From e1319341a8e9a458fb88ac75bc9fd1057ba2751b Mon Sep 17 00:00:00 2001
From: Julien Malka <julien.malka@me.com>
Date: Sun, 23 Jan 2022 19:11:10 +0100
Subject: [PATCH] Added mailserver and hedgedoc service

---
 flake.lock                     | 86 ++++++++++++++++++++++++++++++++++
 flake.nix                      |  5 ++
 lib/default.nix                |  1 +
 machines/lisa/default.nix      | 12 ++++-
 modules/docs/default.nix       | 55 ++++++++++++++++++++++
 modules/mailserver/default.nix | 39 +++++++++++++++
 6 files changed, 196 insertions(+), 2 deletions(-)
 create mode 100644 modules/docs/default.nix
 create mode 100644 modules/mailserver/default.nix

diff --git a/flake.lock b/flake.lock
index 59a6768..3aad045 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,21 @@
 {
   "nodes": {
+    "blobs": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1604995301,
+        "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
+        "owner": "simple-nixos-mailserver",
+        "repo": "blobs",
+        "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "simple-nixos-mailserver",
+        "repo": "blobs",
+        "type": "gitlab"
+      }
+    },
     "flake-compat": {
       "flake": false,
       "locked": {
@@ -126,6 +142,36 @@
         "type": "github"
       }
     },
+    "nixpkgs-21_05": {
+      "locked": {
+        "lastModified": 1625692408,
+        "narHash": "sha256-e9L3TLLDVIJpMnHtiNHJE62oOh6emRtSZ244bgYJUZs=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c06613c25df3fe1dd26243847a3c105cf6770627",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-21.05",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs-21_11": {
+      "locked": {
+        "lastModified": 1638371214,
+        "narHash": "sha256-0kE6KhgH7n0vyuX4aUoGsGIQOqjIx2fJavpCWtn73rc=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "a640d8394f34714578f3e6335fc767d0755d78f9",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-21.11",
+        "type": "indirect"
+      }
+    },
     "nixpkgs_2": {
       "locked": {
         "lastModified": 1642707142,
@@ -163,10 +209,35 @@
         "neovim-nightly-overlay": "neovim-nightly-overlay",
         "nixpkgs": "nixpkgs_2",
         "nur": "nur",
+        "simple-nixos-mailserver": "simple-nixos-mailserver",
         "sops-nix": "sops-nix",
         "unstable": "unstable"
       }
     },
+    "simple-nixos-mailserver": {
+      "inputs": {
+        "blobs": "blobs",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-21_05": "nixpkgs-21_05",
+        "nixpkgs-21_11": "nixpkgs-21_11",
+        "utils": "utils"
+      },
+      "locked": {
+        "lastModified": 1638911354,
+        "narHash": "sha256-hNhzLOp+dApEY15vwLAQZu+sjEQbJcOXCaSfAT6lpsQ=",
+        "owner": "simple-nixos-mailserver",
+        "repo": "nixos-mailserver",
+        "rev": "6e3a7b2ea6f0d68b82027b988aa25d3423787303",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "simple-nixos-mailserver",
+        "repo": "nixos-mailserver",
+        "type": "gitlab"
+      }
+    },
     "sops-nix": {
       "inputs": {
         "nixpkgs": [
@@ -202,6 +273,21 @@
         "repo": "nixpkgs",
         "type": "github"
       }
+    },
+    "utils": {
+      "locked": {
+        "lastModified": 1605370193,
+        "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "5021eac20303a61fafe17224c087f5519baed54d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
     }
   },
   "root": "root",
diff --git a/flake.nix b/flake.nix
index 8af00b1..482836e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -26,6 +26,11 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    simple-nixos-mailserver = {
+      url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
   };
 
