]> Git — Sourcephile - sourcephile-nix.git/blob - install/logical/friot.nix
environment.systemPackages.
[sourcephile-nix.git] / install / logical / friot.nix
1 {pkgs, lib, config, system, ...}:
2 let inherit (builtins.extraBuiltins) pass;
3 inherit (lib) types;
4 inherit (config) networking;
5 inherit (config.services) dovecot2;
6 userPass = name: pass ("${networking.domain}/${networking.hostName}/"+name);
7 in {
8 imports = [
9 <nixpkgs-commonsoft/install/modules.nix>
10 friot/dovecot.nix
11 friot/gitolite.nix
12 friot/nginx.nix
13 friot/nsd.nix
14 friot/postfix.nix
15 friot/postgrey.nix
16 friot/postgresql.nix
17 friot/rmilter.nix
18 friot/redmine.nix
19 friot/shorewall.nix
20 friot/openldap.nix
21 #friot/discourse.nix
22 ];
23 options = {
24 enable = lib.mkEnableOption "friot";
25 networking.domainBase = lib.mkOption {
26 type = types.str;
27 description = "Base network name.";
28 example = "example";
29 };
30 networking.domainAliases = lib.mkOption {
31 type = types.listOf types.str;
32 description = "Domain aliases.";
33 example = [ "example.org" "example.net" ];
34 };
35 networking.zones = lib.mkOption {
36 type = types.attrsOf (types.submodule ({name, options, config, ...}: {
37 options = {
38 iface = lib.mkOption {
39 type = types.str;
40 description = "Interface name.";
41 example = "eth0";
42 };
43 ipv4 = lib.mkOption {
44 type = types.str;
45 description = "Static IPv4 address of the machine.";
46 example = "1.2.3.4";
47 };
48 ipv6 = lib.mkOption {
49 type = types.str;
50 description = "Static IPv6 address of the machine.";
51 example = "fe80::1";
52 };
53 };
54 }));
55 };
56 };
57 config = {
58 nixpkgs.overlays = import ../overlays.nix;
59 networking = {
60 domainBase = "commonsoft";
61 domain = "${networking.domainBase}.coop";
62 domainAliases = [
63 "${networking.domainBase}.org"
64 "${networking.domainBase}.net"
65 ];
66 };
67 users.mutableUsers = false;
68 users.users = {
69 root.initialPassword = userPass "root";
70 root.password = config.users.users.root.initialPassword;
71 julm = {
72 uid = 1000;
73 extraGroups = [ "sudo" ];
74 description = "Julien Moutinho";
75 home = "/home/julm";
76 shell = lib.mkDefault config.users.defaultUserShell;
77 group = "julm"; # FIXME: unknown group
78 initialPassword = userPass "julm";
79 password = config.users.users.julm.initialPassword;
80 };
81 };
82 users.groups = {
83 julm = {
84 gid = config.users.users.julm.uid;
85 };
86 };
87
88 services = {
89 nixosManual = {
90 enable = false; # NOTE: useless on this machine, and CPU intensive.
91 };
92 disnix = {
93 enable = false;
94 };
95 openssh = {
96 enable = true;
97 };
98 gitea = {
99 enable = false;
100 };
101 sssd = {
102 enable = false;
103 };
104 dovecot2 = {
105 #debug = true;
106 };
107 journald = {
108 extraConfig = ''
109 SystemMaxUse=50M
110 '';
111 };
112 x509 = {
113 domains =
114 lib.concatMap
115 (dom: map (sub: "${sub}.${dom}")
116 ["www" "git" "mail"])
117 ([networking.domain] ++ networking.domainAliases)
118 ++ networking.domainAliases;
119 };
120 #postfix.aliases = {
121 # "root@${networking.domain}" = [ "test@${networking.domain}" ];
122 # "postmaster@${networking.domain}" = [ "test@${networking.domain}" ];
123 # "abuse@${networking.domain}" = [ "test@${networking.domain}" ];
124 #};
125 #dovecot2.domains = {
126 # "${networking.domain}" = {
127 # accounts = {
128 # julm = {
129 # password = pass "${networking.domain}/mail/julm";
130 # # "${networking.domain}/dovecot2/julm";
131 # # "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
132 # aliases = ["julien.moutinho@${networking.domain}"];
133 # quota = "512M";
134 # };
135 # test = {
136 # password = pass "${networking.domain}/mail/test";
137 # # "${networking.domain}/dovecot2/test";
138 # # "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
139 # aliases = ["test-alias@${networking.domain}"];
140 # quota = "512M";
141 # };
142 # };
143 # };
144 #};
145 };
146 environment = {
147 systemPackages = with pkgs; [
148 htop
149 tree
150 vim
151 tcpdump
152 #mysql
153 #procmail
154 postgrey
155 duplicity
156 pypolicyd-spf
157 unbound
158 dropbear
159 cryptsetup
160 openssl
161 postgresql
162 openldap
163 #mail
164 #sympa
165 multitail
166 dnsutils
167 inetutils
168 binutils
169 mailutils
170 ncdu
171 cgit
172 #sssd
173 docker
174 #nss_ldap
175 #nss_pam_ldapd
176 socat
177 ];
178 };
179 };
180 }