install/logical/friot.nix

   1 {pkgs, lib, config, system, ...}:
   2 let inherit (builtins.extraBuiltins) pass;
   3     inherit (lib) types;
   4     inherit (config.services) dovecot2;
   5     userPass = name: pass ("${config.networking.domain}/${config.networking.hostName}/"+name);
   6 in {
   7 imports = [
   8   <nixpkgs-commonsoft/install/modules.nix>
   9   friot/dovecot.nix
  10   friot/gitolite.nix
  11   friot/nginx.nix
  12   friot/nsd.nix
  13   friot/postfix.nix
  14   friot/postgrey.nix
  15   friot/rmilter.nix
  16   friot/shorewall.nix
  17   friot/openldap.nix
  18   #friot/discourse.nix
  19 ];
  20 options = {
  21   enable = lib.mkEnableOption "friot";
  22   networking.baseName = lib.mkOption {
  23     type        = types.str;
  24     description = "Base network name.";
  25     example     = "example";
  26   };
  27   networking.zones = lib.mkOption {
  28     type = types.attrsOf (types.submodule ({name, options, config, ...}: {
  29       options = {
  30         iface = lib.mkOption {
  31           type        = types.str;
  32           description = "Interface name.";
  33           example     = "eth0";
  34         };
  35         ipv4 = lib.mkOption {
  36           type        = types.str;
  37           description = "Static IPv4 address of the machine.";
  38           example     = "1.2.3.4";
  39         };
  40         ipv6 = lib.mkOption {
  41           type        = types.str;
  42           description = "Static IPv6 address of the machine.";
  43           example     = "fe80::1";
  44         };
  45       };
  46     }));
  47   };
  48 };
  49 config = {
  50   nixpkgs.overlays = import ../overlays.nix;
  51   networking = {
  52     baseName = "commonsoft";
  53     domain   = "${config.networking.baseName}.coop";
  54   };
  55   users.mutableUsers = false;
  56   users.users = {
  57       root.initialPassword = userPass "root";
  58       root.password        = config.users.users.root.initialPassword;
  59       julm = {
  60         uid             = 1000;
  61         extraGroups     = [ "sudo" ];
  62         description     = "Julien Moutinho";
  63         home            = "/home/julm";
  64         shell           = lib.mkDefault config.users.defaultUserShell;
  65         group           = "julm"; # FIXME: unknown group
  66         initialPassword = userPass "julm";
  67         password        = config.users.users.julm.initialPassword;
  68       };
  69   };
  70   users.groups = {
  71     julm = {
  72       gid = config.users.users.julm.uid;
  73     };
  74   };
  75
  76   services = {
  77     nixosManual = {
  78       enable = false; # NOTE: useless on this machine, and CPU intensive.
  79     };
  80     disnix = {
  81       enable = false;
  82     };
  83     openssh = {
  84       enable = true;
  85     };
  86     gitea = {
  87       enable = false;
  88     };
  89     sssd = {
  90       enable = false;
  91     };
  92     dovecot2 = {
  93       #debug = true;
  94     };
  95     journald = {
  96       extraConfig = ''
  97         SystemMaxUse=50M
  98       '';
  99     };
 100     x509 = {
 101       domains =
 102        [ "www.${config.networking.domain}" ] ++
 103        [ "git.${config.networking.domain}" ] ++
 104        [ "mail.${config.networking.domain}" ] ++
 105        builtins.attrNames dovecot2.domains;
 106     };
 107     postfix.aliases = {
 108             "root@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
 109       "postmaster@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
 110            "abuse@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
 111     };
 112     dovecot2.domains = {
 113       "${config.networking.domain}" = {
 114         accounts = {
 115           julm = {
 116             password = pass "${config.networking.domain}/mail/julm";
 117              # "${config.networking.domain}/dovecot2/julm";
 118                #  "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
 119             aliases  = ["julien.moutinho@${config.networking.domain}"];
 120             quota    = "512M";
 121           };
 122           test = {
 123             password = pass "${config.networking.domain}/mail/test";
 124              # "${config.networking.domain}/dovecot2/test";
 125                #  "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
 126             aliases  = ["test-alias@${config.networking.domain}"];
 127             quota    = "512M";
 128           };
 129         };
 130       };
 131     };
 132   };
 133   environment = {
 134     systemPackages = with pkgs; [
 135       htop
 136       tree
 137       vim
 138       postgresql
 139       dnsutils
 140       tcpdump
 141       #mysql
 142       #procmail
 143       postgrey
 144       duplicity
 145       pypolicyd-spf
 146       unbound
 147       nsd
 148       dropbear
 149       cryptsetup
 150       openssl
 151       postgresql
 152       cgit
 153       openldap
 154       #mail
 155       #sympa
 156       multitail
 157       inetutils
 158       cgit
 159       ncdu
 160       mailutils
 161       #sssd
 162       docker
 163       #nss_ldap
 164       #nss_pam_ldapd
 165       socat
 166     ];
 167   };
 168 };
 169 }