Added mailserver and hedgedoc service

2025-03-27 06:10:53 +01:00 · 2022-01-23 19:11:10 +01:00 · 2022-01-23 19:11:10 +01:00 · 8b47b55ecf
commit 8b47b55ecf
parent 5e0aeec052
7 changed files with 201 additions and 4 deletions
--- a/flake.lock
+++ b/flake.lock
@ -1,5 +1,21 @@
 {
  "nodes": {
+    "blobs": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1604995301,
+        "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
+        "owner": "simple-nixos-mailserver",
+        "repo": "blobs",
+        "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "simple-nixos-mailserver",
+        "repo": "blobs",
+        "type": "gitlab"
+      }
+    },
    "flake-compat": {
      "flake": false,
      "locked": {
@ -126,6 +142,36 @@
        "type": "github"
      }
    },
+    "nixpkgs-21_05": {
+      "locked": {
+        "lastModified": 1625692408,
+        "narHash": "sha256-e9L3TLLDVIJpMnHtiNHJE62oOh6emRtSZ244bgYJUZs=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c06613c25df3fe1dd26243847a3c105cf6770627",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-21.05",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs-21_11": {
+      "locked": {
+        "lastModified": 1638371214,
+        "narHash": "sha256-0kE6KhgH7n0vyuX4aUoGsGIQOqjIx2fJavpCWtn73rc=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "a640d8394f34714578f3e6335fc767d0755d78f9",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-21.11",
+        "type": "indirect"
+      }
+    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1642707142,
@ -163,10 +209,35 @@
        "neovim-nightly-overlay": "neovim-nightly-overlay",
        "nixpkgs": "nixpkgs_2",
        "nur": "nur",
+        "simple-nixos-mailserver": "simple-nixos-mailserver",
        "sops-nix": "sops-nix",
        "unstable": "unstable"
      }
    },
+    "simple-nixos-mailserver": {
+      "inputs": {
+        "blobs": "blobs",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-21_05": "nixpkgs-21_05",
+        "nixpkgs-21_11": "nixpkgs-21_11",
+        "utils": "utils"
+      },
+      "locked": {
+        "lastModified": 1638911354,
+        "narHash": "sha256-hNhzLOp+dApEY15vwLAQZu+sjEQbJcOXCaSfAT6lpsQ=",
+        "owner": "simple-nixos-mailserver",
+        "repo": "nixos-mailserver",
+        "rev": "6e3a7b2ea6f0d68b82027b988aa25d3423787303",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "simple-nixos-mailserver",
+        "repo": "nixos-mailserver",
+        "type": "gitlab"
+      }
+    },
    "sops-nix": {
      "inputs": {
        "nixpkgs": [
@ -202,6 +273,21 @@
        "repo": "nixpkgs",
        "type": "github"
      }
+    },
+    "utils": {
+      "locked": {
+        "lastModified": 1605370193,
+        "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "5021eac20303a61fafe17224c087f5519baed54d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -26,6 +26,11 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };

+    simple-nixos-mailserver = {
+      url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
  };

  outputs = { self, home-manager, nixpkgs, unstable, sops-nix, neovim-nightly-overlay, nur, ... }@inputs:
--- a/lib/default.nix
+++ b/lib/default.nix
@ -20,6 +20,7 @@ in
      sops-nix.nixosModules.sops
      host-config
      home-manager.nixosModules.home-manager
+      simple-nixos-mailserver.nixosModule
      {
        home-manager.useUserPackages = true;
        home-manager.useGlobalPkgs = true;
--- a/machines/lisa/default.nix
+++ b/machines/lisa/default.nix
@ -26,10 +26,18 @@
      subdomain = "ci";
    };
    zfs-mails = {
-      enable = true;
+      enable = false;
      name = "lisa";
      smart.enable = false;
    };
+    docs = {
+      enable = true;
+      nginx = {
+        enable = true;
+        subdomain = "docs";
+      };
+    };
+    mailserver.enable = true;

  };

@ -51,10 +59,10 @@
    prefixLength = 120;
  }];

+  networking.nameservers = [ "8.8.8.8" ];
  networking.hostId = "fbb334ae";
  services.zfs.autoSnapshot.enable = true;
  services.zfs.autoScrub.enable = true;

