]> Git — Sourcephile - sourcephile-nix.git/blob - install/logical/spof.nix
update
[sourcephile-nix.git] / install / logical / spof.nix
1 {pkgs, lib, config, system, ...}:
2 let inherit (lib) types;
3 inherit (config.services) dovecot2;
4 in {
5 imports = [
6 <nixsys/install/modules.nix>
7 machine1/nginx.nix
8 machine1/shorewall.nix
9 machine1/postfix.nix
10 machine1/postgrey.nix
11 machine1/dovecot.nix
12 machine1/rmilter.nix
13 machine1/nsd.nix
14 ];
15 options = {
16 enable = lib.mkEnableOption "machine1";
17 fqdn = lib.mkOption {
18 type = types.str;
19 example = "example.coop";
20 description = "Fully Qualified Domain Name of the machine.";
21 };
22 networking.fqdn = lib.mkOption {
23 type = types.str;
24 example = "some.example.coop";
25 default = "${config.networking.hostName}.${config.networking.domain}";
26 description = "Fully Qualified Domain Name of the machine.";
27 };
28 networking.zones = lib.mkOption {
29 type = types.attrsOf (types.submodule ({zone, ...}: {
30 options = {
31 iface = lib.mkOption {
32 type = types.str;
33 description = "Interface name.";
34 example = "eth0";
35 };
36 ipv4 = lib.mkOption {
37 type = types.str;
38 description = "Static IPv4 address of the machine.";
39 example = "1.2.3.4";
40 };
41 ipv6 = lib.mkOption {
42 type = types.str;
43 description = "Static IPv6 address of the machine.";
44 example = "fe80::1";
45 };
46 };
47 }));
48 };
49 };
50 config = {
51 fqdn = "cologic.coop";
52 networking = {
53 domain = "cologic.coop";
54 };
55 #fqdn = "machine1.logic.coop";
56
57 services = {
58 nixosManual = {
59 enable = false; # NOTE: useless on this machine, and CPU intensive.
60 };
61 disnix = {
62 enable = false;
63 };
64 openssh = {
65 enable = true;
66 };
67 openldap = {
68 enable = true;
69 };
70 dovecot2 = {
71 #debug = true;
72 };
73 journald = {
74 extraConfig = ''
75 SystemMaxUse=50M
76 '';
77 };
78 x509 = {
79 domains =
80 builtins.attrNames dovecot2.domains;
81 };
82 postfix.aliases = {
83 "root@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
84 "postmaster@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
85 "abuse@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
86 };
87 dovecot2.domains = {
88 "${config.networking.domain}" = {
89 accounts = {
90 test = {
91 password = builtins.extraBuiltins.pass "${config.networking.domain}/dovecot2/test";
92 # "${config.networking.domain}/dovecot2/test";
93 # "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
94 aliases = ["test-alias@${config.networking.domain}"];
95 quota = "512M";
96 };
97 };
98 };
99 };
100 };
101 environment = {
102 systemPackages = with pkgs; [
103 htop
104 tree
105 vim
106 postgresql
107 dnsutils
108 tcpdump
109 #mysql
110 #procmail
111 postgrey
112 duplicity
113 pypolicyd-spf
114 unbound
115 nsd
116 dropbear
117 cryptsetup
118 openssl
119 gitolite
120 postgresql
121 cgit
122 openldap
123 #mail
124 sympa
125 multitail
126 ];
127 };
128 };
129 }