{pkgs, lib, config, system, ...}: let inherit (builtins.extraBuiltins) pass; inherit (lib) types; inherit (config) networking; inherit (config.services) dovecot2; userPass = name: pass "${networking.domainBase}/${networking.hostName}/login/${name}"; in { imports = [ ../overlays/tools/networking/shorewall/service.nix ../overlays/tools/networking/shorewall6/service.nix ../overlays/servers/mail/rspamd/service.nix friot/dovecot.nix friot/gitolite.nix friot/nginx.nix friot/nsd.nix friot/postfix.nix friot/postgrey.nix friot/postgresql.nix #friot/rmilter.nix friot/rspamd.nix #friot/redmine.nix friot/shorewall.nix friot/openldap.nix #friot/discourse.nix ]; options = { enable = lib.mkEnableOption "friot"; networking.domainBase = lib.mkOption { type = types.str; description = "Base network name."; example = "example"; }; networking.domainAliases = lib.mkOption { type = types.listOf types.str; description = "Domain aliases."; example = [ "example.org" "example.net" ]; }; networking.zones = lib.mkOption { type = types.attrsOf (types.submodule ({name, options, config, ...}: { options = { iface = lib.mkOption { type = types.str; description = "Interface name."; example = "eth0"; }; ipv4 = lib.mkOption { type = types.str; description = "Static IPv4 address of the machine."; example = "1.2.3.4"; }; ipv6 = lib.mkOption { type = types.str; description = "Static IPv6 address of the machine."; example = "fe80::1"; }; }; })); }; }; config = { nix = { extraOptions = '' auto-optimise-store = true ''; gc = { automatic = true; dates = "weekly"; options = "--delete-older-than 30d"; }; }; nixpkgs = { config = { allowUnfree = false; packageOverrides = pkgs: { postfix = pkgs.postfix.override { withLDAP = true; }; }; }; overlays = import ../overlays.nix; }; boot = { initrd = { network = { enable = config.deployment.targetEnv != "virtualbox"; ssh = { enable = true; authorizedKeys = [ (pass "${networking.domain}/ssh/pub/julm") ]; }; }; }; kernel = { sysctl = { "vm.swappiness" = 10; "vm.vfs_cache_pressure" = 50; }; }; }; time = { timeZone = "Europe/Paris"; }; i18n = { consoleFont = "Lat2-Terminus16"; consoleKeyMap = "fr"; defaultLocale = "fr_FR.UTF-8"; }; networking = { domainBase = "commonsoft"; domain = "${networking.domainBase}.org"; domainAliases = [ "${networking.domainBase}.net" "${networking.domainBase}.coop" ]; }; users = { mutableUsers = false; users = { root.initialPassword = userPass "root"; root.password = config.users.users.root.initialPassword; julm = { uid = 1000; extraGroups = [ "sudo" ]; description = "Julien Moutinho"; home = "/home/julm"; shell = lib.mkDefault config.users.defaultUserShell; group = "users"; # FIXME: unknown group initialPassword = userPass "julm"; password = config.users.users.julm.initialPassword; }; }; groups = { julm = { gid = config.users.users.julm.uid; }; }; }; documentation.nixos = { enable = false; # NOTE: useless on this machine, and CPU intensive. }; services = { redis = { enable = true; }; disnix = { enable = false; }; openssh = { enable = true; extraConfig = '' ''; }; gitea = { enable = false; }; sssd = { enable = false; }; dovecot2 = { #debug = true; }; journald = { extraConfig = '' SystemMaxUse=50M ''; }; x509 = { domains = lib.concatMap (dom: map (sub: "${sub}.