From 263b5b9b47596de4ec5e16b5613c1f943de7768d Mon Sep 17 00:00:00 2001 From: Gonne Date: Mon, 5 Feb 2024 21:36:51 +0100 Subject: [PATCH] Lobons Testconfig --- nixos/machines/lobon/configuration.nix | 20 ++++++ .../machines/lobon/hardware-configuration.nix | 34 ++++++++++ nixos/machines/lobon/network.nix | 16 +++++ nixos/modules/mailman.nix | 65 +++++++++++++++++++ 4 files changed, 135 insertions(+) create mode 100644 nixos/machines/lobon/configuration.nix create mode 100644 nixos/machines/lobon/hardware-configuration.nix create mode 100644 nixos/machines/lobon/network.nix create mode 100644 nixos/modules/mailman.nix diff --git a/nixos/machines/lobon/configuration.nix b/nixos/machines/lobon/configuration.nix new file mode 100644 index 0000000..8c5252c --- /dev/null +++ b/nixos/machines/lobon/configuration.nix @@ -0,0 +1,20 @@ +{ + imports = [ + ./hardware-configuration.nix + ../../modules/mailman.nix + ../../roles + ../../roles/vm.nix + ./network.nix + ]; + + # System configuration here + + services.mathebau-mailman = { + enable = true; + hostName = "lists.mathebau.de"; + siteOwner = "root@mathebau.de"; + }; + + networking.hostName = "lobon"; + system.stateVersion = "23.11"; +} diff --git a/nixos/machines/lobon/hardware-configuration.nix b/nixos/machines/lobon/hardware-configuration.nix new file mode 100644 index 0000000..3e9d221 --- /dev/null +++ b/nixos/machines/lobon/hardware-configuration.nix @@ -0,0 +1,34 @@ +{ + lib, + pkgs, + ... +}: { + imports = []; + + fileSystems."/" = { + device = "root"; + fsType = "tmpfs"; + options = ["size=1G" "mode=755"]; + }; + fileSystems."/persist" = { + device = "/dev/disk/by-label/nixos"; + fsType = "btrfs"; + options = ["subvol=persist"]; + neededForBoot = true; + }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/boot"; + fsType = "ext4"; + }; + fileSystems."/nix" = { + device = "/dev/disk/by-label/nixos"; + fsType = "btrfs"; + options = ["subvol=nix"]; + }; + fileSystems."/var/lib/mailman3" = { + device = "/dev/disk/by-label/mailman"; + fsType = "ext4"; + }; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/nixos/machines/lobon/network.nix b/nixos/machines/lobon/network.nix new file mode 100644 index 0000000..23ad3e8 --- /dev/null +++ b/nixos/machines/lobon/network.nix @@ -0,0 +1,16 @@ +# We sohuld put that config somewhere in roles and give it a parameter or something, +# everyone gets the same nameserver and the same prefixLength and address vs defaultGateway alsways +# depend on the same thing +{ + imports = []; + networking = { + interfaces.enX0.ipv4.addresses = [ + { + address = "192.168.0.22"; + prefixLength = 16; + } + ]; + defaultGateway = "192.168.0.149"; + nameservers = ["130.83.2.22" "130.83.56.60" "130.83.22.60" "130.82.22.63"]; + }; +} diff --git a/nixos/modules/mailman.nix b/nixos/modules/mailman.nix new file mode 100644 index 0000000..320d3cf --- /dev/null +++ b/nixos/modules/mailman.nix @@ -0,0 +1,65 @@ +# Adapted and simplified from https://nixos.wiki/wiki/Mailman +{ + config, + lib, + ... +}: let + inherit + (lib) + mkIf + mkEnableOption + mkOption + ; + inherit (lib.types) str; + cfg = config.services.mathebau-mailman; +in { + options.services.mathebau-mailman = { + enable = mkEnableOption "mathebau mailman service"; + hostName = mkOption { + type = str; + }; + siteOwner = mkOption { + type = str; + }; + }; + + config = mkIf cfg.enable { + services = { + postfix = { + enable = true; + relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"]; + sslCert = config.security.acme.certs.${cfg.hostName}.directory + "/full.pem"; + sslKey = config.security.acme.certs.${cfg.hostName}.directory + "/key.pem"; + config = { + transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"]; + local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"]; + proxy_interfaces = "130.83.2.184"; + smtputf8_enable = "no"; # HRZ does not know SMTPUTF8 + }; + relayHost = "mailout.hrz.tu-darmstadt.de"; # Relay to HRZ + }; + mailman = { + enable = true; + inherit (cfg) siteOwner; + hyperkitty.enable = true; + webHosts = [cfg.hostName]; + serve.enable = true; # + }; + nginx.virtualHosts.${cfg.hostName} = { + enableACME = true; + forceSSL = false; + }; + }; + + environment.persistence.${config.impermanence.name} = { + directories = [ + "/var/lib/acme" # Persist TLS keys and account + ]; + }; + + security.acme.defaults.email = cfg.siteOwner; + security.acme.acceptTerms = true; + + networking.firewall.allowedTCPPorts = [25 80 443]; + }; +}