-
  system.stateVersion = "21.11";
 }
--- a/modules/docs/default.nix
+++ b/modules/docs/default.nix
@ -0,0 +1,55 @@
+{ lib, pkgs, config, ... }:
+with lib;
+let
+  cfg = config.luj.docs;
+  port = 3013;
+in
+{
+
+  options.luj.docs = {
+
+    enable = mkEnableOption "activate hedgedoc service";
+    nginx.enable = mkEnableOption "activate nginx";
+    nginx.subdomain = mkOption {
+      type = types.str;
+    };
+
+  };
+
+  config = mkIf cfg.enable (
+    mkMerge [{
+      services.hedgedoc = {
+        enable = true;
+        configuration = {
+          port = port;
+          db = {
+            dialect = "postgres";
+            host = "/run/postgresql";
+          };
+          domain = "docs.julienmalka.me";
+          protocolUseSSL = true;
+          allowFreeURL = true;
+          allowEmailRegister = false;
+          allowAnonymous = false;
+          allowAnonymousEdits = true;
+          allowGravatar = true;
+        };
+      };
+      services.postgresql = {
+        ensureDatabases = [ "hedgedoc" ];
+        ensureUsers = [
+          {
+            name = "hedgedoc";
+            ensurePermissions."DATABASE hedgedoc" = "ALL PRIVILEGES";
+          }
+        ];
+      };
+    }
+
+      (mkIf cfg.nginx.enable (mkSubdomain cfg.nginx.subdomain port))]);
+
+
+
+
+
+}
--- a/modules/mailserver/default.nix
+++ b/modules/mailserver/default.nix
@ -0,0 +1,39 @@
+{ pkgs, config, lib, inputs, ... }:
+let
+  cfg = config.luj.mailserver;
+in
+with lib;
+{
+  options.luj.mailserver = {
+    enable = mkEnableOption "Enable mailserver";
+  };
+
+  config = mkIf cfg.enable
+    {
+      mailserver = {
+        enable = true;
+        fqdn = "mail.julienmalka.me";
+        domains = [ "malka.sh" "ens.school" ];
+
+        # A list of all login accounts. To create the password hashes, use
+        # nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
+        loginAccounts = {
+          "julien@malka.sh" = {
+            hashedPasswordFile = "/run/secrets/malkash-pw";
+            aliases = [ "postmaster@malka.sh" ];
+          };
+          "julien.malka@ens.school" = {
+            hashedPasswordFile = "/run/secrets/ensmailmalka-pw";
+          };
+          "camille.mondon@ens.school" = {
+            hashedPassword = "/run/secrets/ensmailmondon-pw";
+          };
+        };
+        certificateScheme = 3;
+      };
+
+      sops.secrets.malkash-pw = { };
+      sops.secrets.ensmailmalka-pw = { };
+      sops.secrets.ensmailmondon-pw = { };
+    };
+}
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@ -6,6 +6,9 @@ git-gpg-private-key: ENC[AES256_GCM,data:p/tdTehpUQUrpH6xLsyoyR6MJFLWV2jyV4pyQOg
