]> Git — Sourcephile - sourcephile-nix.git/blob - install/logical/machine1.nix
sourcephile / git / sourcephile-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
init
[sourcephile-nix.git] / install / logical / machine1.nix
1 {pkgs, lib, config, system, ...}:
2 let inherit (lib) types;
3 inherit (config.services) dovecot2;
4 in {
5 imports = [
6 <nixsys/install/modules.nix>
7 machine1/nginx.nix
8 machine1/shorewall.nix
9 machine1/postfix.nix
10 machine1/postgrey.nix
11 machine1/dovecot.nix
12 machine1/rmilter.nix
13 machine1/nsd.nix
14 ];
15 options = {
16 enable = lib.mkEnableOption "machine1";
17 fqdn = lib.mkOption {
18 type = types.str;
19 example = "example.coop";
20 description = "Fully Qualified Domain Name of the machine.";
21 };
22 networking.fqdn = lib.mkOption {
23 type = types.str;
24 example = "some.example.coop";
25 default = "${config.networking.hostName}.${config.networking.domain}";
26 description = "Fully Qualified Domain Name of the machine.";
27 };
28 networking.net = lib.mkOption {
29 default = null;
30 type = types.nullOr (types.submodule {
31 options = {
32 iface = lib.mkOption {
33 type = types.str;
34 description = "Interface name.";
35 example = "eth0";
36 };
37 ipv4 = lib.mkOption {
38 type = types.str;
39 description = "Static IPv4 address of the machine.";
40 example = "1.2.3.4";
41 };
42 };
43 });
44 };
45 networking.lan = lib.mkOption {
46 default = null;
47 type = types.nullOr (types.submodule {
48 options = {
49 iface = lib.mkOption {
50 type = types.str;
51 description = "Interface name.";
52 example = "eth0";
53 };
54 ipv4 = lib.mkOption {
55 type = types.str;
56 description = "Static IPv4 address of the machine.";
57 example = "192.168.1.1";
58 };
59 };
60 });
61 };
62 };
63 config = {
64 fqdn = "millogic.coop";
65 networking = {
66 domain = "millogic.coop";
67 };
68 #fqdn = "machine1.logic.coop";
69
70 services = {
71 nixosManual = {
72 enable = false; # NOTE: useless on this machine, and CPU intensive.
73 };
74 disnix = {
75 enable = false;
76 };
77 openssh = {
78 enable = true;
79 };
80 openldap = {
81 enable = true;
82 };
83 dovecot2 = {
84 #debug = true;
85 };
86 journald = {
87 extraConfig = ''
88 SystemMaxUse=50M
89 '';
90 };
91 x509 = {
92 domains =
93 builtins.attrNames dovecot2.domains;
94 };
95 postfix.aliases = {
96 "root@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
97 "postmaster@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
98 "abuse@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
99 };
100 dovecot2.domains = {
101 "${config.networking.domain}" = {
102 accounts = {
103 test = {
104 password = builtins.extraBuiltins.pass "${config.networking.domain}/dovecot2/test";
105 # "${config.networking.domain}/dovecot2/test";
106 # "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
107 aliases = ["test-alias@${config.networking.domain}"];
108 quota = "512M";
109 };
110 };
111 };
112 };
113 };
114 environment = {
115 systemPackages = with pkgs; [
116 htop
117 tree
118 vim
119 postgresql
120 dnsutils
121 tcpdump
122 #mysql
123 #procmail
124 postgrey
125 duplicity
126 pypolicyd-spf
127 unbound
128 nsd
129 dropbear
130 cryptsetup
131 openssl
132 gitolite
133 postgresql
134 cgit
135 openldap
136 #mail
137 sympa
138 multitail
139 ];
140 };
141 };
142 }
NixOS configurations for Sourcephile's infrastructure