From ac0530def0614990d0bc2389bc87e819176312ff Mon Sep 17 00:00:00 2001 From: Don Harper Date: Wed, 25 Feb 2026 23:01:00 -0600 Subject: [PATCH] chore | add sops info, update smtp info --- hosts/server/default.nix | 54 +++++++++++++++++++++++++++++++++++++--- 1 file changed, 50 insertions(+), 4 deletions(-) diff --git a/hosts/server/default.nix b/hosts/server/default.nix index 8e8750e..cef37e5 100644 --- a/hosts/server/default.nix +++ b/hosts/server/default.nix @@ -178,7 +178,7 @@ in { lsof lsscsi nix-bash-completions - nixfmt-classic + nixfmt pkg-config podman poppler-utils @@ -188,6 +188,52 @@ in { udiskie ]; + sops = { + age.keyFile = "/home/don/.config/sops/age/keys.txt"; + + defaultSopsFile = ../../secrets.yaml; + # defaultSymlinkPath = "/run/user/1000/secrets"; + # defaultSecretsMountPoint = "/run/user/1000/secrets.d"; + + secrets = { + "users/root_password" = { + owner = "root"; + mode = "0400"; + }; + "users/root_sshauth" = { + owner = "root"; + mode = "0400"; + path = "/etc/ssh/authorized_keys.d/root"; + }; + "users/don_password" = { + owner = "don"; + mode = "0400"; + }; + "users/don_sshauth" = { + owner = "don"; + mode = "0400"; + path = "/etc/ssh/authorized_keys.d/don"; + }; + "users/vicky_password" = { + owner = "don"; + mode = "0400"; + }; + "users/vicky_sshauth" = { + owner = "don"; + mode = "0400"; + path = "/etc/ssh/authorized_keys.d/vicky"; + }; + "smtp/smtp_password" = { + owner = "root"; + mode = "0444"; + }; + "tailscale/ts_api" = { + owner = "root"; + mode = "0400"; + }; + }; + }; + programs = { dconf = {enable = true;}; mtr = {enable = true;}; @@ -239,12 +285,12 @@ in { accounts = { default = { auth = true; - tls = true; + tls = false; port = 587; from = "don@donharper.org"; host = "smtp.smtp2go.com"; - user = "donharper.org"; - passwordeval = "cat /home/don/.smtp_password.txt"; + user = "duckunix"; + passwordeval = "cat ${config.sops.secrets."smtp/smtp_password".path}"; }; }; };