 drone: ENC[AES256_GCM,data:SGY7+NdYsqEG68oQ0bTt4SvyHQA6x5HM10x0Y1nHX4Klf36iPS6M6/gV8IUCE7JEexhWr4/gNhpjco8iBc7UQKSNC5kG/Bwc+kYDGj/tZQuhTyVQx5sOQlXPk2LBWBWg8mNfjxN83I7H7ASM4/wsD0GYx4o8OM1d9W7YC4FUrQQ678ba9Db7Racx1BEhQOfBfKirpZazMUwCjEQCQCAJt5phfuit58pJ08to3qza7vwnf/pjxZMZfrkeJaQs7lgunD1x,iv:0RGnjEoAe6DbSr5JU1cyOxnM7poR8HJeyJQQ98oA9Bk=,tag:i7Q7Br2OlOcjSNpCZutqVg==,type:str]
 bin-cache-priv-key: ENC[AES256_GCM,data:baIdNWuQXGtPAhhtxSL+LJ/inlOqLn6ooVb79Cjbkig3fRR/omgV3DNXpYJdB369sLwnQNJmyRZMv1WHKXq83iqtMS9Pbi0LhyBLtFd+bT2L/dK23hEpXSishx+7XWp9Nv3+jgHE9Aet9CA=,iv:f0itbbkyttYxjoWmaEUixDlrc/ixbuxh6qeUHHrhnBU=,tag:SVMwAobJ5vBb6PWxEKvmQA==,type:str]
 filerun: ENC[AES256_GCM,data:VbQqHoN6fgV9LPjLjrdtwjFFOHKA6LAzokz34DbPUMrprUQ9Qn9BwyQuvhwJyMiToQmwTLJHHYWE+jM+5wGbIEgGEQqm8mliHUg3+45LAP5O30ZJT+B66pybsF4KVRZ6CwfLtA5J6vh7GEatPOuDOR8SE2T3MQM9kkx9eBqgaKTCgKV0jeSPEWiT,iv:4KGUhu6V+hmf3bv0W+E7Op/nZZk1gVC6q93eNBu+8d4=,tag:ALPZNWr8blZMAJ/Qm9Cmxg==,type:str]
+malkash-pw: ENC[AES256_GCM,data:8HtZnKC+tmzzui86LgoBV+I6+h8/6IdTmvLDx/rZVAW6erK/osAb+VmKgJ9v+n0QOf2a1Xsh1cYpvK8c,iv:nXnqgR4iy2LbnkBVG4trl30/n38ZWBhDvMJS9DTZpr8=,tag:Hz/ojMrS9YVsn0VuUmZm3w==,type:str]
+ensmailmalka-pw: ENC[AES256_GCM,data:LpvnHlrviWlOW+Ytffr40iMyWlJkJyCvyj44Uh2obUsZTjdXjHpmCJB6YKYzb8VDK2W1O9CqFSTIcBBQ,iv:Z6NmG473XfRPw+aLitPTEp9j0oO6JtxE/DYq4+BMZ3A=,tag:0tSOdCPxdo3ajdt9iZzAhg==,type:str]
+ensmailmondon-pw: ENC[AES256_GCM,data:aNiYjihDYkb2vTB/+aGHcVYBQLHqEYsAQgH91ONGxBJdniRiPW203WBbn78fZa2bx51hVkQqdX6KWE0r,iv:HP4XfAlu2HXtU6fGARXJHsJIwQIP/K6o732JNTLQgOA=,tag:hxLxdbfYZP/6zeDJ7TOdYg==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -39,8 +42,8 @@ sops:
            RHY4SzV0RlF2SEMySEF0S0VCYi9OVkEK9hFLmy8TbXwf5QFQJsYv2Fz+4xsda49W
            Q8ayRVYsKCJAhrw1qcwJ6mCbk0uHZXR2Dyp/utz7ELAmEynA6+N2aw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-01-12T23:46:10Z"
-    mac: ENC[AES256_GCM,data:dxWhOvpe+PzWVpEdG2ebxjDptmSzBj+z5WrjutJ9w6Zz+QmwUC76vcPFR9nibZz4Y6KmhMy0e4OVX5070EOcwm+14ER20UFAo+wVF86BvJRdh4LAnF95d0TssR9vJMgdMHRDzB0x2mMiAEQuA3rq28a+JLd+GYM6fMwgAzsdDGk=,iv:Vbqbfi6b3ZNKt+TRFiA7JSW6Un0pjkpeiSHZ1HQd5Oo=,tag:fzy++cuv3DC1k7rOc4KzqA==,type:str]
+    lastmodified: "2022-01-23T17:50:05Z"
+    mac: ENC[AES256_GCM,data:nS9CZWncDWwz7f3c+w6qsTEypO39UDg/h5d+uWu724iy+piqdv0IzRmW2jakDar771O8c8Oy9fakwLSlANHpLkHeb3yjvr8wJ0oUW2THT/fiiaeAQOADyO198/C2fTD4CKvm7RJuIm2u/wXXPKLUwXA3NqvUhDFzcYhqDmAdAhY=,iv:1m4AJWAslgxsuQLmpy56W2CWKVp9QQI+7vcwL7Wr7PM=,tag:PWiLB9i3DqOi6j9nCQFH8w==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.1