]> Git — Sourcephile - sourcephile-nix.git/blob - install/logical/friot.nix
update
[sourcephile-nix.git] / install / logical / friot.nix
1 {pkgs, lib, config, system, ...}:
2 let inherit (builtins.extraBuiltins) pass;
3 inherit (lib) types;
4 inherit (config.services) dovecot2;
5 userPass = name: pass ("${config.networking.domain}/${config.networking.hostName}/"+name);
6 in {
7 imports = [
8 <nixsys/install/modules.nix>
9 friot/dovecot.nix
10 friot/gitolite.nix
11 friot/nginx.nix
12 friot/nsd.nix
13 friot/postfix.nix
14 friot/postgrey.nix
15 friot/rmilter.nix
16 friot/shorewall.nix
17 ];
18 options = {
19 enable = lib.mkEnableOption "friot";
20 networking.zones = lib.mkOption {
21 type = types.attrsOf (types.submodule ({zone, ...}: {
22 options = {
23 iface = lib.mkOption {
24 type = types.str;
25 description = "Interface name.";
26 example = "eth0";
27 };
28 ipv4 = lib.mkOption {
29 type = types.str;
30 description = "Static IPv4 address of the machine.";
31 example = "1.2.3.4";
32 };
33 ipv6 = lib.mkOption {
34 type = types.str;
35 description = "Static IPv6 address of the machine.";
36 example = "fe80::1";
37 };
38 };
39 }));
40 };
41 };
42 config = {
43 networking = {
44 domain = "commonsoft.coop";
45 };
46 users.mutableUsers = false;
47 users.users = {
48 root.initialPassword = userPass "root";
49 root.password = config.users.users.root.initialPassword;
50 julm = {
51 uid = 1000;
52 extraGroups = [ "sudo" ];
53 description = "Julien Moutinho";
54 home = "/home/julm";
55 shell = lib.mkDefault config.users.defaultUserShell;
56 group = "julm"; # FIXME: unknown group
57 initialPassword = userPass "julm";
58 password = config.users.users.julm.initialPassword;
59 };
60 };
61 users.groups = {
62 julm = {
63 gid = config.users.users.julm.uid;
64 };
65 };
66
67 services = {
68 nixosManual = {
69 enable = false; # NOTE: useless on this machine, and CPU intensive.
70 };
71 disnix = {
72 enable = false;
73 };
74 openssh = {
75 enable = true;
76 };
77 openldap = {
78 enable = true;
79 #declarativeContents = ''
80 # dn: dc=example,dc=org
81 # objectClass: domain
82 # dc: example
83 #
84 # dn: ou=users,dc=example,dc=org
85 # objectClass = organizationalUnit
86 # ou: users
87 #
88 # # ...
89 #'';
90 };
91 gitea = {
92 enable = false;
93 };
94 dovecot2 = {
95 #debug = true;
96 };
97 journald = {
98 extraConfig = ''
99 SystemMaxUse=50M
100 '';
101 };
102 x509 = {
103 domains =
104 [ "www.${config.networking.domain}" ] ++
105 [ "git.${config.networking.domain}" ] ++
106 [ "mail.${config.networking.domain}" ] ++
107 builtins.attrNames dovecot2.domains;
108 };
109 postfix.aliases = {
110 "root@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
111 "postmaster@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
112 "abuse@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
113 };
114 dovecot2.domains = {
115 "${config.networking.domain}" = {
116 accounts = {
117 julm = {
118 password = pass "${config.networking.domain}/mail/julm";
119 # "${config.networking.domain}/dovecot2/julm";
120 # "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
121 aliases = ["julien.moutinho@${config.networking.domain}"];
122 quota = "512M";
123 };
124 test = {
125 password = pass "${config.networking.domain}/mail/test";
126 # "${config.networking.domain}/dovecot2/test";
127 # "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
128 aliases = ["test-alias@${config.networking.domain}"];
129 quota = "512M";
130 };
131 };
132 };
133 };
134 };
135 environment = {
136 systemPackages = with pkgs; [
137 htop
138 tree
139 vim
140 postgresql
141 dnsutils
142 tcpdump
143 #mysql
144 #procmail
145 postgrey
146 duplicity
147 pypolicyd-spf
148 unbound
149 nsd
150 dropbear
151 cryptsetup
152 openssl
153 gitolite
154 postgresql
155 cgit
156 openldap
157 #mail
158 #sympa
159 multitail
160 inetutils
161 cgit
162 ncdu
163 #mailutils
164 ];
165 };
166 };
167 }