Lobons Testconfig

This commit is contained in:
Gonne 2024-02-05 21:36:51 +01:00
parent 4197474fec
commit 263b5b9b47
4 changed files with 135 additions and 0 deletions

View file

@ -0,0 +1,20 @@
{
imports = [
./hardware-configuration.nix
../../modules/mailman.nix
../../roles
../../roles/vm.nix
./network.nix
];
# System configuration here
services.mathebau-mailman = {
enable = true;
hostName = "lists.mathebau.de";
siteOwner = "root@mathebau.de";
};
networking.hostName = "lobon";
system.stateVersion = "23.11";
}

View file

@ -0,0 +1,34 @@
{
lib,
pkgs,
...
}: {
imports = [];
fileSystems."/" = {
device = "root";
fsType = "tmpfs";
options = ["size=1G" "mode=755"];
};
fileSystems."/persist" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=persist"];
neededForBoot = true;
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "ext4";
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=nix"];
};
fileSystems."/var/lib/mailman3" = {
device = "/dev/disk/by-label/mailman";
fsType = "ext4";
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

View file

@ -0,0 +1,16 @@
# We sohuld put that config somewhere in roles and give it a parameter or something,
# everyone gets the same nameserver and the same prefixLength and address vs defaultGateway alsways
# depend on the same thing
{
imports = [];
networking = {
interfaces.enX0.ipv4.addresses = [
{
address = "192.168.0.22";
prefixLength = 16;
}
];
defaultGateway = "192.168.0.149";
nameservers = ["130.83.2.22" "130.83.56.60" "130.83.22.60" "130.82.22.63"];
};
}

65
nixos/modules/mailman.nix Normal file
View file

@ -0,0 +1,65 @@
# Adapted and simplified from https://nixos.wiki/wiki/Mailman
{
config,
lib,
...
}: let
inherit
(lib)
mkIf
mkEnableOption
mkOption
;
inherit (lib.types) str;
cfg = config.services.mathebau-mailman;
in {
options.services.mathebau-mailman = {
enable = mkEnableOption "mathebau mailman service";
hostName = mkOption {
type = str;
};
siteOwner = mkOption {
type = str;
};
};
config = mkIf cfg.enable {
services = {
postfix = {
enable = true;
relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"];
sslCert = config.security.acme.certs.${cfg.hostName}.directory + "/full.pem";
sslKey = config.security.acme.certs.${cfg.hostName}.directory + "/key.pem";
config = {
transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
proxy_interfaces = "130.83.2.184";
smtputf8_enable = "no"; # HRZ does not know SMTPUTF8
};
relayHost = "mailout.hrz.tu-darmstadt.de"; # Relay to HRZ
};
mailman = {
enable = true;
inherit (cfg) siteOwner;
hyperkitty.enable = true;
webHosts = [cfg.hostName];
serve.enable = true; #
};
nginx.virtualHosts.${cfg.hostName} = {
enableACME = true;
forceSSL = false;
};
};
environment.persistence.${config.impermanence.name} = {
directories = [
"/var/lib/acme" # Persist TLS keys and account
];
};
security.acme.defaults.email = cfg.siteOwner;
security.acme.acceptTerms = true;
networking.firewall.allowedTCPPorts = [25 80 443];
};
}