Added mailserver and hedgedoc service

2025-06-08 10:09:04 +02:00 · 2022-01-23 19:11:10 +01:00 · 2022-01-23 19:11:10 +01:00 · 8b47b55ecf
commit 8b47b55ecf
parent 5e0aeec052
7 changed files with 201 additions and 4 deletions
--- a/modules/docs/default.nix
+++ b/modules/docs/default.nix
@ -0,0 +1,55 @@
+{ lib, pkgs, config, ... }:
+with lib;
+let
+  cfg = config.luj.docs;
+  port = 3013;
+in
+{
+
+  options.luj.docs = {
+
+    enable = mkEnableOption "activate hedgedoc service";
+    nginx.enable = mkEnableOption "activate nginx";
+    nginx.subdomain = mkOption {
+      type = types.str;
+    };
+
+  };
+
+  config = mkIf cfg.enable (
+    mkMerge [{
+      services.hedgedoc = {
+        enable = true;
+        configuration = {
+          port = port;
+          db = {
+            dialect = "postgres";
+            host = "/run/postgresql";
+          };
+          domain = "docs.julienmalka.me";
+          protocolUseSSL = true;
+          allowFreeURL = true;
+          allowEmailRegister = false;
+          allowAnonymous = false;
+          allowAnonymousEdits = true;
+          allowGravatar = true;
+        };
+      };
+      services.postgresql = {
+        ensureDatabases = [ "hedgedoc" ];
+        ensureUsers = [
+          {
+            name = "hedgedoc";
+            ensurePermissions."DATABASE hedgedoc" = "ALL PRIVILEGES";
+          }
+        ];
+      };
+    }
+
+      (mkIf cfg.nginx.enable (mkSubdomain cfg.nginx.subdomain port))]);
+
+
+
+
+
+}
--- a/modules/mailserver/default.nix
+++ b/modules/mailserver/default.nix
@ -0,0 +1,39 @@
+{ pkgs, config, lib, inputs, ... }:
+let
+  cfg = config.luj.mailserver;
+in
+with lib;
+{
+  options.luj.mailserver = {
+    enable = mkEnableOption "Enable mailserver";
+  };
+
+  config = mkIf cfg.enable
+    {
+      mailserver = {
+        enable = true;
+        fqdn = "mail.julienmalka.me";
+        domains = [ "malka.sh" "ens.school" ];
+
+        # A list of all login accounts. To create the password hashes, use
+        # nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
+        loginAccounts = {
+          "julien@malka.sh" = {
+            hashedPasswordFile = "/run/secrets/malkash-pw";
+            aliases = [ "postmaster@malka.sh" ];
+          };
+          "julien.malka@ens.school" = {
+            hashedPasswordFile = "/run/secrets/ensmailmalka-pw";
+          };
+          "camille.mondon@ens.school" = {
+            hashedPassword = "/run/secrets/ensmailmondon-pw";
+          };
+        };
+        certificateScheme = 3;
+      };
+
+      sops.secrets.malkash-pw = { };
+      sops.secrets.ensmailmalka-pw = { };
+      sops.secrets.ensmailmondon-pw = { };
+    };
+}