]> Git — Sourcephile - sourcephile-nix.git/blob - machines/mermet/public-inbox.nix
sourcephile / git / sourcephile-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
nix: set usePredictableInterfaceNames
[sourcephile-nix.git] / machines / mermet / public-inbox.nix
1 { pkgs, lib, config, ... }:
2 let inherit (config.services) public-inbox;
3 inherit (config.users) groups;
4 domain = "sourcephile.fr";
5 in
6 # Pour supprimer un message :
7 # curl https://mails.sourcephile.fr/inbox/environnement/8ea699887ca47797b4460053588cbef2d115829ab4@vieber.ru/raw |
8 # sudo -u public-inbox public-inbox-learn rm
9 {
10 security.acme.certs."${domain}" = {
11 postRun = "systemctl try-restart public-inbox-nntpd public-inbox-imapd";
12 };
13 networking.nftables.ruleset = ''
14 add rule inet filter net2fw tcp dport ${toString public-inbox.nntp.port} counter accept comment "NNTPS"
15 add rule inet filter net2fw tcp dport 1993 counter accept comment "IMAPS"
16 '';
17 systemd.services = {
18 public-inbox-httpd = {
19 serviceConfig = {
20 SupplementaryGroups = [ groups."git-daemon".name ];
21 BindReadOnlyPaths = [ "/var/lib/acme/${domain}" ];
22 };
23 };
24 public-inbox-imapd = {
25 wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
26 after = [ "acme-selfsigned-${domain}.service" ];
27 serviceConfig = {
28 SupplementaryGroups = [ groups."acme".name ];
29 BindReadOnlyPaths = [ "/var/lib/acme/${domain}" ];
30 RestrictAddressFamilies = [ "AF_INET" ]; # For custom --listen
31 };
32 };
33 public-inbox-nntpd = {
34 wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
35 after = [ "acme-selfsigned-${domain}.service" ];
36 serviceConfig = {
37 SupplementaryGroups = [ groups."acme".name ];
38 BindReadOnlyPaths = [ "/var/lib/acme/${domain}" ];
39 };
40 };
41 };
42 services.public-inbox = {
43 enable = true;
44 settings.publicinbox = {
45 css = [ "href=https://mails.${domain}/style/light.css" ];
46 nntpserver = [ "nntps://news.${domain}" ];
47 wwwlisting = "match=domain";
48 };
49 mda = {
50 enable = true;
51 args = [ "--no-precheck" ]; # Allow Bcc:
52 };
53 http = {
54 enable = true;
55 port = "/run/publix-inbox-http.sock";
56 #port = 8080;
57 mounts = [
58 "https://mails.${domain}/inbox"
59 "https://public-inbox.${domain}/inbox"
60 ];
61 };
62 nntp = {
63 enable = true;
64 #port = 563;
65 cert = "/var/lib/acme/${domain}/fullchain.pem";
66 key = "/var/lib/acme/${domain}/key.pem";
67 };
68 imap = {
69 args = [ "--listen" "imaps://0.0.0.0:1993/?cert=/var/lib/acme/${domain}/fullchain.pem,key=/var/lib/acme/${domain}/key.pem" ];
70 enable = true;
71 # FIXME: find an IP or .onion to put 993
72 port = null;
73 #cert = "/var/lib/acme/${domain}/fullchain.pem";
74 #key = "/var/lib/acme/${domain}/key.pem";
75 };
76 inboxes = {
77 atelier = {
78 address = [
79 "atelier@${domain}"
80 "public-inbox+atelier@${domain}"
81 ];
82 url = "https://mails.${domain}/inbox/atelier";
83 description = ''
84 atelier@${domain} :
85 discussions concernant le développement logiciel.
86 '';
87 newsgroup = "inbox.comp.sourcephile.atelier";
88 coderepo = [
89 "sourcephile-txt"
90 # TODO: list many source code repositories
91 ];
92 };
93 /*
94 bar = {
95 address = [
96 "bar@${domain}"
97 "public-inbox+bar@${domain}"
98 ];
99 description = ''
100 bar@${domain} :
101 discussions concernant l'informatique en général.
