]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/mermet/public-inbox.nix
gnupg: disable building pinentry UIs
[sourcephile-nix.git] / hosts / mermet / public-inbox.nix
1 { pkgs, lib, config, ... }:
2 let inherit (config.services) public-inbox;
3 inherit (config.users) groups;
4 domain = "sourcephile.fr";
5 in
6 # Pour supprimer un message :
7 # curl https://mails.sourcephile.fr/inbox/environnement/8ea699887ca47797b4460053588cbef2d115829ab4@vieber.ru/raw |
8 # sudo -u public-inbox public-inbox-learn rm
9 {
10 security.acme.certs."${domain}" = {
11 postRun = "systemctl try-restart public-inbox-nntpd public-inbox-imapd";
12 };
13 networking.nftables.ruleset = ''
14 add rule inet filter net2fw tcp dport ${toString public-inbox.nntp.port} counter accept comment "NNTPS"
15 add rule inet filter net2fw tcp dport 1993 counter accept comment "IMAPS"
16 '';
17 fileSystems."/var/lib/public-inbox" = {
18 device = "rpool/var/public-inbox";
19 fsType = "zfs";
20 };
21 systemd.services = {
22 public-inbox-httpd = {
23 serviceConfig = {
24 SupplementaryGroups = [ groups."git-daemon".name ];
25 BindReadOnlyPaths = [ "/var/lib/acme/${domain}" ];
26 };
27 };
28 public-inbox-imapd = {
29 wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
30 after = [ "acme-selfsigned-${domain}.service" ];
31 serviceConfig = {
32 SupplementaryGroups = [ groups."acme".name ];
33 BindReadOnlyPaths = [ "/var/lib/acme/${domain}" ];
34 RestrictAddressFamilies = [ "AF_INET" ]; # For custom --listen
35 };
36 };
37 public-inbox-nntpd = {
38 wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
39 after = [ "acme-selfsigned-${domain}.service" ];
40 serviceConfig = {
41 SupplementaryGroups = [ groups."acme".name ];
42 BindReadOnlyPaths = [ "/var/lib/acme/${domain}" ];
43 };
44 };
45 };
46 services.public-inbox = {
47 enable = true;
48 settings.publicinbox = {
49 css = [ "href=https://mails.${domain}/style/light.css" ];
50 nntpserver = [ "nntps://news.${domain}" ];
51 wwwlisting = "match=domain";
52 };
53 mda = {
54 enable = true;
55 args = [ "--no-precheck" ]; # Allow Bcc:
56 };
57 http = {
58 enable = true;
59 port = "/run/publix-inbox-http.sock";
60 #port = 8080;
61 mounts = [
62 "https://mails.${domain}/inbox"
63 "https://public-inbox.${domain}/inbox"
64 ];
65 };
66 nntp = {
67 enable = true;
68 #port = 563;
69 cert = "/var/lib/acme/${domain}/fullchain.pem";
70 key = "/var/lib/acme/${domain}/key.pem";
71 };
72 imap = {
73 args = [ "--listen" "imaps://0.0.0.0:1993/?cert=/var/lib/acme/${domain}/fullchain.pem,key=/var/lib/acme/${domain}/key.pem" ];
74 enable = true;
75 # FIXME: find an IP or .onion to put 993
76 port = null;
77 #cert = "/var/lib/acme/${domain}/fullchain.pem";
78 #key = "/var/lib/acme/${domain}/key.pem";
79 };
80 inboxes = {
81 news = {
82 address = [
83 "news@${domain}"
84 "public-inbox+news@${domain}"
85 ];
86 description = ''
87 news@${domain} :
88 annonces d'informations concernant importantes
89 '';
90 url = "https://mails.${domain}/inbox/news";
91 newsgroup = "inbox.comp.sourcephile.news";
92 coderepo = [ "sourcephile-txt" ];
93 };
94 chat = {
95 address = [
96 "chat@${domain}"
97 "public-inbox+chat@${domain}"
98 ];
99 description = ''
100 chat@${domain} :
101 discussions concernant l'informatique en général.
102 '';
103 url = "https://mails.${domain}/inbox/chat";
104 newsgroup = "inbox.comp.sourcephile.chat";
105 };
106 contact = {
107 address = [
108 "contact@${domain}"
109 "public-inbox+contact@${domain}"
110 ];
111 description = ''
112 contact@${domain} :
113 discussions avec le grand public.
114 '';
115 url = "https://mails.${domain}/inbox/contact";
116 newsgroup = "inbox.comp.sourcephile.contact";
117 #coderepo = [ "sourcephile" ];
118 };
119 environnement = {
120 address = [
121 "environnement@${domain}"
122 "public-inbox+environnement@${domain}"
123 ];
124 description = ''
125 environnement@${domain} :
126 discussions sur les impacts environnementaux de l'informatique.
127 '';
128 url = "https://mails.${domain}/inbox/environnement";
129 newsgroup = "inbox.comp.sourcephile.environnement";
130 coderepo = [ "sourcephile-txt" ];
131 };
132 labo = {
133 address = [
134 "labo@${domain}"
135 "public-inbox+labo@${domain}"
136 ];
137 description = ''
138 labo@${domain} :
139 discussions concernant la science de l'informatique.
140 '';
141 url = "https://mails.${domain}/inbox/labo";
142 newsgroup = "inbox.comp.sourcephile.labo";
143 coderepo = [
144 "sourcephile-txt"
145 # TODO: list many source code repositories
146 ];
147 };
148 prod = {
149 address = [
150 "prod@${domain}"
151 "public-inbox+prod@${domain}"
152 ];
153 description = ''
154 prod@${domain} :
155 discussions concernant l'administration technique de l'infrastructure informatique.
156 '';
157 url = "https://mails.${domain}/inbox/prod";
158 newsgroup = "inbox.comp.sourcephile.prod";
159 coderepo = [ "sourcephile-txt" "sourcephile-nix" ];
160 };
161 orga = {
162 address = [
163 "orga@${domain}"
164 "public-inbox+orga@${domain}"
165 ];
166 description = ''
167 orga@${domain} :
168 discussions à l'attention de l'ensemble des personnes à bord.
169 '';
170 url = "https://mails.${domain}/inbox/orga";
171 newsgroup = "inbox.comp.sourcephile.orga";
172 coderepo = [ "sourcephile-txt" ];
173 };
174 test = {
175 address = [
176 "test@${domain}"
177 "public-inbox+test@${domain}"
178 ];
179 description = ''
180 test@${domain} :
181 une cible de test pour effectuer des tirs de mails.
182 '';
183 url = "https://mails.${domain}/inbox/test";
184 newsgroup = "inbox.comp.sourcephile.test";
185 hide = [ "www" "manifest" ];
186 };
187 };
188 settings.coderepo = {
189 sourcephile-txt = {
190 dir = "/var/lib/gitolite/repositories/sourcephile-txt.git";
191 cgitUrl = "https://code.${domain}/sourcephile-txt.git";
192 };
193 sourcephile-nix = {
194 dir = "/var/lib/gitolite/repositories/sourcephile-nix.git";
195 cgitUrl = "https://code.${domain}/sourcephile-nix.git";
196 };
197 };
198 };
199 }