install/logical/friot.nix

   1 {pkgs, lib, config, system, ...}:
   2 let inherit (builtins.extraBuiltins) pass;
   3     inherit (lib) types;
   4     inherit (config.services) dovecot2;
   5     userPass = name: pass ("${config.networking.domain}/${config.networking.hostName}/"+name);
   6 in {
   7 imports = [
   8   <nixsys/install/modules.nix>
   9   friot/nginx.nix
  10   friot/shorewall.nix
  11   friot/postfix.nix
  12   friot/postgrey.nix
  13   friot/dovecot.nix
  14   friot/rmilter.nix
  15   friot/nsd.nix
  16 ];
  17 options = {
  18   enable = lib.mkEnableOption "friot";
  19   networking.zones = lib.mkOption {
  20     type = types.attrsOf (types.submodule ({zone, ...}: {
  21       options = {
  22         iface = lib.mkOption {
  23           type        = types.str;
  24           description = "Interface name.";
  25           example     = "eth0";
  26         };
  27         ipv4 = lib.mkOption {
  28           type        = types.str;
  29           description = "Static IPv4 address of the machine.";
  30           example     = "1.2.3.4";
  31         };
  32         ipv6 = lib.mkOption {
  33           type        = types.str;
  34           description = "Static IPv6 address of the machine.";
  35           example     = "fe80::1";
  36         };
  37       };
  38     }));
  39   };
  40 };
  41 config = {
  42   networking = {
  43     domain = "commonade.coop";
  44   };
  45   #fqdn   = "machine1.logic.coop";
  46   users.mutableUsers = false;
  47   users.users = {
  48       root.initialPassword = userPass "root";
  49       root.password        = config.users.users.root.initialPassword;
  50       julm = {
  51         uid             = 4242;
  52         extraGroups     = [ "sudo" ];
  53         description     = "Julien Moutinho";
  54         home            = "/home/julm";
  55         shell           = lib.mkDefault config.users.defaultUserShell;
  56         group           = "julm"; # FIXME: unknown group
  57         initialPassword = userPass "julm";
  58         password        = config.users.users.julm.initialPassword;
  59       };
  60   };
  61
  62   services = {
  63     nixosManual = {
  64       enable = false; # NOTE: useless on this machine, and CPU intensive.
  65     };
  66     disnix = {
  67       enable = false;
  68     };
  69     openssh = {
  70       enable = true;
  71     };
  72     openldap = {
  73       enable = true;
  74       #declarativeContents = ''
  75       #    dn: dc=example,dc=org
  76       #    objectClass: domain
  77       #    dc: example
  78       #
  79       #    dn: ou=users,dc=example,dc=org
  80       #    objectClass = organizationalUnit
  81       #    ou: users
  82       #
  83       #    # ...
  84       #'';
  85     };
  86     gitolite = {
  87       enable = true;
  88       user   = "git";
  89       group  = config.services.gitolite.user;
  90       adminPubkey = pass "${config.networking.domain}/ssh/julm";
  91       extraGitoliteRc = ''
  92         $RC{UMASK}           = '0027';
  93         $RC{LOG_DEST}        = 'repo-log,syslog';
  94         $RC{LOG_FACILITY}    = 'local0';
  95         $RC{GIT_CONFIG_KEYS} = 'hooks.* gitweb.*';
  96         $RC{LOCAL_CODE}      = "$rc{GL_ADMIN_BASE}/local"
  97           if -d "$rc{GL_ADMIN_BASE}/local";
  98         push(@{$RC{ENABLE}}, ( 'Alias'
  99                              , 'cgit'
 100                              , 'create'
 101                              , 'D'
 102                              , 'fork'
 103                              , 'keysubdirs-as-groups'
 104                              , 'readme'
 105                              , 'expand-deny-messages'
 106                              , 'repo-specific-hooks'
 107                              , 'Shell julm'
 108                              , 'ssh-authkeys-split'
 109                              ));
 110       '';
 111     };
 112     gitea = {
 113       enable = false;
 114     };
 115     dovecot2 = {
 116       #debug = true;
 117     };
 118     journald = {
 119       extraConfig = ''
 120         SystemMaxUse=50M
 121       '';
 122     };
 123     x509 = {
 124       domains =
 125        builtins.attrNames dovecot2.domains;
 126     };
 127     postfix.aliases = {
 128             "root@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
 129       "postmaster@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
 130            "abuse@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
 131     };
 132     dovecot2.domains = {
 133       "${config.networking.domain}" = {
 134         accounts = {
 135           test = {
 136             password = builtins.extraBuiltins.pass "${config.networking.domain}/dovecot2/test";
 137              # "${config.networking.domain}/dovecot2/test";
 138                #  "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
 139             aliases  = ["test-alias@${config.networking.domain}"];
 140             quota    = "512M";
 141           };
 142         };
 143       };
 144     };
 145   };
 146   environment = {
 147     systemPackages = with pkgs; [
 148       htop
 149       tree
 150       vim
 151       postgresql
 152       dnsutils
 153       tcpdump
 154       #mysql
 155       #procmail
 156       postgrey
 157       duplicity
 158       pypolicyd-spf
 159       unbound
 160       nsd
 161       dropbear
 162       cryptsetup
 163       openssl
 164       gitolite
 165       postgresql
 166       cgit
 167       openldap
 168       #mail
 169       #sympa
 170       multitail
 171       inetutils
 172       cgit
 173       ncdu
 174     ];
 175   };
 176 };
 177 }