102 '';
103 url = "https://mails.${domain}/inbox/bar";
104 newsgroup = "inbox.comp.sourcephile.bar";
105 };
106 contact = {
107 address = [
108 "contact@${domain}"
109 "public-inbox+contact@${domain}"
110 ];
111 description = ''
112 contact@${domain} :
113 discussions avec le grand public.
114 '';
115 url = "https://mails.${domain}/inbox/contact";
116 newsgroup = "inbox.comp.sourcephile.contact";
117 #coderepo = [ "sourcephile" ];
118 };
119 ecole = {
120 address = [
121 "ecole@${domain}"
122 "public-inbox+ecole@${domain}"
123 ];
124 description = ''
125 ecole@${domain} :
126 discussions pour s'entraider en informatique.
127 '';
128 url = "https://mails.${domain}/inbox/ecole";
129 newsgroup = "inbox.comp.sourcephile.ecole";
130 coderepo = [ "sourcephile-txt" ];
131 };
132 environnement = {
133 address = [
134 "environnement@${domain}"
135 "public-inbox+environnement@${domain}"
136 ];
137 description = ''
138 environnement@${domain} :
139 discussions sur les impacts environnementaux de l'informatique.
140 '';
141 url = "https://mails.${domain}/inbox/environnement";
142 newsgroup = "inbox.comp.sourcephile.environnement";
143 coderepo = [ "sourcephile-txt" ];
144 };
145 labo = {
146 address = [
147 "labo@${domain}"
148 "public-inbox+labo@${domain}"
149 ];
150 description = ''
151 labo@${domain} :
152 discussions concernant la science de l'informatique.
153 '';
154 url = "https://mails.${domain}/inbox/labo";
155 newsgroup = "inbox.comp.sourcephile.labo";
156 coderepo = [
157 "sourcephile-txt"
158 # TODO: list many source code repositories
159 ];
160 };
161 machines = {
162 address = [
163 "machines@${domain}"
164 "public-inbox+machines@${domain}"
165 ];
166 description = ''
167 machines@${domain} :
168 discussions concernant l'administration technique de l'infrastructure informatique.
169 '';
170 url = "https://mails.${domain}/inbox/machines";
171 newsgroup = "inbox.comp.sourcephile.machines";
172 coderepo = [ "sourcephile-txt" "sourcephile-nix" ];
173 };
174 pont = {
175 address = [
176 "pont@${domain}"
177 "public-inbox+pont@${domain}"
178 ];
179 description = ''
180 pont@${domain} :
181 discussions à l'attention de l'ensemble des personnes à bord.
182 '';
183 url = "https://mails.${domain}/inbox/pont";
184 newsgroup = "inbox.comp.sourcephile.pont";
185 coderepo = [ "sourcephile-txt" ];
186 };
187 test = {
188 address = [
189 "test@${domain}"
190 "public-inbox+test@${domain}"
191 ];
192 description = ''
193 test@${domain} :
194 une cible de test pour effectuer des tirs de mails.
195 '';
196 url = "https://mails.${domain}/inbox/test";
197 newsgroup = "inbox.comp.sourcephile.test";
198 hide = [ "www" "manifest" ];
199 };
200 */};
201 settings.coderepo = {
202 sourcephile-txt = {
203 dir = "/var/lib/gitolite/repositories/sourcephile-txt.git";
204 cgitUrl = "https://code.${domain}/sourcephile-txt.git";
205 };
206 sourcephile-nix = {
207 dir = "/var/lib/gitolite/repositories/sourcephile-nix.git";
208 cgitUrl = "https://code.${domain}/sourcephile-nix.git";
209 };
210 };
211 };
212 }
NixOS configurations for Sourcephile's infrastructure