${dom}") ["www" "git" "mail"]) ([networking.domain] ++ networking.domainAliases) ++ networking.domainAliases; }; #postfix.aliases = { # "root@${networking.domain}" = [ "test@${networking.domain}" ]; # "postmaster@${networking.domain}" = [ "test@${networking.domain}" ]; # "abuse@${networking.domain}" = [ "test@${networking.domain}" ]; #}; #dovecot2.domains = { # "${networking.domain}" = { # accounts = { # julm = { # password = pass "${networking.domain}/mail/julm"; # # "${networking.domain}/dovecot2/julm"; # # "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0="; # aliases = ["julien.moutinho@${networking.domain}"]; # quota = "512M"; # }; # test = { # password = pass "${networking.domain}/mail/test"; # # "${networking.domain}/dovecot2/test"; # # "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0="; # aliases = ["test-alias@${networking.domain}"]; # quota = "512M"; # }; # }; # }; #}; }; environment = { systemPackages = with pkgs; [ htop tree vim tcpdump #mysql #procmail postgrey duplicity pypolicyd-spf unbound dropbear cryptsetup openssl postgresql openldap #mail #sympa multitail dnsutils inetutils binutils mailutils ncdu cgit #sssd #docker #nss_ldap #nss_pam_ldapd tmux socat users-init which ]; etc."inputrc".text = '' # /etc/inputrc - global inputrc for libreadline # See readline(3readline) and `info rluserman' for more information. # Be 8 bit clean. set input-meta on set output-meta on # To allow the use of 8bit-characters like the german umlauts, uncomment # the line below. However this makes the meta key not work as a meta key, # which is annoying to those which don't need to type in 8-bit characters. # set convert-meta off # try to enable the application keypad when it is called. Some systems # need this to enable the arrow keys. # set enable-keypad on # see /usr/share/doc/bash/inputrc.arrows for other codes of arrow keys # do not bell on tab-completion # set bell-style none # set bell-style visible # some defaults / modifications for the emacs mode $if mode=emacs # allow the use of the Home/End keys "\e[1~": beginning-of-line "\e[4~": end-of-line # allow the use of the Delete/Insert keys "\e[3~": delete-char "\e[2~": quoted-insert # mappings for "page up" and "page down" to step to the beginning/end # of the history # "\e[5~": beginning-of-history # "\e[6~": end-of-history # alternate mappings for "page up" and "page down" to search the history # "\e[5~": history-search-backward # "\e[6~": history-search-forward # mappings for Ctrl-left-arrow and Ctrl-right-arrow for word moving "\e[1;5C": forward-word "\e[1;5D": backward-word "\e[5C": forward-word "\e[5D": backward-word "\e\e[C": forward-word "\e\e[D": backward-word $if term=rxvt "\e[7~": beginning-of-line "\e[8~": end-of-line "\eOc": forward-word "\eOd": backward-word $endif # for non RH/Debian xterm, can't hurt for RH/Debian xterm # "\eOH": beginning-of-line # "\eOF": end-of-line # for freebsd console # "\e[H": beginning-of-line # "\e[F": end-of-line $endif ''; }; programs = { bash = { interactiveShellInit = '' bind '"\e[A":history-search-backward' bind '"\e[B":history-search-forward' # Ignore duplicate commands, ignore commands starting with a space export HISTCONTROL=erasedups:ignorespace export HISTSIZE=42000 # Append to the history instead of overwriting (good for multiple connections) shopt -s histappend ''; shellAliases = { cl = "clear"; l = "ls -alh"; ll = "ls -l"; ls = "ls --color=tty"; s="sudo systemctl"; s-u="systemctl --user"; nix-clean="sudo nix-collect-garbage -d"; nix-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system"; nix-rollback="sudo nixos-rebuild switch --rollback"; nix-update="sudo nix-channel --update"; nix-upgrade="sudo nixos-rebuild switch"; nix-upstream="sudo nix-channel --list"; nix-config="gvim ~/.config/nixos/*.nix"; }; }; /* dconf.enable = true; gnupg.agent = { enable = true; enableSSHSupport = true; }; */ mtr.enable = true; }; }; }