]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/mermet/public-inbox.nix
nftables: wg-intra: cleanup
[sourcephile-nix.git] / hosts / mermet / public-inbox.nix
1 { pkgs, lib, config, ... }:
2 let
3 inherit (config.services) public-inbox;
4 inherit (config.users) groups;
5 orga = "sourcephile";
6 domain = "${orga}.fr";
7 repositories = [
8 "doclang"
9 "majurity"
10 "reloto"
11 "haskell/symantic"
12 "haskell/symantic-atom"
13 "haskell/symantic-base"
14 "haskell/symantic-cli"
15 "haskell/symantic-compta"
16 "haskell/symantic-document"
17 "haskell/symantic-http"
18 "haskell/symantic-parser"
19 "haskell/symantic-xml"
20 ];
21 in
22 # Pour supprimer un message :
23 # curl https://mails.sourcephile.fr/inbox/environnement/8ea699887ca47797b4460053588cbef2d115829ab4@vieber.ru/raw |
24 # sudo -u public-inbox public-inbox-learn rm
25 {
26 security.acme.certs."${domain}" = {
27 postRun = "systemctl try-restart public-inbox-nntpd public-inbox-imapd";
28 };
29 networking.nftables.ruleset = ''
30 add rule inet filter net2fw tcp dport ${toString public-inbox.nntp.port} counter accept comment "NNTPS"
31 add rule inet filter net2fw tcp dport 1993 counter accept comment "IMAPS"
32 '';
33 fileSystems."/var/lib/public-inbox" = {
34 device = "rpool/var/public-inbox";
35 fsType = "zfs";
36 };
37 systemd.services = {
38 public-inbox-httpd = {
39 confinement.enable = true;
40 serviceConfig = {
41 SupplementaryGroups = [ groups."git-daemon".name ];
42 #BindReadOnlyPaths = [ "/var/lib/acme/${domain}" ];
43 };
44 };
45 public-inbox-imapd = {
46 confinement.enable = true;
47 wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
48 after = [ "acme-selfsigned-${domain}.service" ];
49 serviceConfig = {
50 SupplementaryGroups = [ groups."acme".name ];
51 BindReadOnlyPaths = [ "/var/lib/acme/${domain}" ];
52 };
53 };
54 public-inbox-init = {
55 confinement.enable = true;
56 };
57 public-inbox-nntpd = {
58 confinement.enable = true;
59 wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
60 after = [ "acme-selfsigned-${domain}.service" ];
61 serviceConfig = {
62 SupplementaryGroups = [ groups."acme".name ];
63 BindReadOnlyPaths = [ "/var/lib/acme/${domain}" ];
64 };
65 };
66 };
67 services.public-inbox = {
68 enable = true;
69 postfix.enable = true;
70 settings.publicinbox = {
71 css = [ "href=https://mails.${domain}/style/light.css" ];
72 nntpserver = [ "nntps://news.${domain}" ];
73 wwwlisting = "match=domain";
74 #imapserver = [ "mails.${domain}" ];
75 };
76 mda = {
77 enable = true;
78 args = [ "--no-precheck" ]; # Allow Bcc:
79 };
80 http = {
81 enable = true;
82 port = "/run/public-inbox-http.sock";
83 #port = 8080;
84 args = ["-W0"];
85 mounts = [
86 "https://mails.${domain}/inbox"
87 "https://public-inbox.${domain}/inbox"
88 ];
89 };
90 nntp = {
91 enable = true;
92 #port = 563;
93 args = ["-W0"];
94 cert = "/var/lib/acme/${domain}/fullchain.pem";
95 key = "/var/lib/acme/${domain}/key.pem";
96 };
97 imap = {
98 enable = true;
99 # FIXME: find an IP or .onion to put 993
100 port = null;
101 args = [ "-W0" "--listen" "imaps://0.0.0.0:1993" ];
102 #args = ["-W0"];
103 cert = "/var/lib/acme/${domain}/fullchain.pem";
104 key = "/var/lib/acme/${domain}/key.pem";
105 };
106 inboxes = {
107 news = {
108 address = [
109 "news@${domain}"
110 ];
111 description = ''
112 news@${domain} :
113 annonces d'informations concernant importantes
114 '';
115 url = "https://mails.${domain}/inbox/news";
116 newsgroup = "inbox.comp.${orga}.news";
117 #coderepo = [ "sourcephile-txt" ];
118 };
119 chat = {
120 address = [
121 "chat@${domain}"
122 ];
123 description = ''
124 chat@${domain} :
125 discussions concernant l'informatique en général.
