gpg: improve backup
[sourcephile-nix.git] / install / logical / friot.nix
1 {pkgs, lib, config, system, ...}:
2 let inherit (builtins.extraBuiltins) pass;
3 inherit (lib) types;
4 inherit (config) networking;
5 inherit (config.services) dovecot2;
6 userPass = name: pass "${networking.domain}/${networking.hostName}/${name}/pass";
7 in {
8 imports = [
9 <nixpkgs-commonsoft/install/modules.nix>
10 friot/dovecot.nix
11 friot/gitolite.nix
12 friot/nginx.nix
13 friot/nsd.nix
14 friot/postfix.nix
15 friot/postgrey.nix
16 friot/postgresql.nix
17 friot/rmilter.nix
18 friot/redmine.nix
19 friot/shorewall.nix
20 friot/openldap.nix
21 #friot/discourse.nix
22 ];
23 options = {
24 enable = lib.mkEnableOption "friot";
25 networking.domainBase = lib.mkOption {
26 type = types.str;
27 description = "Base network name.";
28 example = "example";
29 };
30 networking.domainAliases = lib.mkOption {
31 type = types.listOf types.str;
32 description = "Domain aliases.";
33 example = [ "example.org" "example.net" ];
34 };
35 networking.zones = lib.mkOption {
36 type = types.attrsOf (types.submodule ({name, options, config, ...}: {
37 options = {
38 iface = lib.mkOption {
39 type = types.str;
40 description = "Interface name.";
41 example = "eth0";
42 };
43 ipv4 = lib.mkOption {
44 type = types.str;
45 description = "Static IPv4 address of the machine.";
46 example = "1.2.3.4";
47 };
48 ipv6 = lib.mkOption {
49 type = types.str;
50 description = "Static IPv6 address of the machine.";
51 example = "fe80::1";
52 };
53 };
54 }));
55 };
56 };
57 config = {
58 nixpkgs.overlays = import ../overlays.nix;
59 networking = {
60 domainBase = "commonsoft";
61 domain = "${networking.domainBase}.org";
62 domainAliases = [
63 "${networking.domainBase}.net"
64 "${networking.domainBase}.coop"
65 ];
66 };
67 users.mutableUsers = false;
68 users.users = {
69 root.initialPassword = userPass "root";
70 root.password = config.users.users.root.initialPassword;
71 julm = {
72 uid = 1000;
73 extraGroups = [ "sudo" ];
74 description = "Julien Moutinho";
75 home = "/home/julm";
76 shell = lib.mkDefault config.users.defaultUserShell;
77 group = "julm"; # FIXME: unknown group
78 initialPassword = userPass "julm";
79 password = config.users.users.julm.initialPassword;
80 };
81 };
82 users.groups = {
83 julm = {
84 gid = config.users.users.julm.uid;
85 };
86 };
87
88 boot.initrd = {
89 network = {
90 enable = config.deployment.targetEnv != "virtualbox";
91 ssh = {
92 enable = true;
93 authorizedKeys = [ (pass "${networking.domain}/${networking.hostName}/julm/ssh.pub") ];
94 };
95 };
96 };
97
98 services = {
99 nixosManual = {
100 enable = false; # NOTE: useless on this machine, and CPU intensive.
