install/logical/friot.nix

   1 {pkgs, lib, config, system, ...}:
   2 let inherit (builtins.extraBuiltins) pass;
   3     inherit (lib) types;
   4     inherit (config) networking;
   5     inherit (config.services) dovecot2;
   6     userPass = name: pass ("${networking.domain}/${networking.hostName}/"+name);
   7 in {
   8 imports = [
   9   <nixpkgs-commonsoft/install/modules.nix>
  10   friot/dovecot.nix
  11   friot/gitolite.nix
  12   friot/nginx.nix
  13   friot/nsd.nix
  14   friot/postfix.nix
  15   friot/postgrey.nix
  16   friot/postgresql.nix
  17   friot/rmilter.nix
  18   friot/shorewall.nix
  19   friot/openldap.nix
  20   #friot/discourse.nix
  21 ];
  22 options = {
  23   enable = lib.mkEnableOption "friot";
  24   networking.domainBase = lib.mkOption {
  25     type        = types.str;
  26     description = "Base network name.";
  27     example     = "example";
  28   };
  29   networking.domainAliases = lib.mkOption {
  30     type        = types.listOf types.str;
  31     description = "Domain aliases.";
  32     example     = [ "example.org" "example.net" ];
  33   };
  34   networking.zones = lib.mkOption {
  35     type = types.attrsOf (types.submodule ({name, options, config, ...}: {
  36       options = {
  37         iface = lib.mkOption {
  38           type        = types.str;
  39           description = "Interface name.";
  40           example     = "eth0";
  41         };
  42         ipv4 = lib.mkOption {
  43           type        = types.str;
  44           description = "Static IPv4 address of the machine.";
  45           example     = "1.2.3.4";
  46         };
  47         ipv6 = lib.mkOption {
  48           type        = types.str;
  49           description = "Static IPv6 address of the machine.";
  50           example     = "fe80::1";
  51         };
  52       };
  53     }));
  54   };
  55 };
  56 config = {
  57   nixpkgs.overlays = import ../overlays.nix;
  58   networking = {
  59     domainBase    = "commonsoft";
  60     domain        = "${networking.domainBase}.coop";
  61     domainAliases = [
  62      "${networking.domainBase}.org"
  63      "${networking.domainBase}.net"
  64     ];
  65   };
  66   users.mutableUsers = false;
  67   users.users = {
  68       root.initialPassword = userPass "root";
  69       root.password        = config.users.users.root.initialPassword;
  70       julm = {
  71         uid             = 1000;
  72         extraGroups     = [ "sudo" ];
  73         description     = "Julien Moutinho";
  74         home            = "/home/julm";
  75         shell           = lib.mkDefault config.users.defaultUserShell;
  76         group           = "julm"; # FIXME: unknown group
  77         initialPassword = userPass "julm";
  78         password        = config.users.users.julm.initialPassword;
  79       };
  80   };
  81   users.groups = {
  82     julm = {
  83       gid = config.users.users.julm.uid;
  84     };
  85   };
  86
  87   services = {
  88     nixosManual = {
  89       enable = false; # NOTE: useless on this machine, and CPU intensive.
  90     };
  91     disnix = {
  92       enable = false;
  93     };
  94     openssh = {
  95       enable = true;
  96     };
  97     gitea = {
  98       enable = false;
  99     };
 100     sssd = {
 101       enable = false;
 102     };
 103     dovecot2 = {
 104       #debug = true;
 105     };
 106     journald = {
 107       extraConfig = ''
 108         SystemMaxUse=50M
 109       '';
 110     };
 111     x509 = {
 112       domains =
 113         lib.concatMap
 114          (dom: map (sub: "${sub}.${dom}")
 115            ["www" "git" "mail"])
 116          ([networking.domain] ++ networking.domainAliases)
 117         ++ networking.domainAliases;
 118     };
 119     #postfix.aliases = {
 120     #        "root@${networking.domain}" = [ "test@${networking.domain}" ];
 121     #  "postmaster@${networking.domain}" = [ "test@${networking.domain}" ];
 122     #       "abuse@${networking.domain}" = [ "test@${networking.domain}" ];
 123     #};
 124     #dovecot2.domains = {
 125     #  "${networking.domain}" = {
 126     #    accounts = {
 127     #      julm = {
 128     #        password = pass "${networking.domain}/mail/julm";
 129     #         # "${networking.domain}/dovecot2/julm";
 130     #           #  "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
 131     #        aliases  = ["julien.moutinho@${networking.domain}"];
 132     #        quota    = "512M";
 133     #      };
 134     #      test = {
 135     #        password = pass "${networking.domain}/mail/test";
 136     #         # "${networking.domain}/dovecot2/test";
 137     #           #  "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
 138     #        aliases  = ["test-alias@${networking.domain}"];
 139     #        quota    = "512M";
 140     #      };
 141     #    };
 142     #  };
 143     #};
 144   };
 145   environment = {
 146     systemPackages = with pkgs; [
 147       htop
 148       tree
 149       vim
 150       postgresql
 151       dnsutils
 152       tcpdump
 153       #mysql
 154       #procmail
 155       postgrey
 156       duplicity
 157       pypolicyd-spf
 158       unbound
 159       nsd
 160       dropbear
 161       cryptsetup
 162       openssl
 163       postgresql
 164       cgit
 165       openldap
 166       #mail
 167       #sympa
 168       multitail
 169       inetutils
 170       cgit
 171       ncdu
 172       mailutils
 173       #sssd
 174       docker
 175       #nss_ldap
 176       #nss_pam_ldapd
 177       socat
 178     ];
 179   };
 180 };
 181 }