]> Git — Sourcephile - sourcephile-nix.git/blob - machines/mermet/public-inbox.nix
nix: update to latest nixpkgs
[sourcephile-nix.git] / machines / mermet / public-inbox.nix
1 { pkgs, lib, config, ... }:
2 let inherit (config.services) public-inbox;
3 inherit (config.users) groups;
4 domain = "sourcephile.fr";
5 in
6 # Pour supprimer un message :
7 # curl https://mails.sourcephile.fr/inbox/environnement/8ea699887ca47797b4460053588cbef2d115829ab4@vieber.ru/raw |
8 # sudo -u public-inbox public-inbox-learn rm
9 {
10 security.acme.certs."${domain}" = {
11 postRun = "systemctl try-restart public-inbox-nntpd public-inbox-imapd";
12 };
13 networking.nftables.ruleset = ''
14 add rule inet filter net2fw tcp dport ${toString public-inbox.nntp.port} counter accept comment "NNTPS"
15 add rule inet filter net2fw tcp dport 1993 counter accept comment "IMAPS"
16 '';
17 systemd.services = {
18 public-inbox-httpd = {
19 serviceConfig = {
20 SupplementaryGroups = [ groups."git-daemon".name ];
21 BindReadOnlyPaths = [ "/var/lib/acme/${domain}" ];
22 };
23 };
24 public-inbox-imapd = {
25 wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
26 after = [ "acme-selfsigned-${domain}.service" ];
27 serviceConfig = {
28 SupplementaryGroups = [ groups."acme".name ];
29 BindReadOnlyPaths = [ "/var/lib/acme/${domain}" ];
30 RestrictAddressFamilies = [ "AF_INET" ]; # For custom --listen
31 };
32 };
33 public-inbox-nntpd = {
34 wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
35 after = [ "acme-selfsigned-${domain}.service" ];
36 serviceConfig = {
37 SupplementaryGroups = [ groups."acme".name ];
38 BindReadOnlyPaths = [ "/var/lib/acme/${domain}" ];
39 };
40 };
41 };
42 services.public-inbox = {
43 enable = true;
44 settings.publicinbox = {
45 css = [ "href=https://mails.${domain}/style/light.css" ];
46 nntpserver = [ "nntps://news.${domain}" ];
47 wwwlisting = "match=domain";
48 };
49 mda = {
50 enable = true;
51 args = [ "--no-precheck" ]; # Allow Bcc:
52 };
53 http = {
54 enable = true;
55 port = "/run/publix-inbox-http.sock";
56 #port = 8080;
57 mounts = [
58 "https://mails.${domain}/inbox"
59 "https://public-inbox.${domain}/inbox"
60 ];
61 };
62 nntp = {
63 enable = true;
64 #port = 563;
65 cert = "/var/lib/acme/${domain}/fullchain.pem";
66 key = "/var/lib/acme/${domain}/key.pem";
67 };
68 imap = {
69 args = [ "--listen" "imaps://0.0.0.0:1993/?cert=/var/lib/acme/${domain}/fullchain.pem,key=/var/lib/acme/${domain}/key.pem" ];
70 enable = true;
71 # FIXME: find an IP or .onion to put 993
72 port = null;
73 #cert = "/var/lib/acme/${domain}/fullchain.pem";
74 #key = "/var/lib/acme/${domain}/key.pem";
75 };
76 inboxes = {
77 news = {
78 address = [
79 "news@${domain}"
80 "public-inbox+news@${domain}"
81 ];
82 description = ''
83 news@${domain} :
84 annonces d'informations concernant importantes
85 '';
86 url = "https://mails.${domain}/inbox/news";
87 newsgroup = "inbox.comp.sourcephile.news";
88 coderepo = [ "sourcephile-txt" ];
89 };
90 chat = {
91 address = [
92 "chat@${domain}"
93 "public-inbox+chat@${domain}"
94 ];
95 description = ''
96 chat@${domain} :
97 discussions concernant l'informatique en général.
98 '';
99 url = "https://mails.${domain}/inbox/chat";
100 newsgroup = "inbox.comp.sourcephile.chat";
101 };
102 contact = {
103 address = [
104 "contact@${domain}"
105 "public-inbox+contact@${domain}"
106 ];
107 description = ''
108 contact@${domain} :
109 discussions avec le grand public.
110 '';
111 url = "https://mails.${domain}/inbox/contact";
112 newsgroup = "inbox.comp.sourcephile.contact";
113 #coderepo = [ "sourcephile" ];
114 };
115 environnement = {
116 address = [
117 "environnement@${domain}"
118 "public-inbox+environnement@${domain}"
119 ];
120 description = ''
121 environnement@${domain} :
122 discussions sur les impacts environnementaux de l'informatique.
123 '';
124 url = "https://mails.${domain}/inbox/environnement";
125 newsgroup = "inbox.comp.sourcephile.environnement";
126 coderepo = [ "sourcephile-txt" ];
127 };
128 labo = {
129 address = [
130 "labo@${domain}"
131 "public-inbox+labo@${domain}"
132 ];
133 description = ''
134 labo@${domain} :
135 discussions concernant la science de l'informatique.
136 '';
137 url = "https://mails.${domain}/inbox/labo";
138 newsgroup = "inbox.comp.sourcephile.labo";
139 coderepo = [
140 "sourcephile-txt"
141 # TODO: list many source code repositories
142 ];
143 };
144 prod = {
145 address = [
146 "prod@${domain}"
147 "public-inbox+prod@${domain}"
148 ];
149 description = ''
150 prod@${domain} :
151 discussions concernant l'administration technique de l'infrastructure informatique.
152 '';
153 url = "https://mails.${domain}/inbox/prod";
154 newsgroup = "inbox.comp.sourcephile.prod";
155 coderepo = [ "sourcephile-txt" "sourcephile-nix" ];
156 };
157 orga = {
158 address = [
159 "orga@${domain}"
160 "public-inbox+orga@${domain}"
161 ];
162 description = ''
163 orga@${domain} :
164 discussions à l'attention de l'ensemble des personnes à bord.
165 '';
166 url = "https://mails.${domain}/inbox/orga";
167 newsgroup = "inbox.comp.sourcephile.orga";
168 coderepo = [ "sourcephile-txt" ];
169 };
170 test = {
171 address = [
172 "test@${domain}"
173 "public-inbox+test@${domain}"
174 ];
175 description = ''
176 test@${domain} :
177 une cible de test pour effectuer des tirs de mails.
178 '';
179 url = "https://mails.${domain}/inbox/test";
180 newsgroup = "inbox.comp.sourcephile.test";
181 hide = [ "www" "manifest" ];
182 };
183 };
184 settings.coderepo = {
185 sourcephile-txt = {
186 dir = "/var/lib/gitolite/repositories/sourcephile-txt.git";
187 cgitUrl = "https://code.${domain}/sourcephile-txt.git";
188 };
189 sourcephile-nix = {
190 dir = "/var/lib/gitolite/repositories/sourcephile-nix.git";
191 cgitUrl = "https://code.${domain}/sourcephile-nix.git";
192 };
193 };
194 };
195 }