]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/mermet/public-inbox.nix
losurdo: syncoid: improve config
[sourcephile-nix.git] / hosts / mermet / public-inbox.nix
1 { pkgs, lib, config, ... }:
2 let
3 inherit (config.services) public-inbox;
4 inherit (config.users) groups;
5 orga = "sourcephile";
6 domain = "${orga}.fr";
7 repositories = [
8 "doclang"
9 "majurity"
10 "reloto"
11 "haskell/symantic"
12 "haskell/symantic-atom"
13 "haskell/symantic-base"
14 "haskell/symantic-cli"
15 "haskell/symantic-compta"
16 "haskell/symantic-document"
17 "haskell/symantic-http"
18 "haskell/symantic-parser"
19 "haskell/symantic-xml"
20 ];
21 in
22 # Pour supprimer un message :
23 # curl https://mails.sourcephile.fr/inbox/environnement/8ea699887ca47797b4460053588cbef2d115829ab4@vieber.ru/raw |
24 # sudo -u public-inbox public-inbox-learn rm
25 {
26 security.acme.certs."${domain}" = {
27 postRun = "systemctl try-restart public-inbox-nntpd public-inbox-imapd";
28 };
29 networking.nftables.ruleset = ''
30 add rule inet filter net2fw tcp dport ${toString public-inbox.nntp.port} counter accept comment "NNTPS"
31 add rule inet filter net2fw tcp dport 1993 counter accept comment "IMAPS"
32 '';
33 fileSystems."/var/lib/public-inbox" = {
34 device = "rpool/var/public-inbox";
35 fsType = "zfs";
36 };
37 systemd.services = {
38 public-inbox-httpd = {
39 serviceConfig = {
40 SupplementaryGroups = [ groups."git-daemon".name ];
41 BindReadOnlyPaths = [ "/var/lib/acme/${domain}" ];
42 };
43 };
44 public-inbox-imapd = {
45 wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
46 after = [ "acme-selfsigned-${domain}.service" ];
47 serviceConfig = {
48 SupplementaryGroups = [ groups."acme".name ];
49 BindReadOnlyPaths = [ "/var/lib/acme/${domain}" ];
50 };
51 };
52 public-inbox-nntpd = {
53 wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
54 after = [ "acme-selfsigned-${domain}.service" ];
55 serviceConfig = {
56 SupplementaryGroups = [ groups."acme".name ];
57 BindReadOnlyPaths = [ "/var/lib/acme/${domain}" ];
58 };
59 };
60 };
61 services.public-inbox = {
62 enable = true;
63 postfix.enable = true;
64 settings.publicinbox = {
65 css = [ "href=https://mails.${domain}/style/light.css" ];
66 nntpserver = [ "nntps://news.${domain}" ];
67 wwwlisting = "match=domain";
68 };
69 mda = {
70 enable = true;
71 args = [ "--no-precheck" ]; # Allow Bcc:
72 };
73 http = {
74 enable = true;
75 port = "/run/public-inbox-http.sock";
76 #port = 8080;
77 args = ["-W0"];
78 mounts = [
79 "https://mails.${domain}/inbox"
80 "https://public-inbox.${domain}/inbox"
81 ];
82 };
83 nntp = {
84 enable = true;
85 #port = 563;
86 args = ["-W0"];
87 cert = "/var/lib/acme/${domain}/fullchain.pem";
88 key = "/var/lib/acme/${domain}/key.pem";
89 };
90 imap = {
91 enable = true;
92 # FIXME: find an IP or .onion to put 993
93 port = null;
94 args = [ "-W0" "--listen" "imaps://0.0.0.0:1993" ];
95 #args = ["-W0"];
96 cert = "/var/lib/acme/${domain}/fullchain.pem";
97 key = "/var/lib/acme/${domain}/key.pem";
98 };
99 inboxes = {
100 news = {
101 address = [
102 "news@${domain}"
103 ];
104 description = ''
105 news@${domain} :
106 annonces d'informations concernant importantes
107 '';
108 url = "https://mails.${domain}/inbox/news";
109 newsgroup = "inbox.comp.${orga}.news";
110 #coderepo = [ "sourcephile-txt" ];
111 };
112 chat = {
113 address = [
114 "chat@${domain}"
115 ];
116 description = ''
117 chat@${domain} :
118 discussions concernant l'informatique en général.
