]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/mermet/public-inbox.nix
secrets: update
[sourcephile-nix.git] / hosts / mermet / public-inbox.nix
1 { pkgs, lib, config, ... }:
2 let inherit (config.services) public-inbox;
3 inherit (config.users) groups;
4 orga = "sourcephile";
5 domain = "${orga}.fr";
6 in
7 # Pour supprimer un message :
8 # curl https://mails.sourcephile.fr/inbox/environnement/8ea699887ca47797b4460053588cbef2d115829ab4@vieber.ru/raw |
9 # sudo -u public-inbox public-inbox-learn rm
10 {
11 security.acme.certs."${domain}" = {
12 postRun = "systemctl try-restart public-inbox-nntpd public-inbox-imapd";
13 };
14 networking.nftables.ruleset = ''
15 add rule inet filter net2fw tcp dport ${toString public-inbox.nntp.port} counter accept comment "NNTPS"
16 add rule inet filter net2fw tcp dport 1993 counter accept comment "IMAPS"
17 '';
18 fileSystems."/var/lib/public-inbox" = {
19 device = "rpool/var/public-inbox";
20 fsType = "zfs";
21 };
22 systemd.services = {
23 public-inbox-httpd = {
24 serviceConfig = {
25 SupplementaryGroups = [ groups."git-daemon".name ];
26 BindReadOnlyPaths = [ "/var/lib/acme/${domain}" ];
27 };
28 };
29 public-inbox-imapd = {
30 wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
31 after = [ "acme-selfsigned-${domain}.service" ];
32 serviceConfig = {
33 SupplementaryGroups = [ groups."acme".name ];
34 BindReadOnlyPaths = [ "/var/lib/acme/${domain}" ];
35 };
36 };
37 public-inbox-nntpd = {
38 wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
39 after = [ "acme-selfsigned-${domain}.service" ];
40 serviceConfig = {
41 SupplementaryGroups = [ groups."acme".name ];
42 BindReadOnlyPaths = [ "/var/lib/acme/${domain}" ];
43 };
44 };
45 };
46 services = let
47 inbox-git = name: {
48 postfix.virtual = ''
49 ${name}@${domain} public-inbox@localhost
50 '';
51 public-inbox.inboxes.${name} = {
52 address = [
53 "${name}@${domain}"
54 "public-inbox+${name}@${domain}"
55 ];
56 description = ''
57 ${name}@${domain} :
58 discussions concernant ${name}.
59 '';
60 url = "https://mails.${domain}/inbox/${name}";
61 newsgroup = "inbox.comp.${orga}.${name}";
62 coderepo = [ name ];
63 };
64 public-inbox.settings.coderepo.${name} = {
65 dir = "/var/lib/gitolite/repositories/${name}.git";
66 cgitUrl = "https://code.${domain}/${name}.git";
67 };
68 }; in lib.mkMerge (
69 map inbox-git [
70 "comptalang"
71 "doclang"
72 "majurity"
73 "reloto"
74 "symantic"
75 "symantic-atom"
76 "symantic-base"
77 "symantic-cli"
78 "symantic-document"
79 "symantic-http"
80 "symantic-parser"
81 "symantic-xml"
82 ] ++
83 [{ public-inbox = {
84 enable = true;
85 settings.publicinbox = {
86 css = [ "href=https://mails.${domain}/style/light.css" ];
87 nntpserver = [ "nntps://news.${domain}" ];
88 wwwlisting = "match=domain";
89 };
90 mda = {
91 enable = true;
92 args = [ "--no-precheck" ]; # Allow Bcc:
93 };
94 http = {
95 enable = true;
96 port = "/run/public-inbox-http.sock";
97 #port = 8080;
98 args = ["-W0"];
99 mounts = [
100 "https://mails.${domain}/inbox"
101 "https://public-inbox.${domain}/inbox"
102 ];
103 };
104 nntp = {
105 enable = true;
106 #port = 563;
107 args = ["-W0"];
108 cert = "/var/lib/acme/${domain}/fullchain.pem";
109 key = "/var/lib/acme/${domain}/key.pem";
110 };
111 imap = {
112 enable = true;
113 # FIXME: find an IP or .onion to put 993
114 port = null;
115 args = [ "-W0" "--listen" "imaps://0.0.0.0:1993" ];
116 #args = ["-W0"];
117 cert = "/var/lib/acme/${domain}/fullchain.pem";
118 key = "/var/lib/acme/${domain}/key.pem";
119 };
120 inboxes = {
121 news = {
122 address = [
123 "news@${domain}"
124 "public-inbox+news@${domain}"
125 ];
126 description = ''
127 news@${domain} :
128 annonces d'informations concernant importantes
129 '';
130 url = "https://mails.${domain}/inbox/news";
131 newsgroup = "inbox.comp.${orga}.news";
132 #coderepo = [ "sourcephile-txt" ];
133 };
134 chat = {
135 address = [
136 "chat@${domain}"
137 "public-inbox+chat@${domain}"
138 ];
139 description = ''
140 chat@${domain} :
141 discussions concernant l'informatique en général.
