install/logical/friot.nix

   1 {pkgs, lib, config, system, ...}:
   2 let inherit (builtins.extraBuiltins) pass;
   3     inherit (lib) types;
   4     inherit (config) networking;
   5     inherit (config.services) dovecot2;
   6     userPass = name: pass ("${networking.domain}/${networking.hostName}/"+name);
   7 in {
   8 imports = [
   9   <nixpkgs-commonsoft/install/modules.nix>
  10   friot/dovecot.nix
  11   friot/gitolite.nix
  12   friot/nginx.nix
  13   friot/nsd.nix
  14   friot/postfix.nix
  15   friot/postgrey.nix
  16   friot/postgresql.nix
  17   friot/rmilter.nix
  18   friot/redmine.nix
  19   friot/shorewall.nix
  20   friot/openldap.nix
  21   #friot/discourse.nix
  22 ];
  23 options = {
  24   enable = lib.mkEnableOption "friot";
  25   networking.domainBase = lib.mkOption {
  26     type        = types.str;
  27     description = "Base network name.";
  28     example     = "example";
  29   };
  30   networking.domainAliases = lib.mkOption {
  31     type        = types.listOf types.str;
  32     description = "Domain aliases.";
  33     example     = [ "example.org" "example.net" ];
  34   };
  35   networking.zones = lib.mkOption {
  36     type = types.attrsOf (types.submodule ({name, options, config, ...}: {
  37       options = {
  38         iface = lib.mkOption {
  39           type        = types.str;
  40           description = "Interface name.";
  41           example     = "eth0";
  42         };
  43         ipv4 = lib.mkOption {
  44           type        = types.str;
  45           description = "Static IPv4 address of the machine.";
  46           example     = "1.2.3.4";
  47         };
  48         ipv6 = lib.mkOption {
  49           type        = types.str;
  50           description = "Static IPv6 address of the machine.";
  51           example     = "fe80::1";
  52         };
  53       };
  54     }));
  55   };
  56 };
  57 config = {
  58   nixpkgs.overlays = import ../overlays.nix;
  59   networking = {
  60     domainBase    = "commonsoft";
  61     domain        = "${networking.domainBase}.coop";
  62     domainAliases = [
  63      "${networking.domainBase}.org"
  64      "${networking.domainBase}.net"
  65     ];
  66   };
  67   users.mutableUsers = false;
  68   users.users = {
  69       root.initialPassword = userPass "root";
  70       root.password        = config.users.users.root.initialPassword;
  71       julm = {
  72         uid             = 1000;
  73         extraGroups     = [ "sudo" ];
  74         description     = "Julien Moutinho";
  75         home            = "/home/julm";
  76         shell           = lib.mkDefault config.users.defaultUserShell;
  77         group           = "julm"; # FIXME: unknown group
  78         initialPassword = userPass "julm";
  79         password        = config.users.users.julm.initialPassword;
  80       };
  81   };
  82   users.groups = {
  83     julm = {
  84       gid = config.users.users.julm.uid;
  85     };
  86   };
  87
  88   services = {
  89     nixosManual = {
  90       enable = false; # NOTE: useless on this machine, and CPU intensive.
  91     };
  92     disnix = {
  93       enable = false;
  94     };
  95     openssh = {
  96       enable = true;
  97     };
  98     gitea = {
  99       enable = false;
 100     };
 101     sssd = {
 102       enable = false;
 103     };
 104     dovecot2 = {
 105       #debug = true;
 106     };
 107     journald = {
 108       extraConfig = ''
 109         SystemMaxUse=50M
 110       '';
 111     };
 112     x509 = {
 113       domains =
 114         lib.concatMap
 115          (dom: map (sub: "${sub}.${dom}")
 116            ["www" "git" "mail"])
 117          ([networking.domain] ++ networking.domainAliases)
 118         ++ networking.domainAliases;
 119     };
 120     #postfix.aliases = {
 121     #        "root@${networking.domain}" = [ "test@${networking.domain}" ];
 122     #  "postmaster@${networking.domain}" = [ "test@${networking.domain}" ];
 123     #       "abuse@${networking.domain}" = [ "test@${networking.domain}" ];
 124     #};
 125     #dovecot2.domains = {
 126     #  "${networking.domain}" = {
 127     #    accounts = {
 128     #      julm = {
 129     #        password = pass "${networking.domain}/mail/julm";
 130     #         # "${networking.domain}/dovecot2/julm";
 131     #           #  "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
 132     #        aliases  = ["julien.moutinho@${networking.domain}"];
 133     #        quota    = "512M";
 134     #      };
 135     #      test = {
 136     #        password = pass "${networking.domain}/mail/test";
 137     #         # "${networking.domain}/dovecot2/test";
 138     #           #  "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
 139     #        aliases  = ["test-alias@${networking.domain}"];
 140     #        quota    = "512M";
 141     #      };
 142     #    };
 143     #  };
 144     #};
 145   };
 146   environment = {
 147     systemPackages = with pkgs; [
 148       htop
 149       tree
 150       vim
 151       tcpdump
 152       #mysql
 153       #procmail
 154       postgrey
 155       duplicity
 156       pypolicyd-spf
 157       unbound
 158       dropbear
 159       cryptsetup
 160       openssl
 161       postgresql
 162       openldap
 163       #mail
 164       #sympa
 165       multitail
 166       dnsutils
 167       inetutils
 168       binutils
 169       mailutils
 170       ncdu
 171       cgit
 172       #sssd
 173       docker
 174       #nss_ldap
 175       #nss_pam_ldapd
 176       socat
 177     ];
 178   };
 179 };
 180 }