]> Git — Sourcephile - sourcephile-nix.git/blob - machines/mermet/public-inbox.nix
nix: re-add smartctl-tbw to the environment
[sourcephile-nix.git] / machines / mermet / public-inbox.nix
1 { pkgs, lib, config, ... }:
2 let inherit (config.users) groups;
3 domain = "sourcephile.fr";
4 in
5 {
6 systemd.services.public-inbox-httpd = {
7 serviceConfig.SupplementaryGroups = [ groups."git-daemon".name ];
8 };
9 services.public-inbox = {
10 enable = true;
11 path = with pkgs; [ /*spamassassin*/ ];
12 #mda.args = [ "--no-precheck" ];
13 mda.spamCheck = null;
14 watch.spamCheck = null;
15
16 http.mounts = [
17 "https://mails.${domain}/inbox"
18 "https://public-inbox.${domain}/inbox"
19 ];
20 wwwListing = "match=domain";
21 config.publicinbox = {
22 css = [ "href=https://mails.${domain}/style/light.css" ];
23 };
24
25 nntpServer = [ "nntps://news.${domain}" ];
26 nntp.cert = "/var/lib/acme/${domain}/fullchain.pem";
27 nntp.key = "/var/lib/acme/${domain}/key.pem";
28 nntp.extraGroups = [ groups.acme.name ];
29
30 inboxes = {
31 atelier = {
32 address = [
33 "atelier@${domain}"
34 "public-inbox+atelier@${domain}"
35 ];
36 description = ''
37 atelier@${domain} :
38 discussions concernant le développement logiciel.
39 '';
40 url = "https://mails.${domain}/inbox/atelier";
41 newsgroup = "inbox.comp.sourcephile.atelier";
42 config.coderepo = [
43 "sourcephile-txt"
44 # TODO: list many source code repositories
45 ];
46 };
47 bar = {
48 address = [
49 "bar@${domain}"
50 "public-inbox+bar@${domain}"
51 ];
52 description = ''
53 bar@${domain} :
54 discussions concernant l'informatique en général.
55 '';
56 url = "https://mails.${domain}/inbox/bar";
57 newsgroup = "inbox.comp.sourcephile.bar";
58 };
59 contact = {
60 address = [
61 "contact@${domain}"
62 "public-inbox+contact@${domain}"
63 ];
64 description = ''
65 contact@${domain} :
66 discussions avec le grand public.
67 '';
68 url = "https://mails.${domain}/inbox/contact";
69 newsgroup = "inbox.comp.sourcephile.contact";
70 #config.coderepo = [ "sourcephile" ];
71 };
72 ecole = {
73 address = [
74 "ecole@${domain}"
75 "public-inbox+ecole@${domain}"
76 ];
77 description = ''
78 ecole@${domain} :
79 discussions pour s'entraider en informatique.
80 '';
81 url = "https://mails.${domain}/inbox/ecole";
82 newsgroup = "inbox.comp.sourcephile.ecole";
83 config.coderepo = [ "sourcephile-txt" ];
84 };
85 environnement = {
86 address = [
87 "environnement@${domain}"
88 "public-inbox+environnement@${domain}"
89 ];
90 description = ''
91 environnement@${domain} :
92 discussions sur les impacts environnementaux de l'informatique.
93 '';
94 url = "https://mails.${domain}/inbox/environnement";
95 newsgroup = "inbox.comp.sourcephile.environnement";
96 config.coderepo = [ "sourcephile-txt" ];
97 };
98 labo = {
99 address = [
100 "labo@${domain}"
101 "public-inbox+labo@${domain}"
102 ];
103 description = ''
104 labo@${domain} :
105 discussions concernant la science de l'informatique.
106 '';
107 url = "https://mails.${domain}/inbox/labo";
108 newsgroup = "inbox.comp.sourcephile.labo";
109 config.coderepo = [
110 "sourcephile-txt"
111 # TODO: list many source code repositories
112 ];
113 };
114 machines = {
115 address = [
116 "machines@${domain}"
117 "public-inbox+machines@${domain}"
118 ];
119 description = ''
120 machines@${domain} :
121 discussions concernant l'administration technique de l'infrastructure informatique.
122 '';
123 url = "https://mails.${domain}/inbox/machines";
124 newsgroup = "inbox.comp.sourcephile.machines";
125 config.coderepo = [ "sourcephile-txt" "sourcephile-nix" ];
126 };
127 pont = {
128 address = [
129 "pont@${domain}"
130 "public-inbox+pont@${domain}"
131 ];
132 description = ''
133 pont@${domain} :
134 discussions à l'attention de l'ensemble des personnes à bord.
135 '';
136 url = "https://mails.${domain}/inbox/pont";
137 newsgroup = "inbox.comp.sourcephile.pont";
138 config.coderepo = [ "sourcephile-txt" ];
139 };
140 test = {
141 address = [
142 "test@${domain}"
143 "public-inbox+test@${domain}"
144 ];
145 description = ''
146 test@${domain} :
147 une cible de test pour effectuer des tirs de mails.
148 '';
149 url = "https://mails.${domain}/inbox/test";
150 newsgroup = "inbox.comp.sourcephile.test";
151 config = {
152 hide = [ "www" "manifest" ];
153 };
154 };
155 };
156
157 config.coderepo = {
158 sourcephile-txt = {
159 dir = "/var/lib/gitolite/repositories/sourcephile-txt.git";
160 cgitUrl = "https://code.${domain}/sourcephile-txt.git";
161 };
162 sourcephile-nix = {
163 dir = "/var/lib/gitolite/repositories/sourcephile-nix.git";
164 cgitUrl = "https://code.${domain}/sourcephile-nix.git";
165 };
166 };
167 };
168 security.acme.certs."${domain}" = {
169 postRun = "systemctl try-restart public-inbox-nntpd";
170 };
171 networking.nftables.ruleset = ''
172 add rule inet filter net2fw tcp dport 563 counter accept comment "NNTPS"
173 '';
174 systemd.services.public-inbox-nntpd = {
175 wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
176 after = [ "acme-selfsigned-${domain}.service" ];
177 };
178 }