diff --git a/flake.lock b/flake.lock
index 59a6768..3aad045 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,21 @@
{
"nodes": {
+ "blobs": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1604995301,
+ "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
+ "owner": "simple-nixos-mailserver",
+ "repo": "blobs",
+ "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
+ "type": "gitlab"
+ },
+ "original": {
+ "owner": "simple-nixos-mailserver",
+ "repo": "blobs",
+ "type": "gitlab"
+ }
+ },
"flake-compat": {
"flake": false,
"locked": {
@@ -126,6 +142,36 @@
"type": "github"
}
},
+ "nixpkgs-21_05": {
+ "locked": {
+ "lastModified": 1625692408,
+ "narHash": "sha256-e9L3TLLDVIJpMnHtiNHJE62oOh6emRtSZ244bgYJUZs=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "c06613c25df3fe1dd26243847a3c105cf6770627",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-21.05",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs-21_11": {
+ "locked": {
+ "lastModified": 1638371214,
+ "narHash": "sha256-0kE6KhgH7n0vyuX4aUoGsGIQOqjIx2fJavpCWtn73rc=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "a640d8394f34714578f3e6335fc767d0755d78f9",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-21.11",
+ "type": "indirect"
+ }
+ },
"nixpkgs_2": {
"locked": {
"lastModified": 1642707142,
@@ -163,10 +209,35 @@
"neovim-nightly-overlay": "neovim-nightly-overlay",
"nixpkgs": "nixpkgs_2",
"nur": "nur",
+ "simple-nixos-mailserver": "simple-nixos-mailserver",
"sops-nix": "sops-nix",
"unstable": "unstable"
}
},
+ "simple-nixos-mailserver": {
+ "inputs": {
+ "blobs": "blobs",
+ "nixpkgs": [
+ "nixpkgs"
+ ],
+ "nixpkgs-21_05": "nixpkgs-21_05",
+ "nixpkgs-21_11": "nixpkgs-21_11",
+ "utils": "utils"
+ },
+ "locked": {
+ "lastModified": 1638911354,
+ "narHash": "sha256-hNhzLOp+dApEY15vwLAQZu+sjEQbJcOXCaSfAT6lpsQ=",
+ "owner": "simple-nixos-mailserver",
+ "repo": "nixos-mailserver",
+ "rev": "6e3a7b2ea6f0d68b82027b988aa25d3423787303",
+ "type": "gitlab"
+ },
+ "original": {
+ "owner": "simple-nixos-mailserver",
+ "repo": "nixos-mailserver",
+ "type": "gitlab"
+ }
+ },
"sops-nix": {
"inputs": {
"nixpkgs": [
@@ -202,6 +273,21 @@
"repo": "nixpkgs",
"type": "github"
}
+ },
+ "utils": {
+ "locked": {
+ "lastModified": 1605370193,
+ "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "5021eac20303a61fafe17224c087f5519baed54d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
}
},
"root": "root",
diff --git a/flake.nix b/flake.nix
index 8af00b1..482836e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -26,6 +26,11 @@
inputs.nixpkgs.follows = "nixpkgs";
};
+ simple-nixos-mailserver = {
+ url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
+
};
outputs = { self, home-manager, nixpkgs, unstable, sops-nix, neovim-nightly-overlay, nur, ... }@inputs:
diff --git a/lib/default.nix b/lib/default.nix
index 421270c..8c0f6f6 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -20,6 +20,7 @@ in
