{pkgs, lib, config, system, ...}: let inherit (builtins.extraBuiltins) pass; inherit (lib) types; inherit (config) networking; inherit (config.services) dovecot2; userPass = name: pass ("${networking.domain}/${networking.hostName}/"+name); in { imports = [ friot/dovecot.nix friot/gitolite.nix friot/nginx.nix friot/nsd.nix friot/postfix.nix friot/postgrey.nix friot/postgresql.nix friot/rmilter.nix friot/shorewall.nix friot/openldap.nix #friot/discourse.nix ]; options = { enable = lib.mkEnableOption "friot"; networking.domainBase = lib.mkOption { type = types.str; description = "Base network name."; example = "example"; }; networking.domainAliases = lib.mkOption { type = types.listOf types.str; description = "Domain aliases."; example = [ "example.org" "example.net" ]; }; networking.zones = lib.mkOption { type = types.attrsOf (types.submodule ({name, options, config, ...}: { options = { iface = lib.mkOption { type = types.str; description = "Interface name."; example = "eth0"; }; ipv4 = lib.mkOption { type = types.str; description = "Static IPv4 address of the machine."; example = "1.2.3.4"; }; ipv6 = lib.mkOption { type = types.str; description = "Static IPv6 address of the machine."; example = "fe80::1"; }; }; })); }; }; config = { nixpkgs.overlays = import ../overlays.nix; networking = { domainBase = "commonsoft"; domain = "${networking.domainBase}.coop"; domainAliases = [ "${networking.domainBase}.org" "${networking.domainBase}.net" ]; }; users.mutableUsers = false; users.users = { root.initialPassword = userPass "root"; root.password = config.users.users.root.initialPassword; julm = { uid = 1000; extraGroups = [ "sudo" ]; description = "Julien Moutinho"; home = "/home/julm"; shell = lib.mkDefault config.users.defaultUserShell; group = "julm"; # FIXME: unknown group initialPassword = userPass "julm"; password = config.users.users.julm.initialPassword; }; }; users.groups = { julm = { gid = config.users.users.julm.uid; }; }; services = { nixosManual = { enable = false; # NOTE: useless on this machine, and CPU intensive. }; disnix = { enable = false; }; openssh = { enable = true; }; gitea = { enable = false; }; sssd = { enable = false; }; dovecot2 = { #debug = true; }; journald = { extraConfig = '' SystemMaxUse=50M ''; }; x509 = { domains = lib.concatMap (dom: map (sub: "${sub}.${dom}") ["www" "git" "mail"]) ([networking.domain] ++ networking.domainAliases) ++ networking.domainAliases; }; #postfix.aliases = { # "root@${networking.domain}" = [ "test@${networking.domain}" ]; # "postmaster@${networking.domain}" = [ "test@${networking.domain}" ]; # "abuse@${networking.domain}" = [ "test@${networking.domain}" ]; #}; #dovecot2.domains = { # "${networking.domain}" = { # accounts = { # julm = { # password = pass "${networking.domain}/mail/julm"; # # "${networking.domain}/dovecot2/julm"; # # "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0="; # aliases = ["julien.moutinho@${networking.domain}"]; # quota = "512M"; # }; # test = { # password = pass "${networking.domain}/mail/test"; # # "${networking.domain}/dovecot2/test"; # # "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0="; # aliases = ["test-alias@${networking.domain}"]; # quota = "512M"; # }; # }; # }; #}; }; environment = { systemPackages = with pkgs; [ htop tree vim postgresql dnsutils tcpdump #mysql #procmail postgrey duplicity pypolicyd-spf unbound nsd dropbear cryptsetup openssl postgresql cgit openldap #mail #sympa multitail inetutils cgit ncdu mailutils #sssd docker #nss_ldap #nss_pam_ldapd socat ]; }; }; }