142 '';
143 url = "https://mails.${domain}/inbox/chat";
144 newsgroup = "inbox.comp.${orga}.chat";
145 };
146 contact = {
147 address = [
148 "contact@${domain}"
149 "public-inbox+contact@${domain}"
150 ];
151 description = ''
152 contact@${domain} :
153 discussions avec le grand public.
154 '';
155 url = "https://mails.${domain}/inbox/contact";
156 newsgroup = "inbox.comp.${orga}.contact";
157 #coderepo = [ "${orga}" ];
158 };
159 environnement = {
160 address = [
161 "environnement@${domain}"
162 "public-inbox+environnement@${domain}"
163 ];
164 description = ''
165 environnement@${domain} :
166 discussions sur les impacts environnementaux de l'informatique.
167 '';
168 url = "https://mails.${domain}/inbox/environnement";
169 newsgroup = "inbox.comp.${orga}.environnement";
170 #coderepo = [ "sourcephile-txt" ];
171 };
172 labo = {
173 address = [
174 "labo@${domain}"
175 "public-inbox+labo@${domain}"
176 ];
177 description = ''
178 labo@${domain} :
179 discussions concernant la science de l'informatique.
180 '';
181 url = "https://mails.${domain}/inbox/labo";
182 newsgroup = "inbox.comp.${orga}.labo";
183 # TODO: list many source code repositories
184 #coderepo = [ "sourcephile-txt" ];
185 };
186 prod = {
187 address = [
188 "prod@${domain}"
189 "public-inbox+prod@${domain}"
190 ];
191 description = ''
192 prod@${domain} :
193 discussions concernant l'administration technique de l'infrastructure informatique.
194 '';
195 url = "https://mails.${domain}/inbox/prod";
196 newsgroup = "inbox.comp.${orga}.prod";
197 #coderepo = [ "sourcephile-txt" "sourcephile-nix" ];
198 };
199 orga = {
200 address = [
201 "orga@${domain}"
202 "public-inbox+orga@${domain}"
203 ];
204 description = ''
205 orga@${domain} :
206 discussions à l'attention de l'ensemble des personnes à bord.
207 '';
208 url = "https://mails.${domain}/inbox/orga";
209 newsgroup = "inbox.comp.${orga}.orga";
210 #coderepo = [ "sourcephile-txt" ];
211 };
212 test = {
213 address = [
214 "test@${domain}"
215 "public-inbox+test@${domain}"
216 ];
217 description = ''
218 test@${domain} :
219 une cible de test pour effectuer des tirs de mails.
220 '';
221 url = "https://mails.${domain}/inbox/test";
222 newsgroup = "inbox.comp.${orga}.test";
223 hide = [ /* FIXME: doesn't work for IMAP */"imap" "www" "manifest" ];
224 };
225 };
226 settings.coderepo = {
227 sourcephile-txt = {
228 dir = "/var/lib/gitolite/repositories/sourcephile-txt.git";
229 cgitUrl = "https://code.${domain}/sourcephile-txt.git";
230 };
231 sourcephile-nix = {
232 dir = "/var/lib/gitolite/repositories/sourcephile-nix.git";
233 cgitUrl = "https://code.${domain}/sourcephile-nix.git";
234 };
235 };
236 };
237 }]
238 );
239 }