forked from Fachschaft/nixConfig
Compare commits
2 commits
1b8909b6b4
...
41c99daad0
Author | SHA1 | Date | |
---|---|---|---|
41c99daad0 | |||
1c827b5ed1 |
5 changed files with 185 additions and 66 deletions
118
flake.lock
118
flake.lock
|
@ -21,11 +21,11 @@
|
|||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1706830856,
|
||||
"narHash": "sha256-a0NYyp+h9hlb7ddVz4LUn1vT/PLwqfrWYcHMvFB1xYg=",
|
||||
"lastModified": 1709336216,
|
||||
"narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "b253292d9c0a5ead9bc98c4e9a26c6312e27d69f",
|
||||
"rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -35,14 +35,14 @@
|
|||
},
|
||||
"flake-utils": {
|
||||
"inputs": {
|
||||
"systems": "systems"
|
||||
"systems": "systems_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1701680307,
|
||||
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
|
||||
"lastModified": 1710146030,
|
||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
|
||||
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -53,11 +53,11 @@
|
|||
},
|
||||
"impermanence": {
|
||||
"locked": {
|
||||
"lastModified": 1706639736,
|
||||
"narHash": "sha256-CaG4j9+UwBDfinxxvJMo6yOonSmSo0ZgnbD7aj2Put0=",
|
||||
"lastModified": 1708968331,
|
||||
"narHash": "sha256-VUXLaPusCBvwM3zhGbRIJVeYluh2uWuqtj4WirQ1L9Y=",
|
||||
"owner": "nix-community",
|
||||
"repo": "impermanence",
|
||||
"rev": "cd13c2917eaa68e4c49fea0ff9cada45440d7045",
|
||||
"rev": "a33ef102a02ce77d3e39c25197664b7a636f9c30",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -71,16 +71,14 @@
|
|||
"blobs": "blobs",
|
||||
"flake-compat": [],
|
||||
"nixpkgs": [],
|
||||
"nixpkgs-23_05": "nixpkgs-23_05",
|
||||
"nixpkgs-23_11": "nixpkgs-23_11",
|
||||
"utils": "utils"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1706742486,
|
||||
"narHash": "sha256-sv/MISTeD0rqeVivpZJpynboMWJp6i62OmrZX1rGl38=",
|
||||
"lastModified": 1710449465,
|
||||
"narHash": "sha256-2orO8nfplp6uQJBFqKkj1iyNMC6TysmwbWwbb4osTag=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "9e36323ae3dde787f761420465c3ae560f3dbf29",
|
||||
"revCount": 577,
|
||||
"rev": "79c8cfcd5873a85559da6201b116fb38b490d030",
|
||||
"revCount": 582,
|
||||
"type": "git",
|
||||
"url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git"
|
||||
},
|
||||
|
@ -91,11 +89,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1707092692,
|
||||
"narHash": "sha256-ZbHsm+mGk/izkWtT4xwwqz38fdlwu7nUUKXTOmm4SyE=",
|
||||
"lastModified": 1711703276,
|
||||
"narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "faf912b086576fd1a15fca610166c98d47bc667e",
|
||||
"rev": "d8fe5e6c92d0d190646fb9f1056741a229980089",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -105,44 +103,14 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-23_05": {
|
||||
"locked": {
|
||||
"lastModified": 1704290814,
|
||||
"narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-23.05",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixpkgs-23_11": {
|
||||
"locked": {
|
||||
"lastModified": 1706098335,
|
||||
"narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a77ab169a83a4175169d78684ddd2e54486ac651",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-23.11",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixpkgs-lib": {
|
||||
"locked": {
|
||||
"dir": "lib",
|
||||
"lastModified": 1706550542,
|
||||
"narHash": "sha256-UcsnCG6wx++23yeER4Hg18CXWbgNpqNXcHIo5/1Y+hc=",
|
||||
"lastModified": 1709237383,
|
||||
"narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "97b17f32362e475016f942bbdfda4a4a72a8a652",
|
||||
"rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -155,16 +123,16 @@
|
|||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1705957679,
|
||||
"narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=",
|
||||
"lastModified": 1711233294,
|
||||
"narHash": "sha256-eEu5y4J145BYDw9o/YEmeJyqh8blgnZwuz9k234zuWc=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "9a333eaa80901efe01df07eade2c16d183761fa3",
|
||||
"rev": "ac6bdf6181666ebb4f90dd20f31e2fa66ede6b68",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "release-23.05",
|
||||
"ref": "release-23.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
|
@ -178,11 +146,11 @@
|
|||
"nixpkgs-stable": []
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1706424699,
|
||||
"narHash": "sha256-Q3RBuOpZNH2eFA1e+IHgZLAOqDD9SKhJ/sszrL8bQD4=",
|
||||
"lastModified": 1711760932,
|
||||
"narHash": "sha256-DqUTQ2iAAqSDwMhKBqvi24v0Oc7pD3LCK/0FCG//TdA=",
|
||||
"owner": "cachix",
|
||||
"repo": "pre-commit-hooks.nix",
|
||||
"rev": "7c54e08a689b53c8a1e5d70169f2ec9e2a68ffaf",
|
||||
"rev": "c11e43aed6f17336c25cd120eac886b96c455731",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -209,11 +177,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1707015547,
|
||||
"narHash": "sha256-YZr0OrqWPdbwBhxpBu69D32ngJZw8AMgZtJeaJn0e94=",
