install/logical/friot.nix

   1 {pkgs, lib, config, system, ...}:
   2 let inherit (builtins.extraBuiltins) pass;
   3     inherit (lib) types;
   4     inherit (config.services) dovecot2;
   5     userPass = name: pass ("${config.networking.domain}/${config.networking.hostName}/"+name);
   6 in {
   7 imports = [
   8   <nixsys/install/modules.nix>
   9   friot/dovecot.nix
  10   friot/gitolite.nix
  11   friot/nginx.nix
  12   friot/nsd.nix
  13   friot/postfix.nix
  14   friot/postgrey.nix
  15   friot/rmilter.nix
  16   friot/shorewall.nix
  17 ];
  18 options = {
  19   enable = lib.mkEnableOption "friot";
  20   networking.zones = lib.mkOption {
  21     type = types.attrsOf (types.submodule ({zone, ...}: {
  22       options = {
  23         iface = lib.mkOption {
  24           type        = types.str;
  25           description = "Interface name.";
  26           example     = "eth0";
  27         };
  28         ipv4 = lib.mkOption {
  29           type        = types.str;
  30           description = "Static IPv4 address of the machine.";
  31           example     = "1.2.3.4";
  32         };
  33         ipv6 = lib.mkOption {
  34           type        = types.str;
  35           description = "Static IPv6 address of the machine.";
  36           example     = "fe80::1";
  37         };
  38       };
  39     }));
  40   };
  41 };
  42 config = {
  43   networking = {
  44     domain = "commonade.coop";
  45   };
  46   #fqdn   = "machine1.logic.coop";
  47   users.mutableUsers = false;
  48   users.users = {
  49       root.initialPassword = userPass "root";
  50       root.password        = config.users.users.root.initialPassword;
  51       julm = {
  52         uid             = 4242;
  53         extraGroups     = [ "sudo" ];
  54         description     = "Julien Moutinho";
  55         home            = "/home/julm";
  56         shell           = lib.mkDefault config.users.defaultUserShell;
  57         group           = "julm"; # FIXME: unknown group
  58         initialPassword = userPass "julm";
  59         password        = config.users.users.julm.initialPassword;
  60       };
  61   };
  62
  63   services = {
  64     nixosManual = {
  65       enable = false; # NOTE: useless on this machine, and CPU intensive.
  66     };
  67     disnix = {
  68       enable = false;
  69     };
  70     openssh = {
  71       enable = true;
  72     };
  73     openldap = {
  74       enable = true;
  75       #declarativeContents = ''
  76       #    dn: dc=example,dc=org
  77       #    objectClass: domain
  78       #    dc: example
  79       #
  80       #    dn: ou=users,dc=example,dc=org
  81       #    objectClass = organizationalUnit
  82       #    ou: users
  83       #
  84       #    # ...
  85       #'';
  86     };
  87     gitea = {
  88       enable = false;
  89     };
  90     dovecot2 = {
  91       #debug = true;
  92     };
  93     journald = {
  94       extraConfig = ''
  95         SystemMaxUse=50M
  96       '';
  97     };
  98     x509 = {
  99       domains =
 100        [ "www.${config.networking.domain}" ] ++
 101        [ "git.${config.networking.domain}" ] ++
 102        [ "mail.${config.networking.domain}" ] ++
 103        builtins.attrNames dovecot2.domains;
 104     };
 105     postfix.aliases = {
 106             "root@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
 107       "postmaster@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
 108            "abuse@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
 109     };
 110     dovecot2.domains = {
 111       "${config.networking.domain}" = {
 112         accounts = {
 113           julm = {
 114             password = pass "${config.networking.domain}/mail/julm";
 115              # "${config.networking.domain}/dovecot2/julm";
 116                #  "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
 117             aliases  = ["julien.moutinho@${config.networking.domain}"];
 118             quota    = "512M";
 119           };
 120           test = {
 121             password = pass "${config.networking.domain}/mail/test";
 122              # "${config.networking.domain}/dovecot2/test";
 123                #  "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
 124             aliases  = ["test-alias@${config.networking.domain}"];
 125             quota    = "512M";
 126           };
 127         };
 128       };
 129     };
 130   };
 131   environment = {
 132     systemPackages = with pkgs; [
 133       htop
 134       tree
 135       vim
 136       postgresql
 137       dnsutils
 138       tcpdump
 139       #mysql
 140       #procmail
 141       postgrey
 142       duplicity
 143       pypolicyd-spf
 144       unbound
 145       nsd
 146       dropbear
 147       cryptsetup
 148       openssl
 149       gitolite
 150       postgresql
 151       cgit
 152       openldap
 153       #mail
 154       #sympa
 155       multitail
 156       inetutils
 157       cgit
 158       ncdu
 159       #mailutils
 160     ];
 161   };
 162 };
 163 }