maralorn/nixos-config
1
0
Fork 0
Code Wiki Activity

Remove charon

Browse source
This commit is contained in:
Malte Brandy 2019-03-02 16:02:30 +01:00
parent f295017afc
commit 00020e56d2
7 changed files with 0 additions and 386 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

61
hosts/charon/configuration.nix
View file

@ -1,61 +0,0 @@
{ config, pkgs, ... }:
{
system.stateVersion = "17.03";
networking = {
hostName = "charon.olymp.space";
interfaces.ens3 = {
ipv4.addresses = [{ address = "45.32.154.139"; prefixLength = 22; }];
ipv6.addresses = [{ address = "2001:19f0:6c01:b0d::1"; prefixLength = 64; }];
};
defaultGateway = "45.32.152.1";
nameservers = [ "108.61.10.10" "2001:19f0:300:1704::6" ];
};
imports = [
./hardware-configuration.nix
../../host-common/common.nix
../../host-common/init_ssh.nix
/etc/nixos/local/config.nix
./dav.nix
./mail.nix
./matrix.nix
./web.nix
];
boot.initrd.network.postCommands = "ip address add 2001:19f0:6c01:b0d::b007/64 dev eth0";
boot.initrd.postMountCommands = "ip link set eth0 down";
users.users = {
choreutes = {
description = "Tobias Schmalz";
isNormalUser = true;
passwordFile = "/etc/nixos/local/pw-choreutes";
};
swantje = {
description = "Swantje Mahncke";
isNormalUser = true;
passwordFile = "/etc/nixos/local/pw-swantje";
};
};
services = {
# Taskserver
# taskserver = {
# enable = true;
# fqdn = config.networking.hostName;
# listenHost = "::";
# organisations.users.users = [ "maralorn" ];
# config = { request.limit = 0; };
# };
};
boot.loader.grub = {
enable = true;
version = 2;
device = "/dev/vda";
};
}

24
hosts/charon/dav.nix
View file

@ -1,24 +0,0 @@
{ pkgs, ... }:
{
services = {
radicale = {
enable = true;
package = pkgs.radicale2;
config = ''
[auth]
type = http_x_remote_user
'';
};
nginx = {
virtualHosts."dav.maralorn.de" = {
forceSSL = true;
enableACME = true;
# See /etc/nixos/local/ für basic_auth pw.
locations."/" = {
proxyPass = "http://127.0.0.1:5232";
extraConfig = "proxy_set_header X-Remote-User $remote_user;";
};
};
};
};
}

30
hosts/charon/hardware-configuration.nix
View file

@ -1,30 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/c0311786-f760-4834-bb92-6c6c0dd8943a";
fsType = "ext4";
};
boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/051f74d2-c0dd-4fbe-b007-0d728acf3a91";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/211c5a28-7243-4bfe-982c-7c31186ec9b7";
fsType = "ext4";
};
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 1;
}

16
hosts/charon/home.nix
View file

@ -1,16 +0,0 @@
{
imports = [
../../home-common/default.nix
../../home-common/my-systems.nix
./morgenreport.nix
./sort-mail.nix
];
home.forceCopies.paths = [ ".dovecot.sieve" ];
home.file = {
sieve-rules = {
target = ".dovecot.sieve";
text = builtins.readFile ./dovecot.sieve;
};
};
}

109
hosts/charon/mail.nix
View file

@ -1,109 +0,0 @@
{ config, pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [ 25 587 443 993 ];
users.users = {
dovecot2.extraGroups = ["mail-cert"];
postfix.extraGroups = ["mail-cert"];
};
users.groups = {
mail-cert = {};
};
security.acme.certs = {
"charon.olymp.space" = {
email = "malte.brandy@maralorn.de";
postRun = "systemctl restart postfix dovecot2";
allowKeysForGroup = true;
group = "mail-cert";
extraDomains = {
"maralorn.de" = null;
};
};
};
services = {
# Mailserver
rspamd.enable = true;
rmilter = {
enable = true;
socketActivation = false;
rspamd = {
extraConfig = ''
extended_spam_headers = true;
'';
enable = true;
};
postfix.enable = true;
};
dovecot2 = {
enable = true;
enablePop3 = false;
modules = [ pkgs.dovecot_pigeonhole ];
sslServerCert = "/var/lib/acme/charon.olymp.space/fullchain.pem";
sslServerKey = "/var/lib/acme/charon.olymp.space/key.pem";
extraConfig =
''
postmaster_address=postmaster@charon.olymp.space
ssl = required
service auth {
unix_listener /var/lib/postfix/queue/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
protocol lda {
mail_plugins = $mail_plugins sieve
}
plugin {
sieve_extensions = +vnd.dovecot.duplicate
}
'';
};
postfix = {
enable = true;
enableSubmission = true;
rootAlias = "maralorn";
sslCert = "/var/lib/acme/charon.olymp.space/fullchain.pem";
sslKey = "/var/lib/acme/charon.olymp.space/key.pem";
extraAliases =
''
junge-erwachsene: :include:/etc/nixos/local/lists/junge-erwachsene
je-orga: :include:/etc/nixos/local/lists/je-orga
'';
lookupMX = true;
extraConfig =
''
message_size_limit = 100000000
mailbox_size_limit = 100000000
mailbox_command = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT" -d "$USER"
virtual_alias_domains = maralorn.de, choreutes.de, olymp.space, mathechor.de
smtp_bind_address6 = 2001:19f0:6c01:b0d::1
smtp_tls_security_level = may
smtpd_tls_security_level = may
'';
virtual =
''
junge-erwachsene@maralorn.de junge-erwachsene
je-orga@maralorn.de je-orga
@maralorn.de maralorn
@mathechor.de maralorn
@olymp.space maralorn
@choreutes.de choreutes
'';
submissionOptions = {
milter_macro_daemon_name = "ORIGINATING";
smtpd_tls_security_level = "encrypt";
smtpd_sasl_type = "dovecot";
smtpd_sasl_auth_enable = "yes";
smtpd_sasl_path = "private/auth";
smtpd_recipient_restrictions = "permit_sasl_authenticated,reject";
};
};
};
}