sops-nix.nixosModules.sops
host-config
home-manager.nixosModules.home-manager
+ simple-nixos-mailserver.nixosModule
{
home-manager.useUserPackages = true;
home-manager.useGlobalPkgs = true;
diff --git a/machines/lisa/default.nix b/machines/lisa/default.nix
index b7fcf1c..2862e76 100644
--- a/machines/lisa/default.nix
+++ b/machines/lisa/default.nix
@@ -26,10 +26,18 @@
subdomain = "ci";
};
zfs-mails = {
- enable = true;
+ enable = false;
name = "lisa";
smart.enable = false;
};
+ docs = {
+ enable = true;
+ nginx = {
+ enable = true;
+ subdomain = "docs";
+ };
+ };
+ mailserver.enable = true;
};
@@ -51,10 +59,10 @@
prefixLength = 120;
}];
+ networking.nameservers = [ "8.8.8.8" ];
networking.hostId = "fbb334ae";
services.zfs.autoSnapshot.enable = true;
services.zfs.autoScrub.enable = true;
-
system.stateVersion = "21.11";
}
diff --git a/modules/docs/default.nix b/modules/docs/default.nix
new file mode 100644
index 0000000..22dfbc8
--- /dev/null
+++ b/modules/docs/default.nix
@@ -0,0 +1,55 @@
+{ lib, pkgs, config, ... }:
+with lib;
+let
+ cfg = config.luj.docs;
+ port = 3013;
+in
+{
+
+ options.luj.docs = {
+
+ enable = mkEnableOption "activate hedgedoc service";
+ nginx.enable = mkEnableOption "activate nginx";
+ nginx.subdomain = mkOption {
+ type = types.str;
+ };
+
+ };
+
+ config = mkIf cfg.enable (
+ mkMerge [{
+ services.hedgedoc = {
+ enable = true;
+ configuration = {
+ port = port;
+ db = {
+ dialect = "postgres";
+ host = "/run/postgresql";
+ };
+ domain = "docs.julienmalka.me";
+ protocolUseSSL = true;
+ allowFreeURL = true;
+ allowEmailRegister = false;
+ allowAnonymous = false;
+ allowAnonymousEdits = true;
+ allowGravatar = true;
+ };
+ };
+ services.postgresql = {
+ ensureDatabases = [ "hedgedoc" ];
+ ensureUsers = [
+ {
+ name = "hedgedoc";
+ ensurePermissions."DATABASE hedgedoc" = "ALL PRIVILEGES";
+ }
+ ];
+ };
+ }
+
+ (mkIf cfg.nginx.enable (mkSubdomain cfg.nginx.subdomain port))]);
+
+
+
+
+
+}
diff --git a/modules/mailserver/default.nix b/modules/mailserver/default.nix
new file mode 100644
index 0000000..791217b
--- /dev/null
+++ b/modules/mailserver/default.nix
@@ -0,0 +1,39 @@
+{ pkgs, config, lib, inputs, ... }:
+let
+ cfg = config.luj.mailserver;
+in
+with lib;
+{
+ options.luj.mailserver = {
+ enable = mkEnableOption "Enable mailserver";
+ };
+
+ config = mkIf cfg.enable
+ {
+ mailserver = {
+ enable = true;
+ fqdn = "mail.julienmalka.me";
+ domains = [ "malka.sh" "ens.school" ];
+
+ # A list of all login accounts. To create the password hashes, use
+ # nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
+ loginAccounts = {
+ "julien@malka.sh" = {
+ hashedPasswordFile = "/run/secrets/malkash-pw";
+ aliases = [ "postmaster@malka.sh" ];
+ };
+ "julien.malka@ens.school" = {
+ hashedPasswordFile = "/run/secrets/ensmailmalka-pw";
+ };
+ "camille.mondon@ens.school" = {
