install/logical/friot.nix

   1 {pkgs, lib, config, system, ...}:
   2 let inherit (builtins.extraBuiltins) pass;
   3     inherit (lib) types;
   4     inherit (config.services) dovecot2;
   5     userPass = name: pass ("${config.networking.domain}/${config.networking.hostName}/"+name);
   6 in {
   7 imports = [
   8   <nixsys/install/modules.nix>
   9   friot/dovecot.nix
  10   friot/gitolite.nix
  11   friot/nginx.nix
  12   friot/nsd.nix
  13   friot/postfix.nix
  14   friot/postgrey.nix
  15   friot/rmilter.nix
  16   friot/shorewall.nix
  17 ];
  18 options = {
  19   enable = lib.mkEnableOption "friot";
  20   networking.zones = lib.mkOption {
  21     type = types.attrsOf (types.submodule ({zone, ...}: {
  22       options = {
  23         iface = lib.mkOption {
  24           type        = types.str;
  25           description = "Interface name.";
  26           example     = "eth0";
  27         };
  28         ipv4 = lib.mkOption {
  29           type        = types.str;
  30           description = "Static IPv4 address of the machine.";
  31           example     = "1.2.3.4";
  32         };
  33         ipv6 = lib.mkOption {
  34           type        = types.str;
  35           description = "Static IPv6 address of the machine.";
  36           example     = "fe80::1";
  37         };
  38       };
  39     }));
  40   };
  41 };
  42 config = {
  43   networking = {
  44     domain = "commonsoft.coop";
  45   };
  46   users.mutableUsers = false;
  47   users.users = {
  48       root.initialPassword = userPass "root";
  49       root.password        = config.users.users.root.initialPassword;
  50       julm = {
  51         uid             = 1000;
  52         extraGroups     = [ "sudo" ];
  53         description     = "Julien Moutinho";
  54         home            = "/home/julm";
  55         shell           = lib.mkDefault config.users.defaultUserShell;
  56         group           = "julm"; # FIXME: unknown group
  57         initialPassword = userPass "julm";
  58         password        = config.users.users.julm.initialPassword;
  59       };
  60   };
  61   users.groups = {
  62     julm = {
  63       gid = config.users.users.julm.uid;
  64     };
  65   };
  66
  67   services = {
  68     nixosManual = {
  69       enable = false; # NOTE: useless on this machine, and CPU intensive.
  70     };
  71     disnix = {
  72       enable = false;
  73     };
  74     openssh = {
  75       enable = true;
  76     };
  77     openldap = {
  78       enable = true;
  79       #declarativeContents = ''
  80       #    dn: dc=example,dc=org
  81       #    objectClass: domain
  82       #    dc: example
  83       #
  84       #    dn: ou=users,dc=example,dc=org
  85       #    objectClass = organizationalUnit
  86       #    ou: users
  87       #
  88       #    # ...
  89       #'';
  90     };
  91     gitea = {
  92       enable = false;
  93     };
  94     dovecot2 = {
  95       #debug = true;
  96     };
  97     journald = {
  98       extraConfig = ''
  99         SystemMaxUse=50M
 100       '';
 101     };
 102     x509 = {
 103       domains =
 104        [ "www.${config.networking.domain}" ] ++
 105        [ "git.${config.networking.domain}" ] ++
 106        [ "mail.${config.networking.domain}" ] ++
 107        builtins.attrNames dovecot2.domains;
 108     };
 109     postfix.aliases = {
 110             "root@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
 111       "postmaster@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
 112            "abuse@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
 113     };
 114     dovecot2.domains = {
 115       "${config.networking.domain}" = {
 116         accounts = {
 117           julm = {
 118             password = pass "${config.networking.domain}/mail/julm";
 119              # "${config.networking.domain}/dovecot2/julm";
 120                #  "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
 121             aliases  = ["julien.moutinho@${config.networking.domain}"];
 122             quota    = "512M";
 123           };
 124           test = {
 125             password = pass "${config.networking.domain}/mail/test";
 126              # "${config.networking.domain}/dovecot2/test";
 127                #  "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
 128             aliases  = ["test-alias@${config.networking.domain}"];
 129             quota    = "512M";
 130           };
 131         };
 132       };
 133     };
 134   };
 135   environment = {
 136     systemPackages = with pkgs; [
 137       htop
 138       tree
 139       vim
 140       postgresql
 141       dnsutils
 142       tcpdump
 143       #mysql
 144       #procmail
 145       postgrey
 146       duplicity
 147       pypolicyd-spf
 148       unbound
 149       nsd
 150       dropbear
 151       cryptsetup
 152       openssl
 153       gitolite
 154       postgresql
 155       cgit
 156       openldap
 157       #mail
 158       #sympa
 159       multitail
 160       inetutils
 161       cgit
 162       ncdu
 163       #mailutils
 164     ];
 165   };
 166 };
 167 }