83
hosts/charon/matrix.nix
View file

@ -1,83 +0,0 @@
{ config, pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [ 8448 ];
users.users = {
matrix-synapse.extraGroups = ["matrix-cert"];
};
users.groups = {
matrix-cert = {};
};
security.acme.certs = {
"matrix.maralorn.de" = {
email = "malte.brandy@maralorn.de";
postRun = "systemctl restart matrix-synapse";
allowKeysForGroup = true;
group = "matrix-cert";
extraDomains = {
"maralorn.de" = null;
};
};
};
services = {
nginx = {
enable = true;
virtualHosts."matrix.maralorn.de" = {
forceSSL = true;
enableACME = true;
locations = {
"/_matrix" = {
proxyPass = "http://[::1]:8008";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $remote_addr;
'';
};
};
};
};
# Postgres
postgresql = {
enable = true;
package = pkgs.postgresql96;
};
# Synapse
matrix-synapse = {
enable = true;
package = pkgs.matrix-synapse;
server_name = "maralorn.de";
database_type = "psycopg2";
max_upload_size = "30M";
create_local_database = false;
database_args = {
user = "matrix-synapse";
database = "matrix-synapse";
cp_min = "5";
cp_max = "10";
};
report_stats = true;
tls_certificate_path = "/var/lib/acme/matrix.maralorn.de/fullchain.pem";
tls_private_key_path = "/var/lib/acme/matrix.maralorn.de/key.pem";
listeners = [
{
port = 8448;
bind_address = "::";
resources = [ { compress = true; names = [ "client" ]; } { compress = false; names = [ "federation" ]; } ];
x_forwarded = false;
}
{
port = 8008;
bind_address = "::1";
resources = [ { compress = false; names = [ "client" ]; } { compress = false; names = [ "federation" ]; } ];
x_forwarded = true;
tls = false;
}
];
};
};
}

63
hosts/charon/web.nix
View file

@ -1,63 +0,0 @@
{
networking.firewall.allowedTCPPorts = [ 80 443 ];
services = {
nginx = {
enable = true;
virtualHosts."mathechor.de" = {
serverAliases = ["www.mathechor.de"];
forceSSL = true;
enableACME = true;
locations = {
"~* Makefile".extraConfig = "deny all;";
"/" = {
root = "/var/www/mathechor/public";
index = "index.html";
extraConfig = "location ~* \.(otf)$ {add_header Access-Control-Allow-Origin *;}";
};
};
};
virtualHosts."intern.mathechor.de" = {
forceSSL = true;
enableACME = true;
# See /etc/nixos/local/ für basic_auth pw.
locations = {
"~* Makefile".extraConfig = "deny all;";
"/" = {
root = "/var/www/mathechor/intern";
index = "index.html";
};
"/mathechor.ics" = {
proxyPass ="http://127.0.0.1:5232/maralorn/23e21619-29c6-17eb-043f-8ab5af00b46b/";
extraConfig = ''
proxy_set_header X-Remote-User maralorn;
'';
};
};
};
virtualHosts."blog.maralorn.de" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
root = "/var/www/blog/output";
index = "index.html";
};
};
};
virtualHosts."charon.olymp.space" = {
forceSSL = true;
enableACME = true;
default = true;
locations = {
"/ved.ics" = {
proxyPass ="http://127.0.0.1:5232/maralorn/5a155c2c-1d87-e50d-874c-63f8858d1302/";
extraConfig = ''
proxy_set_header X-Remote-User maralorn;
'';
};
};
};
};
};
}