install/logical/friot.nix

   1 {pkgs, lib, config, system, ...}:
   2 let inherit (builtins.extraBuiltins) pass;
   3     inherit (lib) types;
   4     inherit (config) networking;
   5     inherit (config.services) dovecot2;
   6     userPass = name: pass ("${networking.domain}/${networking.hostName}/"+name);
   7 in {
   8 imports = [
   9   <nixpkgs-commonsoft/install/modules.nix>
  10   friot/dovecot.nix
  11   friot/gitolite.nix
  12   friot/nginx.nix
  13   friot/nsd.nix
  14   friot/postfix.nix
  15   friot/postgrey.nix
  16   friot/rmilter.nix
  17   friot/shorewall.nix
  18   friot/openldap.nix
  19   #friot/discourse.nix
  20 ];
  21 options = {
  22   enable = lib.mkEnableOption "friot";
  23   networking.domainBase = lib.mkOption {
  24     type        = types.str;
  25     description = "Base network name.";
  26     example     = "example";
  27   };
  28   networking.domainAliases = lib.mkOption {
  29     type        = types.listOf types.str;
  30     description = "Domain aliases.";
  31     example     = [ "example.org" "example.net" ];
  32   };
  33   networking.zones = lib.mkOption {
  34     type = types.attrsOf (types.submodule ({name, options, config, ...}: {
  35       options = {
  36         iface = lib.mkOption {
  37           type        = types.str;
  38           description = "Interface name.";
  39           example     = "eth0";
  40         };
  41         ipv4 = lib.mkOption {
  42           type        = types.str;
  43           description = "Static IPv4 address of the machine.";
  44           example     = "1.2.3.4";
  45         };
  46         ipv6 = lib.mkOption {
  47           type        = types.str;
  48           description = "Static IPv6 address of the machine.";
  49           example     = "fe80::1";
  50         };
  51       };
  52     }));
  53   };
  54 };
  55 config = {
  56   nixpkgs.overlays = import ../overlays.nix;
  57   networking = {
  58     domainBase    = "commonsoft";
  59     domain        = "${networking.domainBase}.coop";
  60     domainAliases = [
  61      "${networking.domainBase}.org"
  62      "${networking.domainBase}.net"
  63     ];
  64   };
  65   users.mutableUsers = false;
  66   users.users = {
  67       root.initialPassword = userPass "root";
  68       root.password        = config.users.users.root.initialPassword;
  69       julm = {
  70         uid             = 1000;
  71         extraGroups     = [ "sudo" ];
  72         description     = "Julien Moutinho";
  73         home            = "/home/julm";
  74         shell           = lib.mkDefault config.users.defaultUserShell;
  75         group           = "julm"; # FIXME: unknown group
  76         initialPassword = userPass "julm";
  77         password        = config.users.users.julm.initialPassword;
  78       };
  79   };
  80   users.groups = {
  81     julm = {
  82       gid = config.users.users.julm.uid;
  83     };
  84   };
  85
  86   services = {
  87     nixosManual = {
  88       enable = false; # NOTE: useless on this machine, and CPU intensive.
  89     };
  90     disnix = {
  91       enable = false;
  92     };
  93     openssh = {
  94       enable = true;
  95     };
  96     gitea = {
  97       enable = false;
  98     };
  99     sssd = {
 100       enable = false;
 101     };
 102     dovecot2 = {
 103       #debug = true;
 104     };
 105     journald = {
 106       extraConfig = ''
 107         SystemMaxUse=50M
 108       '';
 109     };
 110     x509 = {
 111       domains =
 112         lib.concatMap
 113          (dom: map (sub: "${sub}.${dom}")
 114            ["www" "git" "mail"])
 115          ([networking.domain] ++ networking.domainAliases)
 116         ++ networking.domainAliases;
 117     };
 118     #postfix.aliases = {
 119     #        "root@${networking.domain}" = [ "test@${networking.domain}" ];
 120     #  "postmaster@${networking.domain}" = [ "test@${networking.domain}" ];
 121     #       "abuse@${networking.domain}" = [ "test@${networking.domain}" ];
 122     #};
 123     #dovecot2.domains = {
 124     #  "${networking.domain}" = {
 125     #    accounts = {
 126     #      julm = {
 127     #        password = pass "${networking.domain}/mail/julm";
 128     #         # "${networking.domain}/dovecot2/julm";
 129     #           #  "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
 130     #        aliases  = ["julien.moutinho@${networking.domain}"];
 131     #        quota    = "512M";
 132     #      };
 133     #      test = {
 134     #        password = pass "${networking.domain}/mail/test";
 135     #         # "${networking.domain}/dovecot2/test";
 136     #           #  "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
 137     #        aliases  = ["test-alias@${networking.domain}"];
 138     #        quota    = "512M";
 139     #      };
 140     #    };
 141     #  };
 142     #};
 143   };
 144   environment = {
 145     systemPackages = with pkgs; [
 146       htop
 147       tree
 148       vim
 149       postgresql
 150       dnsutils
 151       tcpdump
 152       #mysql
 153       #procmail
 154       postgrey
 155       duplicity
 156       pypolicyd-spf
 157       unbound
 158       nsd
 159       dropbear
 160       cryptsetup
 161       openssl
 162       postgresql
 163       cgit
 164       openldap
 165       #mail
 166       #sympa
 167       multitail
 168       inetutils
 169       cgit
 170       ncdu
 171       mailutils
 172       #sssd
 173       docker
 174       #nss_ldap
 175       #nss_pam_ldapd
 176       socat
 177     ];
 178   };
 179 };
 180 }