYa9t43/x8MM
+--- c4PhDnZ271mJc2sc7DSIRqVF503JSsZhBj2ANwcT2po
+PK�F��!"����Mgo�/���gF��0@��gA��΄�P���m+u��Lo�
�� {,ʰF��'�E��|-
\ No newline at end of file
diff --git a/secrets/zulip-secretKey.age b/secrets/zulip-secretKey.age
new file mode 100644
index 0000000..b56cf40
--- /dev/null
+++ b/secrets/zulip-secretKey.age
diff --git a/secrets/zulip-sharedSecretKey.age b/secrets/zulip-sharedSecretKey.age
new file mode 100644
index 0000000..f227908
--- /dev/null
+++ b/secrets/zulip-sharedSecretKey.age