126 '';
127 url = "https://mails.${domain}/inbox/chat";
128 newsgroup = "inbox.comp.${orga}.chat";
129 };
130 contact = {
131 address = [
132 "contact@${domain}"
133 ];
134 description = ''
135 contact@${domain} :
136 discussions avec le grand public.
137 '';
138 url = "https://mails.${domain}/inbox/contact";
139 newsgroup = "inbox.comp.${orga}.contact";
140 #coderepo = [ "${orga}" ];
141 };
142 environnement = {
143 address = [
144 "environnement@${domain}"
145 ];
146 description = ''
147 environnement@${domain} :
148 discussions sur les impacts environnementaux de l'informatique.
149 '';
150 url = "https://mails.${domain}/inbox/environnement";
151 newsgroup = "inbox.comp.${orga}.environnement";
152 #coderepo = [ "sourcephile-txt" ];
153 };
154 labo = {
155 address = [
156 "labo@${domain}"
157 ];
158 description = ''
159 labo@${domain} :
160 discussions concernant la science de l'informatique.
161 '';
162 url = "https://mails.${domain}/inbox/labo";
163 newsgroup = "inbox.comp.${orga}.labo";
164 # TODO: list many source code repositories
165 #coderepo = [ "sourcephile-txt" ];
166 };
167 prod = {
168 address = [
169 "prod@${domain}"
170 ];
171 description = ''
172 prod@${domain} :
173 discussions concernant l'administration technique de l'infrastructure informatique.
174 '';
175 url = "https://mails.${domain}/inbox/prod";
176 newsgroup = "inbox.comp.${orga}.prod";
177 #coderepo = [ "sourcephile-txt" "sourcephile-nix" ];
178 };
179 orga = {
180 address = [
181 "orga@${domain}"
182 ];
183 description = ''
184 orga@${domain} :
185 discussions à l'attention de l'ensemble des personnes à bord.
186 '';
187 url = "https://mails.${domain}/inbox/orga";
188 newsgroup = "inbox.comp.${orga}.orga";
189 #coderepo = [ "sourcephile-txt" ];
190 };
191 test = {
192 address = [
193 "test@${domain}"
194 ];
195 description = ''
196 test@${domain} :
197 une cible de test pour effectuer des tirs de mails.
198 '';
199 url = "https://mails.${domain}/inbox/test";
200 newsgroup = "inbox.comp.${orga}.test";
201 hide = [ /* FIXME: doesn't work for IMAP */"imap" "www" "manifest" ];
202 };
203 } // lib.genAttrs (map baseNameOf repositories) (name: {
204 address = [
205 "${name}@${domain}"
206 ];
207 description = ''
208 ${name}@${domain} :
209 discussions about ${name}.
210 '';
211 url = "https://mails.${domain}/inbox/${name}";
212 newsgroup = "inbox.comp.${orga}.${name}";
213 coderepo = [ name ];
214 });
215 settings.coderepo = {
216 sourcephile-txt = {
217 dir = "/var/lib/gitolite/repositories/sourcephile-txt.git";
218 cgitUrl = "https://code.${domain}/sourcephile-txt.git";
219 };
220 sourcephile-nix = {
221 dir = "/var/lib/gitolite/repositories/sourcephile-nix.git";
222 cgitUrl = "https://code.${domain}/sourcephile-nix.git";
223 };
224 } // lib.listToAttrs (map (path: lib.nameValuePair (baseNameOf path) {
225 dir = "/var/lib/gitolite/repositories/${path}.git";
226 cgitUrl = "https://code.${domain}/${path}.git";
227 }) repositories);
228 };
229 services.sanoid.datasets."rpool/var/public-inbox" = {
230 use_template = [ "snap" ];
231 daily = 7;
232 };
233 }