]> Git — Sourcephile - sourcephile-nix.git/blob - machines/mermet/public-inbox.nix
sourcephile / git / sourcephile-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
public-inbox: rewrite the module
[sourcephile-nix.git] / machines / mermet / public-inbox.nix
1 { pkgs, lib, config, ... }:
2 let inherit (config.users) groups;
3 domain = "sourcephile.fr";
4 in
5 {
6 security.acme.certs."${domain}" = {
7 postRun = "systemctl try-restart public-inbox-nntpd public-inbox-imapd";
8 };
9 networking.nftables.ruleset = ''
10 add rule inet filter net2fw tcp dport 563 counter accept comment "NNTPS"
11 add rule inet filter net2fw tcp dport 1993 counter accept comment "IMAPS"
12 '';
13 systemd.services = {
14 public-inbox-httpd = {
15 serviceConfig.SupplementaryGroups = [ groups."git-daemon".name ];
16 };
17 public-inbox-imapd = {
18 wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
19 after = [ "acme-selfsigned-${domain}.service" ];
20 serviceConfig.SupplementaryGroups = [ groups."acme".name ];
21 };
22 public-inbox-nntpd = {
23 wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
24 after = [ "acme-selfsigned-${domain}.service" ];
25 serviceConfig.SupplementaryGroups = [ groups."acme".name ];
26 };
27 };
28 services.public-inbox = {
29 enable = true;
30 path = with pkgs; [ /*spamassassin*/ ];
31 http.mounts = [
32 "https://mails.${domain}/inbox"
33 "https://public-inbox.${domain}/inbox"
34 ];
35 settings.publicinbox = {
36 css = [ "href=https://mails.${domain}/style/light.css" ];
37 nntpserver = [ "nntps://news.${domain}" ];
38 wwwlisting = "match=domain";
39 };
40 #mda.args = [ "--no-precheck" ];
41 settings.publicinboxmda.spamcheck = "none";
42 settings.publicinboxwatch.spamcheck = "none";
43 nntp.cert = "/var/lib/acme/${domain}/fullchain.pem";
44 nntp.key = "/var/lib/acme/${domain}/key.pem";
45 imap.listenStreams = [ "0.0.0.0:1993" ];
46 imap.cert = "/var/lib/acme/${domain}/fullchain.pem";
47 imap.key = "/var/lib/acme/${domain}/key.pem";
48 inboxes = {
49 atelier = {
50 address = [
51 "atelier@${domain}"
52 "public-inbox+atelier@${domain}"
53 ];
54 url = "https://mails.${domain}/inbox/atelier";
55 description = ''
56 atelier@${domain} :
57 discussions concernant le développement logiciel.
58 '';
59 newsgroup = "inbox.comp.sourcephile.atelier";
60 coderepo = [
61 "sourcephile-txt"
62 # TODO: list many source code repositories
63 ];
64 };
65 /*
66 bar = {
67 address = [
68 "bar@${domain}"
69 "public-inbox+bar@${domain}"
70 ];
71 description = ''
72 bar@${domain} :
73 discussions concernant l'informatique en général.
74 '';
75 url = "https://mails.${domain}/inbox/bar";
76 newsgroup = "inbox.comp.sourcephile.bar";
77 };
78 contact = {
79 address = [
80 "contact@${domain}"
81 "public-inbox+contact@${domain}"
82 ];
83 description = ''
84 contact@${domain} :
85 discussions avec le grand public.
86 '';
87 url = "https://mails.${domain}/inbox/contact";
88 newsgroup = "inbox.comp.sourcephile.contact";
89 #coderepo = [ "sourcephile" ];
90 };
91 ecole = {
92 address = [
93 "ecole@${domain}"
94 "public-inbox+ecole@${domain}"
95 ];
96 description = ''
97 ecole@${domain} :
98 discussions pour s'entraider en informatique.
99 '';
100 url = "https://mails.${domain}/inbox/ecole";
101 newsgroup = "inbox.comp.sourcephile.ecole";
102 coderepo = [ "sourcephile-txt" ];
103 };
104 environnement = {
105 address = [
106 "environnement@${domain}"
107 "public-inbox+environnement@${domain}"
108 ];
109 description = ''
110 environnement@${domain} :
111 discussions sur les impacts environnementaux de l'informatique.
112 '';
113 url = "https://mails.${domain}/inbox/environnement";
114 newsgroup = "inbox.comp.sourcephile.environnement";
115 coderepo = [ "sourcephile-txt" ];
116 };
117 labo = {
118 address = [
119 "labo@${domain}"
120 "public-inbox+labo@${domain}"
121 ];
122 description = ''
123 labo@${domain} :
124 discussions concernant la science de l'informatique.
125 '';
126 url = "https://mails.${domain}/inbox/labo";
127 newsgroup = "inbox.comp.sourcephile.labo";
128 coderepo = [
129 "sourcephile-txt"
130 # TODO: list many source code repositories
131 ];
132 };
133 machines = {
134 address = [
135 "machines@${domain}"
136 "public-inbox+machines@${domain}"
137 ];
138 description = ''
139 machines@${domain} :
140 discussions concernant l'administration technique de l'infrastructure informatique.
141 '';
142 url = "https://mails.${domain}/inbox/machines";
143 newsgroup = "inbox.comp.sourcephile.machines";
144 coderepo = [ "sourcephile-txt" "sourcephile-nix" ];
145 };
146 pont = {
147 address = [
148 "pont@${domain}"
149 "public-inbox+pont@${domain}"
150 ];
151 description = ''
152 pont@${domain} :
153 discussions à l'attention de l'ensemble des personnes à bord.
154 '';
155 url = "https://mails.${domain}/inbox/pont";
156 newsgroup = "inbox.comp.sourcephile.pont";
157 coderepo = [ "sourcephile-txt" ];
158 };
159 test = {
160 address = [
161 "test@${domain}"
162 "public-inbox+test@${domain}"
163 ];
164 description = ''
165 test@${domain} :
166 une cible de test pour effectuer des tirs de mails.
167 '';
168 url = "https://mails.${domain}/inbox/test";
169 newsgroup = "inbox.comp.sourcephile.test";
170 hide = [ "www" "manifest" ];
171 };
172 */};
173 settings.coderepo = {
174 sourcephile-txt = {
175 dir = "/var/lib/gitolite/repositories/sourcephile-txt.git";
176 cgitUrl = "https://code.${domain}/sourcephile-txt.git";
177 };
178 sourcephile-nix = {
179 dir = "/var/lib/gitolite/repositories/sourcephile-nix.git";
180 cgitUrl = "https://code.${domain}/sourcephile-nix.git";
181 };
182 };
183 };
184 }
NixOS configurations for Sourcephile's infrastructure