2024-10-12 14:10:02 +00:00 · 2024-08-18 16:27:05 +00:00 · 2024-08-18 20:05:59 +00:00 · 2024-08-18 20:54:31 +00:00 · 2024-08-18 16:27:15 +00:00 · 2024-08-18 16:28:44 +00:00
3 changed files with 118 additions and 0 deletions
--- a/nixos/machines/lobon/configuration.nix
+++ b/nixos/machines/lobon/configuration.nix
@ -0,0 +1,21 @@
+{
+  imports = [
+    ./hardware-configuration.nix
+    ../../modules/mailman.nix
+    ../../roles
+    ../../roles/vm.nix
+    ../../modules/vmNetwork.nix
+  ];
+
+  # System configuration here
+
+  services.mathebau-mailman = {
+    enable = true;
+    hostName = "lists.mathebau.de";
+    siteOwner = "root@mathebau.de";
+  };
+
+  networking.hostName = "lobon";
+  vmNetwork.ipv4 = "192.168.0.22";
+  system.stateVersion = "23.11";
+}
--- a/nixos/machines/lobon/hardware-configuration.nix
+++ b/nixos/machines/lobon/hardware-configuration.nix
@ -0,0 +1,30 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [];
+
+  fileSystems."/" = {
+    device = "root";
+    fsType = "tmpfs";
+    options = ["size=1G" "mode=755"];
+  };
+  fileSystems."/persist" = {
+    device = "/dev/disk/by-label/nixos";
+    fsType = "btrfs";
+    options = ["subvol=persist"];
+    neededForBoot = true;
+  };
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/boot";
+    fsType = "ext4";
+  };
+  fileSystems."/nix" = {
+    device = "/dev/disk/by-label/nixos";
+    fsType = "btrfs";
+    options = ["subvol=nix"];
+  };
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
--- a/nixos/modules/mailman.nix
+++ b/nixos/modules/mailman.nix
@ -0,0 +1,67 @@
+# Adapted and simplified from https://nixos.wiki/wiki/Mailman
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit
+    (lib)
+    mkIf
+    mkEnableOption
+    mkOption
+    ;
+  inherit (lib.types) nonEmptyStr;
+  cfg = config.services.mathebau-mailman;
+in {
+  options.services.mathebau-mailman = {
+    enable = mkEnableOption "mathebau mailman service";
+    hostName = mkOption {
+      type = nonEmptyStr;
+    };
+    siteOwner = mkOption {
+      type = nonEmptyStr;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services = {
+      postfix = {
+        enable = true;
+        relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"];
+        sslCert = config.security.acme.certs.${cfg.hostName}.directory + "/full.pem";
+        sslKey = config.security.acme.certs.${cfg.hostName}.directory + "/key.pem";
+        config = {
+          transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
+          local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
+          proxy_interfaces = "130.83.2.184";
+          smtputf8_enable = "no"; # HRZ does not know SMTPUTF8
+        };
+        relayHost = "mailout.hrz.tu-darmstadt.de"; # Relay to HRZ
+      };
+      mailman = {
+        enable = true;
+        inherit (cfg) siteOwner;
+        hyperkitty.enable = true;
+        webHosts = [cfg.hostName];
+        serve.enable = true; #
+      };
+      nginx.virtualHosts.${cfg.hostName} = {
+        enableACME = true;
+        forceSSL = false;
+      };
+    };
+
+    environment.persistence.${config.impermanence.name} = {
+      directories = [
+        "/var/lib/acme" # Persist TLS keys and account
+        "/var/lib/mailman"
+        "/var/lib/mailman-web"
+      ];
+    };
+
+    security.acme.defaults.email = cfg.siteOwner;
+    security.acme.acceptTerms = true;
+
+    networking.firewall.allowedTCPPorts = [25 80 443];
+  };
+}