+ hashedPassword = "/run/secrets/ensmailmondon-pw";
+ };
+ };
+ certificateScheme = 3;
+ };
+
+ sops.secrets.malkash-pw = { };
+ sops.secrets.ensmailmalka-pw = { };
+ sops.secrets.ensmailmondon-pw = { };
+ };
+}
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index 039d321..6e453bf 100644
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -6,6 +6,9 @@ git-gpg-private-key: ENC[AES256_GCM,data:p/tdTehpUQUrpH6xLsyoyR6MJFLWV2jyV4pyQOg
drone: ENC[AES256_GCM,data:SGY7+NdYsqEG68oQ0bTt4SvyHQA6x5HM10x0Y1nHX4Klf36iPS6M6/gV8IUCE7JEexhWr4/gNhpjco8iBc7UQKSNC5kG/Bwc+kYDGj/tZQuhTyVQx5sOQlXPk2LBWBWg8mNfjxN83I7H7ASM4/wsD0GYx4o8OM1d9W7YC4FUrQQ678ba9Db7Racx1BEhQOfBfKirpZazMUwCjEQCQCAJt5phfuit58pJ08to3qza7vwnf/pjxZMZfrkeJaQs7lgunD1x,iv:0RGnjEoAe6DbSr5JU1cyOxnM7poR8HJeyJQQ98oA9Bk=,tag:i7Q7Br2OlOcjSNpCZutqVg==,type:str]
bin-cache-priv-key: ENC[AES256_GCM,data:baIdNWuQXGtPAhhtxSL+LJ/inlOqLn6ooVb79Cjbkig3fRR/omgV3DNXpYJdB369sLwnQNJmyRZMv1WHKXq83iqtMS9Pbi0LhyBLtFd+bT2L/dK23hEpXSishx+7XWp9Nv3+jgHE9Aet9CA=,iv:f0itbbkyttYxjoWmaEUixDlrc/ixbuxh6qeUHHrhnBU=,tag:SVMwAobJ5vBb6PWxEKvmQA==,type:str]
filerun: ENC[AES256_GCM,data:VbQqHoN6fgV9LPjLjrdtwjFFOHKA6LAzokz34DbPUMrprUQ9Qn9BwyQuvhwJyMiToQmwTLJHHYWE+jM+5wGbIEgGEQqm8mliHUg3+45LAP5O30ZJT+B66pybsF4KVRZ6CwfLtA5J6vh7GEatPOuDOR8SE2T3MQM9kkx9eBqgaKTCgKV0jeSPEWiT,iv:4KGUhu6V+hmf3bv0W+E7Op/nZZk1gVC6q93eNBu+8d4=,tag:ALPZNWr8blZMAJ/Qm9Cmxg==,type:str]
+malkash-pw: ENC[AES256_GCM,data:8HtZnKC+tmzzui86LgoBV+I6+h8/6IdTmvLDx/rZVAW6erK/osAb+VmKgJ9v+n0QOf2a1Xsh1cYpvK8c,iv:nXnqgR4iy2LbnkBVG4trl30/n38ZWBhDvMJS9DTZpr8=,tag:Hz/ojMrS9YVsn0VuUmZm3w==,type:str]
+ensmailmalka-pw: ENC[AES256_GCM,data:LpvnHlrviWlOW+Ytffr40iMyWlJkJyCvyj44Uh2obUsZTjdXjHpmCJB6YKYzb8VDK2W1O9CqFSTIcBBQ,iv:Z6NmG473XfRPw+aLitPTEp9j0oO6JtxE/DYq4+BMZ3A=,tag:0tSOdCPxdo3ajdt9iZzAhg==,type:str]
+ensmailmondon-pw: ENC[AES256_GCM,data:aNiYjihDYkb2vTB/+aGHcVYBQLHqEYsAQgH91ONGxBJdniRiPW203WBbn78fZa2bx51hVkQqdX6KWE0r,iv:HP4XfAlu2HXtU6fGARXJHsJIwQIP/K6o732JNTLQgOA=,tag:hxLxdbfYZP/6zeDJ7TOdYg==,type:str]
sops:
kms: []
gcp_kms: []
@@ -39,8 +42,8 @@ sops:
RHY4SzV0RlF2SEMySEF0S0VCYi9OVkEK9hFLmy8TbXwf5QFQJsYv2Fz+4xsda49W
Q8ayRVYsKCJAhrw1qcwJ6mCbk0uHZXR2Dyp/utz7ELAmEynA6+N2aw==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2022-01-12T23:46:10Z"
- mac: ENC[AES256_GCM,data:dxWhOvpe+PzWVpEdG2ebxjDptmSzBj+z5WrjutJ9w6Zz+QmwUC76vcPFR9nibZz4Y6KmhMy0e4OVX5070EOcwm+14ER20UFAo+wVF86BvJRdh4LAnF95d0TssR9vJMgdMHRDzB0x2mMiAEQuA3rq28a+JLd+GYM6fMwgAzsdDGk=,iv:Vbqbfi6b3ZNKt+TRFiA7JSW6Un0pjkpeiSHZ1HQd5Oo=,tag:fzy++cuv3DC1k7rOc4KzqA==,type:str]
+ lastmodified: "2022-01-23T17:50:05Z"
+ mac: ENC[AES256_GCM,data:nS9CZWncDWwz7f3c+w6qsTEypO39UDg/h5d+uWu724iy+piqdv0IzRmW2jakDar771O8c8Oy9fakwLSlANHpLkHeb3yjvr8wJ0oUW2THT/fiiaeAQOADyO198/C2fTD4CKvm7RJuIm2u/wXXPKLUwXA3NqvUhDFzcYhqDmAdAhY=,iv:1m4AJWAslgxsuQLmpy56W2CWKVp9QQI+7vcwL7Wr7PM=,tag:PWiLB9i3DqOi6j9nCQFH8w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.1