forked from Fachschaft/nixConfig
90 lines
2.8 KiB
Nix
90 lines
2.8 KiB
Nix
{config, ...}: {
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
../../modules/mail.nix
|
|
../../roles
|
|
../../roles/vm.nix
|
|
../../modules/vmNetwork.nix
|
|
];
|
|
|
|
# System configuration here
|
|
services.mathebau-mail = {
|
|
enable = true;
|
|
stalwartAdmin = config.sops.secrets.stalwartAdmin.path;
|
|
# see passwd on azathoth for plaintext or machine secret in encoded format for HTTP Basic AUTH
|
|
stalwartAdminHash = "$argon2i$v=19$m=4096,t=3,p=1$d0hYOTkzclpzSmFTZUplWnhVeWE$I7q9uB19RWL0oZKaPlMPSlGfFp6FQ/vrx80FFKCsalg";
|
|
domains = [
|
|
# lists.mathebau.de is forwarded to another VM and does not need to be listed here.
|
|
{
|
|
domain = "matheball.de";
|
|
allowlistPass = config.sops.secrets."allowlistPass/matheball".path;
|
|
}
|
|
{
|
|
domain = "mathebau.de";
|
|
allowlistPass = config.sops.secrets."allowlistPass/mathebau".path;
|
|
virt_aliases = config.sops.secrets."mathebau.aliases".path;
|
|
}
|
|
{
|
|
domain = "mathechor.de";
|
|
allowlistPass = config.sops.secrets."allowlistPass/mathechor".path;
|
|
virt_aliases = config.sops.secrets."mathechor.aliases".path;
|
|
}
|
|
{
|
|
domain = "koma89.tu-darmstadt.de";
|
|
allowlistPass = config.sops.secrets."allowlistPass/koma".path;
|
|
virt_aliases = config.sops.secrets."koma.aliases".path;
|
|
}
|
|
];
|
|
};
|
|
|
|
networking.hostName = "kaalut";
|
|
vmNetwork.ipv4 = "192.168.0.17";
|
|
system.stateVersion = "24.05";
|
|
|
|
sops.secrets = let
|
|
allowlistSops = {
|
|
sopsFile = ./allowlistPass.yaml;
|
|
owner = "stalwart-mail";
|
|
group = "stalwart-mail";
|
|
mode = "0400";
|
|
};
|
|
in {
|
|
# Password for the HRZ API that gets a list of mailaddresses that we serve
|
|
"allowlistPass/matheball" = allowlistSops;
|
|
"allowlistPass/mathebau" = allowlistSops;
|
|
"allowlistPass/mathechor" = allowlistSops;
|
|
"allowlistPass/koma" = allowlistSops;
|
|
# Virtual alias file
|
|
"mathebau.aliases" = {
|
|
sopsFile = ./mathebau.aliases.yaml;
|
|
owner = "stalwart-mail";
|
|
group = "stalwart-mail";
|
|
mode = "0440";
|
|
};
|
|
"mathechor.aliases" = {
|
|
sopsFile = ./mathechor.aliases.yaml;
|
|
owner = "stalwart-mail";
|
|
group = "stalwart-mail";
|
|
mode = "0440";
|
|
};
|
|
"koma.aliases" = {
|
|
sopsFile = ./koma.aliases.yaml;
|
|
owner = "stalwart-mail";
|
|
group = "stalwart-mail";
|
|
mode = "0440";
|
|
};
|
|
# password for https://stalw.art/docs/auth/authorization/administrator/#fallback-administrator encoded to be supplied in the basic auth header
|
|
stalwartAdmin = {
|
|
sopsFile = ./stalwartAdmin.yaml;
|
|
owner = "stalwart-mail";
|
|
group = "stalwart-mail";
|
|
mode = "0400";
|
|
};
|
|
backupKey = {
|
|
sopsFile = ./backupKey.yaml;
|
|
owner = "root";
|
|
group = "root";
|
|
mode = "0400";
|
|
};
|
|
};
|
|
}
|