|
||||
"lastModified": 1711249319,
|
||||
"narHash": "sha256-N+Pp3/8H+rd7cO71VNV/ovV/Kwt+XNeUHNhsmyTabdM=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "23f61b897c00b66855074db471ba016e0cda20dd",
|
||||
"rev": "405987a66cce9a4a82f321f11b205982a7127c88",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -237,13 +205,31 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"systems_2": {
|
||||
"locked": {
|
||||
"lastModified": 1605370193,
|
||||
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"inputs": {
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1709126324,
|
||||
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "5021eac20303a61fafe17224c087f5519baed54d",
|
||||
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
20
nixos/machines/lobon/configuration.nix
Normal file
20
nixos/machines/lobon/configuration.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
../../modules/mailman.nix
|
||||
../../roles
|
||||
../../roles/vm.nix
|
||||
./network.nix
|
||||
];
|
||||
|
||||
# System configuration here
|
||||
|
||||
services.mathebau-mailman = {
|
||||
enable = true;
|
||||
hostName = "lists.mathebau.de";
|
||||
siteOwner = "root@mathebau.de";
|
||||
};
|
||||
|
||||
networking.hostName = "lobon";
|
||||
system.stateVersion = "23.11";
|
||||
}
|
30
nixos/machines/lobon/hardware-configuration.nix
Normal file
30
nixos/machines/lobon/hardware-configuration.nix
Normal file
|
@ -0,0 +1,30 @@
|
|||
{
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
imports = [];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "root";
|
||||
fsType = "tmpfs";
|
||||
options = ["size=512M" "mode=755"];
|
||||
};
|
||||
fileSystems."/persist" = {
|
||||
device = "/dev/disk/by-label/nixos";
|
||||
fsType = "btrfs";
|
||||
options = ["subvol=persist"];
|
||||
neededForBoot = true;
|
||||
};
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-label/boot";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/nix" = {
|
||||
device = "/dev/disk/by-label/nixos";
|
||||
fsType = "btrfs";
|
||||
options = ["subvol=nix"];
|
||||
};
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
}
|
16
nixos/machines/lobon/network.nix
Normal file
16
nixos/machines/lobon/network.nix
Normal file
|
@ -0,0 +1,16 @@
|
|||
# We sohuld put that config somewhere in roles and give it a parameter or something,
|
||||
# everyone gets the same nameserver and the same prefixLength and address vs defaultGateway alsways
|
||||
# depend on the same thing
|
||||
{
|
||||
imports = [];
|
||||
networking = {
|
||||
interfaces.enX0.ipv4.addresses = [
|
||||
{
|
||||
address = "192.168.0.22";
|
||||
prefixLength = 16;
|
||||
}
|
||||
];
|
||||
defaultGateway = "192.168.0.149";
|
||||
nameservers = ["130.83.2.22" "130.83.56.60" "130.83.22.60" "130.82.22.63"];
|
||||
};
|
||||
}
|
67
nixos/modules/mailman.nix
Normal file
67
nixos/modules/mailman.nix
Normal file
|
@ -0,0 +1,67 @@
|
|||
# Adapted and simplified from https://nixos.wiki/wiki/Mailman
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
inherit
|
||||
(lib)
|
||||
mkIf
|
||||
mkEnableOption
|
||||
mkOption
|
||||
;
|
||||
inherit (lib.types) str;
|
||||
cfg = config.services.mathebau-mailman;
|
||||
in {
|
||||
options.services.mathebau-mailman = {
|
||||
enable = mkEnableOption "mathebau mailman service";
|
||||
hostName = mkOption {
|
||||
type = str;
|
||||
};
|
||||
siteOwner = mkOption {
|
||||
type = str;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services = {
|
||||
postfix = {
|
||||
enable = true;
|
||||
relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"];
|
||||
sslCert = config.security.acme.certs.${cfg.hostName}.directory + "/full.pem";
|
||||
sslKey = config.security.acme.certs.${cfg.hostName}.directory + "/key.pem";
|
||||
config = {
|
||||
transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
|
||||
local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
|
||||
proxy_interfaces = "130.83.2.184";
|
||||
smtputf8_enable = "no"; # HRZ does not know SMTPUTF8
|
||||
};
|
||||
relayHost = "mailout.hrz.tu-darmstadt.de"; # Relay to HRZ
|
||||
};
|
||||
mailman = {
|
||||
enable = true;
|
||||
inherit (cfg) siteOwner;
|
||||
hyperkitty.enable = true;
|
||||
webHosts = [cfg.hostName];
|
||||
serve.enable = true; #
|
||||
};
|
||||
nginx.virtualHosts.${cfg.hostName} = {
|
||||
enableACME = true;
|
||||
forceSSL = false;
|
||||
};
|
||||
};
|
||||
|
||||
environment.persistence.${config.impermanence.name} = {
|
||||
directories = [
|
||||
"/var/lib/acme" # Persist TLS keys and account
|
||||
"/var/lib/mailman"
|
||||
"/var/lib/mailman-web"
|
||||
];
|
||||
};
|
||||
|
||||
security.acme.defaults.email = cfg.siteOwner;
|
||||
security.acme.acceptTerms = true;
|
||||
|
||||
networking.firewall.allowedTCPPorts = [25 80 443];
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue