]> Git — Sourcephile - sourcephile-nix.git/blob - install/logical/friot.nix
sourcephile / git / sourcephile-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
postfix: fix LDAP SASL
[sourcephile-nix.git] / install / logical / friot.nix
1 {pkgs, lib, config, system, ...}:
2 let inherit (builtins.extraBuiltins) pass;
3 inherit (lib) types;
4 inherit (config) networking;
5 inherit (config.services) dovecot2;
6 userPass = name: pass "${networking.domainBase}/${networking.hostName}/login/${name}";
7 in {
8 imports = [
9 <nixpkgs-commonsoft/install/modules.nix>
10 ../overlays/tools/networking/shorewall/service.nix
11 ../overlays/tools/networking/shorewall6/service.nix
12 friot/dovecot.nix
13 friot/gitolite.nix
14 friot/nginx.nix
15 friot/nsd.nix
16 friot/postfix.nix
17 friot/postgrey.nix
18 friot/postgresql.nix
19 friot/rmilter.nix
20 #friot/redmine.nix
21 friot/shorewall.nix
22 friot/openldap.nix
23 #friot/discourse.nix
24 ];
25 options = {
26 enable = lib.mkEnableOption "friot";
27 networking.domainBase = lib.mkOption {
28 type = types.str;
29 description = "Base network name.";
30 example = "example";
31 };
32 networking.domainAliases = lib.mkOption {
33 type = types.listOf types.str;
34 description = "Domain aliases.";
35 example = [ "example.org" "example.net" ];
36 };
37 networking.zones = lib.mkOption {
38 type = types.attrsOf (types.submodule ({name, options, config, ...}: {
39 options = {
40 iface = lib.mkOption {
41 type = types.str;
42 description = "Interface name.";
43 example = "eth0";
44 };
45 ipv4 = lib.mkOption {
46 type = types.str;
47 description = "Static IPv4 address of the machine.";
48 example = "1.2.3.4";
49 };
50 ipv6 = lib.mkOption {
51 type = types.str;
52 description = "Static IPv6 address of the machine.";
53 example = "fe80::1";
54 };
55 };
56 }));
57 };
58 };
59 config = {
60 nixpkgs.overlays = import ../overlays.nix;
61 networking = {
62 domainBase = "commonsoft";
63 domain = "${networking.domainBase}.org";
64 domainAliases = [
65 "${networking.domainBase}.net"
66 "${networking.domainBase}.coop"
67 ];
68 };
69 users.mutableUsers = false;
70 users.users = {
71 root.initialPassword = userPass "root";
72 root.password = config.users.users.root.initialPassword;
73 julm = {
74 uid = 1000;
75 extraGroups = [ "sudo" ];
76 description = "Julien Moutinho";
77 home = "/home/julm";
78 shell = lib.mkDefault config.users.defaultUserShell;
79 group = "julm"; # FIXME: unknown group
80 initialPassword = userPass "julm";
81 password = config.users.users.julm.initialPassword;
82 };
83 };
84 users.groups = {
85 julm = {
86 gid = config.users.users.julm.uid;
87 };
88 };
89
90 boot.initrd = {
91 network = {
92 enable = config.deployment.targetEnv != "virtualbox";
93 ssh = {
94 enable = true;
95 authorizedKeys = [ (pass "${networking.domain}/ssh/pub/julm") ];
96 };
97 };
98 };
99
100 services = {
101 nixosManual = {
102 enable = false; # NOTE: useless on this machine, and CPU intensive.
103 };
104 redis = {
105 enable = true;
106 };
107 disnix = {
108 enable = false;
109 };
110 openssh = {
111 enable = true;
112 extraConfig = ''
113 '';
114 };
115 gitea = {
116 enable = false;
117 };
118 sssd = {
119 enable = false;
120 };
121 dovecot2 = {
122 #debug = true;
123 };
124 journald = {
125 extraConfig = ''
126 SystemMaxUse=50M
127 '';
128 };
129 x509 = {
130 domains =
131 lib.concatMap
132 (dom: map (sub: "${sub}.${dom}")
133 ["www" "git" "mail"])
134 ([networking.domain] ++ networking.domainAliases)
135 ++ networking.domainAliases;
136 };
137 #postfix.aliases = {
138 # "root@${networking.domain}" = [ "test@${networking.domain}" ];
139 # "postmaster@${networking.domain}" = [ "test@${networking.domain}" ];
140 # "abuse@${networking.domain}" = [ "test@${networking.domain}" ];
141 #};
142 #dovecot2.domains = {
143 # "${networking.domain}" = {
144 # accounts = {
145 # julm = {
146 # password = pass "${networking.domain}/mail/julm";
147 # # "${networking.domain}/dovecot2/julm";
148 # # "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
149 # aliases = ["julien.moutinho@${networking.domain}"];
150 # quota = "512M";
151 # };
152 # test = {
153 # password = pass "${networking.domain}/mail/test";
154 # # "${networking.domain}/dovecot2/test";
155 # # "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
156 # aliases = ["test-alias@${networking.domain}"];
157 # quota = "512M";
158 # };
159 # };
160 # };
161 #};
162 };
163 environment = {
164 systemPackages = with pkgs; [
165 htop
166 tree
167 vim
168 tcpdump
169 #mysql
170 #procmail
171 postgrey
172 duplicity
173 pypolicyd-spf
174 unbound
175 dropbear
176 cryptsetup
177 openssl
178 postgresql
179 openldap
180 #mail
181 #sympa
182 multitail
183 dnsutils
184 inetutils
185 binutils
186 mailutils
187 ncdu
188 cgit
189 #sssd
190 #docker
191 #nss_ldap
192 #nss_pam_ldapd
193 socat
194 users-init
195 which
196 ];
197 etc."inputrc".text = ''
198 # /etc/inputrc - global inputrc for libreadline
199 # See readline(3readline) and `info rluserman' for more information.
200
201 # Be 8 bit clean.
202 set input-meta on
203 set output-meta on
204
205 # To allow the use of 8bit-characters like the german umlauts, uncomment
206 # the line below. However this makes the meta key not work as a meta key,
207 # which is annoying to those which don't need to type in 8-bit characters.
208
209 # set convert-meta off
210
211 # try to enable the application keypad when it is called. Some systems
212 # need this to enable the arrow keys.
213 # set enable-keypad on
214
215 # see /usr/share/doc/bash/inputrc.arrows for other codes of arrow keys
216
217 # do not bell on tab-completion
218 # set bell-style none
219 # set bell-style visible
220
221 # some defaults / modifications for the emacs mode
222 $if mode=emacs
223
224 # allow the use of the Home/End keys
225 "\e[1~": beginning-of-line
226 "\e[4~": end-of-line
227
228 # allow the use of the Delete/Insert keys
229 "\e[3~": delete-char
230 "\e[2~": quoted-insert
231
232 # mappings for "page up" and "page down" to step to the beginning/end
233 # of the history
234 # "\e[5~": beginning-of-history
235 # "\e[6~": end-of-history
236
237 # alternate mappings for "page up" and "page down" to search the history
238 # "\e[5~": history-search-backward
239 # "\e[6~": history-search-forward
240
241 # mappings for Ctrl-left-arrow and Ctrl-right-arrow for word moving
242 "\e[1;5C": forward-word
243 "\e[1;5D": backward-word
244 "\e[5C": forward-word
245 "\e[5D": backward-word
246 "\e\e[C": forward-word
247 "\e\e[D": backward-word
248
249 $if term=rxvt
250 "\e[7~": beginning-of-line
251 "\e[8~": end-of-line
252 "\eOc": forward-word
253 "\eOd": backward-word
254 $endif
255
256 # for non RH/Debian xterm, can't hurt for RH/Debian xterm
257 # "\eOH": beginning-of-line
258 # "\eOF": end-of-line
259
260 # for freebsd console
261 # "\e[H": beginning-of-line
262 # "\e[F": end-of-line
263
264 $endif
265 '';
266 };
267 };
268 }
NixOS configurations for Sourcephile's infrastructure