luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-07-01 23:27:18 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added mailserver and hedgedoc service

Browse source
This commit is contained in:
Julien Malka 2022-01-23 19:11:10 +01:00
parent 303b6ef88c
commit e1319341a8
6 changed files with 196 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

86
flake.lock generated
View file

@ -1,5 +1,21 @@
{
"nodes": {
"blobs": {
"flake": false,
"locked": {
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"type": "gitlab"
}
},
"flake-compat": {
"flake": false,
"locked": {
@ -126,6 +142,36 @@
"type": "github"
}
},
"nixpkgs-21_05": {
"locked": {
"lastModified": 1625692408,
"narHash": "sha256-e9L3TLLDVIJpMnHtiNHJE62oOh6emRtSZ244bgYJUZs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c06613c25df3fe1dd26243847a3c105cf6770627",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-21.05",
"type": "indirect"
}
},
"nixpkgs-21_11": {
"locked": {
"lastModified": 1638371214,
"narHash": "sha256-0kE6KhgH7n0vyuX4aUoGsGIQOqjIx2fJavpCWtn73rc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a640d8394f34714578f3e6335fc767d0755d78f9",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-21.11",
"type": "indirect"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1642707142,
@ -163,10 +209,35 @@
"neovim-nightly-overlay": "neovim-nightly-overlay",
"nixpkgs": "nixpkgs_2",
"nur": "nur",
"simple-nixos-mailserver": "simple-nixos-mailserver",
"sops-nix": "sops-nix",
"unstable": "unstable"
}
},
"simple-nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-21_05": "nixpkgs-21_05",
"nixpkgs-21_11": "nixpkgs-21_11",
"utils": "utils"
},
"locked": {
"lastModified": 1638911354,
"narHash": "sha256-hNhzLOp+dApEY15vwLAQZu+sjEQbJcOXCaSfAT6lpsQ=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "6e3a7b2ea6f0d68b82027b988aa25d3423787303",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"type": "gitlab"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
@ -202,6 +273,21 @@
"repo": "nixpkgs",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1605370193,
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5021eac20303a61fafe17224c087f5519baed54d",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",

5
flake.nix
View file

@ -26,6 +26,11 @@
inputs.nixpkgs.follows = "nixpkgs";
};
simple-nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, home-manager, nixpkgs, unstable, sops-nix, neovim-nightly-overlay, nur, ... }@inputs:

1
lib/default.nix
View file

@ -20,6 +20,7 @@ in
sops-nix.nixosModules.sops
host-config
home-manager.nixosModules.home-manager
simple-nixos-mailserver.nixosModule
{
home-manager.useUserPackages = true;
home-manager.useGlobalPkgs = true;

12
machines/lisa/default.nix
View file

@ -26,10 +26,18 @@
subdomain = "ci";
};
zfs-mails = {
enable = true;
enable = false;
name = "lisa";
smart.enable = false;
};
docs = {
enable = true;
nginx = {
enable = true;
subdomain = "docs";
};
};
mailserver.enable = true;
};
@ -51,10 +59,10 @@
prefixLength = 120;
}];
networking.nameservers = [ "8.8.8.8" ];
networking.hostId = "fbb334ae";
services.zfs.autoSnapshot.enable = true;
services.zfs.autoScrub.enable = true;
system.stateVersion = "21.11";
}

55
modules/docs/default.nix Normal file
View file

@ -0,0 +1,55 @@
{ lib, pkgs, config, ... }:
with lib;
let
cfg = config.luj.docs;
port = 3013;
in
{
options.luj.docs = {
enable = mkEnableOption "activate hedgedoc service";
nginx.enable = mkEnableOption "activate nginx";
nginx.subdomain = mkOption {
type = types.str;
};
};
config = mkIf cfg.enable (
mkMerge [{
services.hedgedoc = {
enable = true;
configuration = {
port = port;
db = {
dialect = "postgres";
host = "/run/postgresql";
};
domain = "docs.julienmalka.me";
protocolUseSSL = true;
allowFreeURL = true;
allowEmailRegister = false;
allowAnonymous = false;
allowAnonymousEdits = true;
allowGravatar = true;
};
};
services.postgresql = {
ensureDatabases = [ "hedgedoc" ];
ensureUsers = [
{
name = "hedgedoc";
ensurePermissions."DATABASE hedgedoc" = "ALL PRIVILEGES";
}
];
};
}
(mkIf cfg.nginx.enable (mkSubdomain cfg.nginx.subdomain port))]);
}

39
modules/mailserver/default.nix Normal file
View file

@ -0,0 +1,39 @@
{ pkgs, config, lib, inputs, ... }:
let
cfg = config.luj.mailserver;
in
with lib;
{
options.luj.mailserver = {
enable = mkEnableOption "Enable mailserver";
};
config = mkIf cfg.enable
{
mailserver = {
enable = true;
fqdn = "mail.julienmalka.me";
domains = [ "malka.sh" "ens.school" ];
# A list of all login accounts. To create the password hashes, use
# nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
loginAccounts = {
"julien@malka.sh" = {
hashedPasswordFile = "/run/secrets/malkash-pw";
aliases = [ "postmaster@malka.sh" ];
};
"julien.malka@ens.school" = {
hashedPasswordFile = "/run/secrets/ensmailmalka-pw";
};
"camille.mondon@ens.school" = {
hashedPassword = "/run/secrets/ensmailmondon-pw";
};
};
certificateScheme = 3;
};
sops.secrets.malkash-pw = { };
sops.secrets.ensmailmalka-pw = { };
sops.secrets.ensmailmondon-pw = { };
};
}