   outputs = { self, home-manager, nixpkgs, unstable, sops-nix, neovim-nightly-overlay, nur, ... }@inputs:
diff --git a/lib/default.nix b/lib/default.nix
index 421270c..8c0f6f6 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -20,6 +20,7 @@ in
       sops-nix.nixosModules.sops
       host-config
       home-manager.nixosModules.home-manager
+      simple-nixos-mailserver.nixosModule
       {
         home-manager.useUserPackages = true;
         home-manager.useGlobalPkgs = true;
diff --git a/machines/lisa/default.nix b/machines/lisa/default.nix
index b7fcf1c..2862e76 100644
--- a/machines/lisa/default.nix
+++ b/machines/lisa/default.nix
@@ -26,10 +26,18 @@
       subdomain = "ci";
     };
     zfs-mails = {
-      enable = true;
+      enable = false;
       name = "lisa";
       smart.enable = false;
     };
+    docs = {
+      enable = true;
+      nginx = {
+        enable = true;
+        subdomain = "docs";
+      };
+    };
+    mailserver.enable = true;
 
   };
 
@@ -51,10 +59,10 @@
     prefixLength = 120;
   }];
 
+  networking.nameservers = [ "8.8.8.8" ];
   networking.hostId = "fbb334ae";
   services.zfs.autoSnapshot.enable = true;
   services.zfs.autoScrub.enable = true;
 
-
   system.stateVersion = "21.11";
 }
diff --git a/modules/docs/default.nix b/modules/docs/default.nix
new file mode 100644
index 0000000..22dfbc8
--- /dev/null
+++ b/modules/docs/default.nix
@@ -0,0 +1,55 @@
+{ lib, pkgs, config, ... }:
+with lib;
+let
+  cfg = config.luj.docs;
+  port = 3013;
+in
+{
+
+  options.luj.docs = {
+
+    enable = mkEnableOption "activate hedgedoc service";
+    nginx.enable = mkEnableOption "activate nginx";
+    nginx.subdomain = mkOption {
+      type = types.str;
+    };
+
+  };
+
+  config = mkIf cfg.enable (
+    mkMerge [{
+      services.hedgedoc = {
+        enable = true;
+        configuration = {
+          port = port;
+          db = {
+            dialect = "postgres";
+            host = "/run/postgresql";
+          };
+          domain = "docs.julienmalka.me";
+          protocolUseSSL = true;
+          allowFreeURL = true;
+          allowEmailRegister = false;
+          allowAnonymous = false;
+          allowAnonymousEdits = true;
+          allowGravatar = true;
+        };
+      };
+      services.postgresql = {
+        ensureDatabases = [ "hedgedoc" ];
+        ensureUsers = [
+          {
+            name = "hedgedoc";
+            ensurePermissions."DATABASE hedgedoc" = "ALL PRIVILEGES";
+          }
+        ];
+      };
+    }
+
+      (mkIf cfg.nginx.enable (mkSubdomain cfg.nginx.subdomain port))]);
+
+
+
+
+
+}
diff --git a/modules/mailserver/default.nix b/modules/mailserver/default.nix
new file mode 100644
index 0000000..791217b
--- /dev/null
+++ b/modules/mailserver/default.nix
@@ -0,0 +1,39 @@
+{ pkgs, config, lib, inputs, ... }:
+let
+  cfg = config.luj.mailserver;
+in
+with lib;
+{
+  options.luj.mailserver = {
+    enable = mkEnableOption "Enable mailserver";
+  };
+
+  config = mkIf cfg.enable
+    {
+      mailserver = {
+        enable = true;
+        fqdn = "mail.julienmalka.me";
+        domains = [ "malka.sh" "ens.school" ];
+
+        # A list of all login accounts. To create the password hashes, use
+        # nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
+        loginAccounts = {
+          "julien@malka.sh" = {
+            hashedPasswordFile = "/run/secrets/malkash-pw";
+            aliases = [ "postmaster@malka.sh" ];
+          };
+          "julien.malka@ens.school" = {
+            hashedPasswordFile = "/run/secrets/ensmailmalka-pw";
+          };
+          "camille.mondon@ens.school" = {
+            hashedPassword = "/run/secrets/ensmailmondon-pw";
+          };
+        };
+        certificateScheme = 3;
+      };
+
+      sops.secrets.malkash-pw = { };
+      sops.secrets.ensmailmalka-pw = { };
+      sops.secrets.ensmailmondon-pw = { };
+    };
+}