119 '';
120 url = "https://mails.${domain}/inbox/chat";
121 newsgroup = "inbox.comp.${orga}.chat";
122 };
123 contact = {
124 address = [
125 "contact@${domain}"
126 ];
127 description = ''
128 contact@${domain} :
129 discussions avec le grand public.
130 '';
131 url = "https://mails.${domain}/inbox/contact";
132 newsgroup = "inbox.comp.${orga}.contact";
133 #coderepo = [ "${orga}" ];
134 };
135 environnement = {
136 address = [
137 "environnement@${domain}"
138 ];
139 description = ''
140 environnement@${domain} :
141 discussions sur les impacts environnementaux de l'informatique.
142 '';
143 url = "https://mails.${domain}/inbox/environnement";
144 newsgroup = "inbox.comp.${orga}.environnement";
145 #coderepo = [ "sourcephile-txt" ];
146 };
147 labo = {
148 address = [
149 "labo@${domain}"
150 ];
151 description = ''
152 labo@${domain} :
153 discussions concernant la science de l'informatique.
154 '';
155 url = "https://mails.${domain}/inbox/labo";
156 newsgroup = "inbox.comp.${orga}.labo";
157 # TODO: list many source code repositories
158 #coderepo = [ "sourcephile-txt" ];
159 };
160 prod = {
161 address = [
162 "prod@${domain}"
163 ];
164 description = ''
165 prod@${domain} :
166 discussions concernant l'administration technique de l'infrastructure informatique.
167 '';
168 url = "https://mails.${domain}/inbox/prod";
169 newsgroup = "inbox.comp.${orga}.prod";
170 #coderepo = [ "sourcephile-txt" "sourcephile-nix" ];
171 };
172 orga = {
173 address = [
174 "orga@${domain}"
175 ];
176 description = ''
177 orga@${domain} :
178 discussions à l'attention de l'ensemble des personnes à bord.
179 '';
180 url = "https://mails.${domain}/inbox/orga";
181 newsgroup = "inbox.comp.${orga}.orga";
182 #coderepo = [ "sourcephile-txt" ];
183 };
184 test = {
185 address = [
186 "test@${domain}"
187 ];
188 description = ''
189 test@${domain} :
190 une cible de test pour effectuer des tirs de mails.
191 '';
192 url = "https://mails.${domain}/inbox/test";
193 newsgroup = "inbox.comp.${orga}.test";
194 hide = [ /* FIXME: doesn't work for IMAP */"imap" "www" "manifest" ];
195 };
196 } // lib.genAttrs (map baseNameOf repositories) (name: {
197 address = [
198 "${name}@${domain}"
199 ];
200 description = ''
201 ${name}@${domain} :
202 discussions about ${name}.
203 '';
204 url = "https://mails.${domain}/inbox/${name}";
205 newsgroup = "inbox.comp.${orga}.${name}";
206 coderepo = [ name ];
207 });
208 settings.coderepo = {
209 sourcephile-txt = {
210 dir = "/var/lib/gitolite/repositories/sourcephile-txt.git";
211 cgitUrl = "https://code.${domain}/sourcephile-txt.git";
212 };
213 sourcephile-nix = {
214 dir = "/var/lib/gitolite/repositories/sourcephile-nix.git";
215 cgitUrl = "https://code.${domain}/sourcephile-nix.git";
216 };
217 } // lib.listToAttrs (map (path: lib.nameValuePair (baseNameOf path) {
218 dir = "/var/lib/gitolite/repositories/${path}.git";
219 cgitUrl = "https://code.${domain}/${path}.git";
220 }) repositories);
221 };
222 services.sanoid.datasets."rpool/var/public-inbox" = {
223 use_template = [ "snap" ];
224 daily = 7;
225 };
226 }