setup email config and more secure sshd

2026-03-29 03:29:13 +02:00
parent 28438606ee
commit 01bd905f27
2 changed files with 58 additions and 2 deletions
--- a/configuration.nix
+++ b/configuration.nix
@@ -116,7 +116,12 @@
  };

  services.openssh = {
-    enable = false;
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+      PermitRootLogin = "no";
+    };
  };

  users.users.vbm = {
--- a/home.nix
+++ b/home.nix
@@ -29,7 +29,8 @@
    };
  };

-  home.file.".ssh/allowed_signers".text = "* ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFI0JYlUwTrHgvjvd4q03ZxDOmoQJ8rSAUDw0dlUMAXb vbm@nixos-xenon";
+  home.file.".ssh/allowed_signers".text =
+    "* ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFI0JYlUwTrHgvjvd4q03ZxDOmoQJ8rSAUDw0dlUMAXb vbm@nixos-xenon";

  nixpkgs.config.allowUnfreePredicate =
    pkg:
@@ -43,6 +44,7 @@
    mime.enable = true;
    mimeApps.enable = true;
    userDirs.enable = true;
+    userDirs.setSessionVariables = true;
  };

  home.pointerCursor = {
@@ -84,6 +86,49 @@
    enable = true;
  };

+  # accounts.email.accounts."personal" = {
+  #   primary = true;
+  #   address = "VegardMatthey@protonmail.com";
+  #   realName = "Vegard Bieker Matthey";
+  # };
+  services.mbsync.enable = true;
+  programs.mbsync = {
+    enable = true;
+  };
+
+  accounts.email.maildirBasePath = "Mail";
+  accounts.email.accounts."pvv" = {
+    userName = "vegardbm";
+    primary = true;
+    mbsync = {
+      enable = true;
+      create = "both";
+      extraConfig.account = {
+        AuthMechs = "PLAIN";
+      };
+    };
+    address = "vegardbm@pvv.ntnu.no";
+    neomutt.enable = true;
+    realName = "Vegard Bieker Matthey";
+    flavor = "plain";
+    imap = {
+      port = 993;
+      host = "imap.pvv.ntnu.no";
+      authentication = "plain";
+      tls.enable = true;
+    };
+    smtp = {
+      port = 465;
+      host = "smtp.pvv.ntnu.no";
+      authentication = "plain";
+      tls = {
+        enable = true;
+        useStartTls = true;
+      };
+    };
+    passwordCommand = "${lib.getExe' pkgs.coreutils "cat"} /home/vbm/Documents/pass.txt";
+  };
+
  programs.zoxide = {
    enable = true;
    enableNushellIntegration = config.programs.nushell.enable;
@@ -94,6 +139,7 @@
    theme.name = "Adwaita-dark";
    theme.package = pkgs.gnome-themes-extra;
    gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc";
+    gtk4.theme = null;
  };

  qt = {
@@ -482,6 +528,11 @@
    '';
  };

+  programs.neomutt = {
+    enable = true;
+    vimKeys = true;
+  };
+
  programs.librewolf = {
    enable = true;