install/logical/friot.nix

   1 {pkgs, lib, config, system, ...}:
   2 let inherit (builtins.extraBuiltins) pass;
   3     inherit (lib) types;
   4     inherit (config.services) dovecot2;
   5     userPass = name: pass ("${config.networking.domain}/${config.networking.hostName}/"+name);
   6 in {
   7 imports = [
   8   <nixsys/install/modules.nix>
   9   friot/dovecot.nix
  10   friot/gitolite.nix
  11   friot/nginx.nix
  12   friot/nsd.nix
  13   friot/postfix.nix
  14   friot/postgrey.nix
  15   friot/rmilter.nix
  16   friot/shorewall.nix
  17   friot/openldap.nix
  18   #friot/discourse.nix
  19 ];
  20 options = {
  21   enable = lib.mkEnableOption "friot";
  22   networking.baseName = lib.mkOption {
  23     type        = types.str;
  24     description = "Base network name.";
  25     example     = "example";
  26   };
  27   networking.zones = lib.mkOption {
  28     type = types.attrsOf (types.submodule ({zone, ...}: {
  29       options = {
  30         iface = lib.mkOption {
  31           type        = types.str;
  32           description = "Interface name.";
  33           example     = "eth0";
  34         };
  35         ipv4 = lib.mkOption {
  36           type        = types.str;
  37           description = "Static IPv4 address of the machine.";
  38           example     = "1.2.3.4";
  39         };
  40         ipv6 = lib.mkOption {
  41           type        = types.str;
  42           description = "Static IPv6 address of the machine.";
  43           example     = "fe80::1";
  44         };
  45       };
  46     }));
  47   };
  48 };
  49 config = {
  50   networking = {
  51     baseName = "commonsoft";
  52     domain   = "${config.networking.baseName}.coop";
  53   };
  54   users.mutableUsers = false;
  55   users.users = {
  56       root.initialPassword = userPass "root";
  57       root.password        = config.users.users.root.initialPassword;
  58       julm = {
  59         uid             = 1000;
  60         extraGroups     = [ "sudo" ];
  61         description     = "Julien Moutinho";
  62         home            = "/home/julm";
  63         shell           = lib.mkDefault config.users.defaultUserShell;
  64         group           = "julm"; # FIXME: unknown group
  65         initialPassword = userPass "julm";
  66         password        = config.users.users.julm.initialPassword;
  67       };
  68   };
  69   users.groups = {
  70     julm = {
  71       gid = config.users.users.julm.uid;
  72     };
  73   };
  74
  75   services = {
  76     nixosManual = {
  77       enable = false; # NOTE: useless on this machine, and CPU intensive.
  78     };
  79     disnix = {
  80       enable = false;
  81     };
  82     openssh = {
  83       enable = true;
  84     };
  85     gitea = {
  86       enable = false;
  87     };
  88     sssd = {
  89       enable = false;
  90     };
  91     dovecot2 = {
  92       #debug = true;
  93     };
  94     journald = {
  95       extraConfig = ''
  96         SystemMaxUse=50M
  97       '';
  98     };
  99     x509 = {
 100       domains =
 101        [ "www.${config.networking.domain}" ] ++
 102        [ "git.${config.networking.domain}" ] ++
 103        [ "mail.${config.networking.domain}" ] ++
 104        builtins.attrNames dovecot2.domains;
 105     };
 106     postfix.aliases = {
 107             "root@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
 108       "postmaster@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
 109            "abuse@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
 110     };
 111     dovecot2.domains = {
 112       "${config.networking.domain}" = {
 113         accounts = {
 114           julm = {
 115             password = pass "${config.networking.domain}/mail/julm";
 116              # "${config.networking.domain}/dovecot2/julm";
 117                #  "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
 118             aliases  = ["julien.moutinho@${config.networking.domain}"];
 119             quota    = "512M";
 120           };
 121           test = {
 122             password = pass "${config.networking.domain}/mail/test";
 123              # "${config.networking.domain}/dovecot2/test";
 124                #  "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
 125             aliases  = ["test-alias@${config.networking.domain}"];
 126             quota    = "512M";
 127           };
 128         };
 129       };
 130     };
 131   };
 132   environment = {
 133     systemPackages = with pkgs; [
 134       htop
 135       tree
 136       vim
 137       postgresql
 138       dnsutils
 139       tcpdump
 140       #mysql
 141       #procmail
 142       postgrey
 143       duplicity
 144       pypolicyd-spf
 145       unbound
 146       nsd
 147       dropbear
 148       cryptsetup
 149       openssl
 150       gitolite
 151       postgresql
 152       cgit
 153       openldap
 154       #mail
 155       #sympa
 156       multitail
 157       inetutils
 158       cgit
 159       ncdu
 160       mailutils
 161       #sssd
 162       docker
 163       #nss_ldap
 164       nss_pam_ldapd
 165       socat
 166     ];
 167   };
 168 };
 169 }