101 };
102 redis = {
103 enable = true;
104 };
105 disnix = {
106 enable = false;
107 };
108 openssh = {
109 enable = true;
110 extraConfig = ''
111 '';
112 };
113 gitea = {
114 enable = false;
115 };
116 sssd = {
117 enable = false;
118 };
119 dovecot2 = {
120 #debug = true;
121 };
122 journald = {
123 extraConfig = ''
124 SystemMaxUse=50M
125 '';
126 };
127 x509 = {
128 domains =
129 lib.concatMap
130 (dom: map (sub: "${sub}.${dom}")
131 ["www" "git" "mail"])
132 ([networking.domain] ++ networking.domainAliases)
133 ++ networking.domainAliases;
134 };
135 #postfix.aliases = {
136 # "root@${networking.domain}" = [ "test@${networking.domain}" ];
137 # "postmaster@${networking.domain}" = [ "test@${networking.domain}" ];
138 # "abuse@${networking.domain}" = [ "test@${networking.domain}" ];
139 #};
140 #dovecot2.domains = {
141 # "${networking.domain}" = {
142 # accounts = {
143 # julm = {
144 # password = pass "${networking.domain}/mail/julm";
145 # # "${networking.domain}/dovecot2/julm";
146 # # "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
147 # aliases = ["julien.moutinho@${networking.domain}"];
148 # quota = "512M";
149 # };
150 # test = {
151 # password = pass "${networking.domain}/mail/test";
152 # # "${networking.domain}/dovecot2/test";
153 # # "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
154 # aliases = ["test-alias@${networking.domain}"];
155 # quota = "512M";
156 # };
157 # };
158 # };
159 #};
160 };
161 environment = {
162 systemPackages = with pkgs; [
163 htop
164 tree
165 vim
166 tcpdump
167 #mysql
168 #procmail
169 postgrey
170 duplicity
171 pypolicyd-spf
172 unbound
173 dropbear
174 cryptsetup
175 openssl
176 postgresql
177 openldap
178 #mail
179 #sympa
180 multitail
181 dnsutils
182 inetutils
183 binutils
184 mailutils
185 ncdu
186 cgit
187 #sssd
188 docker
189 #nss_ldap
190 #nss_pam_ldapd
191 socat
192 users-init
193 which
194 ];
195 etc."inputrc".text = ''
196 # /etc/inputrc - global inputrc for libreadline
197 # See readline(3readline) and `info rluserman' for more information.
198
199 # Be 8 bit clean.
200 set input-meta on
201 set output-meta on
202
203 # To allow the use of 8bit-characters like the german umlauts, uncomment
204 # the line below. However this makes the meta key not work as a meta key,
205 # which is annoying to those which don't need to type in 8-bit characters.
206
207 # set convert-meta off
208
209 # try to enable the application keypad when it is called. Some systems
210 # need this to enable the arrow keys.
211 # set enable-keypad on
212
213 # see /usr/share/doc/bash/inputrc.arrows for other codes of arrow keys
214
215 # do not bell on tab-completion
216 # set bell-style none
217 # set bell-style visible
218
219 # some defaults / modifications for the emacs mode
220 $if mode=emacs
221
222 # allow the use of the Home/End keys
223 "\e[1~": beginning-of-line
224 "\e[4~": end-of-line
225
226 # allow the use of the Delete/Insert keys
227 "\e[3~": delete-char
228 "\e[2~": quoted-insert
229
230 # mappings for "page up" and "page down" to step to the beginning/end
231 # of the history
232 # "\e[5~": beginning-of-history
233 # "\e[6~": end-of-history
234
235 # alternate mappings for "page up" and "page down" to search the history
236 # "\e[5~": history-search-backward
237 # "\e[6~": history-search-forward
238
239 # mappings for Ctrl-left-arrow and Ctrl-right-arrow for word moving
240 "\e[1;5C": forward-word
241 "\e[1;5D": backward-word
242 "\e[5C": forward-word
243 "\e[5D": backward-word
244 "\e\e[C": forward-word
245 "\e\e[D": backward-word
246
247 $if term=rxvt
248 "\e[7~": beginning-of-line
249 "\e[8~": end-of-line
250 "\eOc": forward-word
251 "\eOd": backward-word
252 $endif
253
254 # for non RH/Debian xterm, can't hurt for RH/Debian xterm
255 # "\eOH": beginning-of-line
256 # "\eOF": end-of-line
257
258 # for freebsd console
259 # "\e[H": beginning-of-line
260 # "\e[F": end-of-line
261
262 $endif
263 '';
264 };
265 };
266 }