{ pkgs, lib, config, ... }: let inherit (config.services) public-inbox; inherit (config.users) groups; domain = "sourcephile.fr"; in # Pour supprimer un message : # curl https://mails.sourcephile.fr/inbox/environnement/8ea699887ca47797b4460053588cbef2d115829ab4@vieber.ru/raw | # sudo -u public-inbox public-inbox-learn rm { security.acme.certs."${domain}" = { postRun = "systemctl try-restart public-inbox-nntpd public-inbox-imapd"; }; networking.nftables.ruleset = '' add rule inet filter net2fw tcp dport ${toString public-inbox.nntp.port} counter accept comment "NNTPS" add rule inet filter net2fw tcp dport 1993 counter accept comment "IMAPS" ''; systemd.services = { public-inbox-httpd = { serviceConfig = { SupplementaryGroups = [ groups."git-daemon".name ]; BindReadOnlyPaths = [ "/var/lib/acme/${domain}" ]; }; }; public-inbox-imapd = { wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"]; after = [ "acme-selfsigned-${domain}.service" ]; serviceConfig = { SupplementaryGroups = [ groups."acme".name ]; BindReadOnlyPaths = [ "/var/lib/acme/${domain}" ]; RestrictAddressFamilies = [ "AF_INET" ]; # For custom --listen }; }; public-inbox-nntpd = { wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"]; after = [ "acme-selfsigned-${domain}.service" ]; serviceConfig = { SupplementaryGroups = [ groups."acme".name ]; BindReadOnlyPaths = [ "/var/lib/acme/${domain}" ]; }; }; }; services.public-inbox = { enable = true; settings.publicinbox = { css = [ "href=https://mails.${domain}/style/light.css" ]; nntpserver = [ "nntps://news.${domain}" ]; wwwlisting = "match=domain"; }; mda = { enable = true; args = [ "--no-precheck" ]; # Allow Bcc: }; http = { enable = true; port = "/run/publix-inbox-http.sock"; #port = 8080; mounts = [ "https://mails.${domain}/inbox" "https://public-inbox.${domain}/inbox" ]; }; nntp = { enable = true; #port = 563; cert = "/var/lib/acme/${domain}/fullchain.pem"; key = "/var/lib/acme/${domain}/key.pem"; }; imap = { args = [ "--listen" "imaps://0.0.0.0:1993/?cert=/var/lib/acme/${domain}/fullchain.pem,key=/var/lib/acme/${domain}/key.pem" ]; enable = true; # FIXME: find an IP or .onion to put 993 port = null; #cert = "/var/lib/acme/${domain}/fullchain.pem"; #key = "/var/lib/acme/${domain}/key.pem"; }; inboxes = { atelier = { address = [ "atelier@${domain}" "public-inbox+atelier@${domain}" ]; url = "https://mails.${domain}/inbox/atelier"; description = '' atelier@${domain} : discussions concernant le développement logiciel. ''; newsgroup = "inbox.comp.sourcephile.atelier"; coderepo = [ "sourcephile-txt" # TODO: list many source code repositories ]; }; /* bar = { address = [ "bar@${domain}" "public-inbox+bar@${domain}" ]; description = '' bar@${domain} : discussions concernant l'informatique en général. ''; url = "https://mails.${domain}/inbox/bar"; newsgroup = "inbox.comp.sourcephile.bar"; }; contact = { address = [ "contact@${domain}" "public-inbox+contact@${domain}" ]; description = '' contact@${domain} : discussions avec le grand public. ''; url = "https://mails.${domain}/inbox/contact"; newsgroup = "inbox.comp.sourcephile.contact"; #coderepo = [ "sourcephile" ]; }; ecole = { address = [ "ecole@${domain}" "public-inbox+ecole@${domain}" ]; description = '' ecole@${domain} : discussions pour s'entraider en informatique. ''; url = "https://mails.${domain}/inbox/ecole"; newsgroup = "inbox.comp.sourcephile.ecole"; coderepo = [ "sourcephile-txt" ]; }; environnement = { address = [ "environnement@${domain}" "public-inbox+environnement@${domain}" ]; description = '' environnement@${domain} : discussions sur les impacts environnementaux de l'informatique. ''; url = "https://mails.${domain}/inbox/environnement"; newsgroup = "inbox.comp.sourcephile.environnement"; coderepo = [ "sourcephile-txt" ]; }; labo = { address = [ "labo@${domain}" "public-inbox+labo@${domain}" ]; description = '' labo@${domain} : discussions concernant la science de l'informatique. ''; url = "https://mails.${domain}/inbox/labo"; newsgroup = "inbox.comp.sourcephile.labo"; coderepo = [ "sourcephile-txt" # TODO: list many source code repositories ]; }; machines = { address = [ "machines@${domain}" "public-inbox+machines@${domain}" ]; description = '' machines@${domain} : discussions concernant l'administration technique de l'infrastructure informatique. ''; url = "https://mails.${domain}/inbox/machines"; newsgroup = "inbox.comp.sourcephile.machines"; coderepo = [ "sourcephile-txt" "sourcephile-nix" ]; }; pont = { address = [ "pont@${domain}" "public-inbox+pont@${domain}" ]; description = '' pont@${domain} : discussions à l'attention de l'ensemble des personnes à bord. ''; url = "https://mails.${domain}/inbox/pont"; newsgroup = "inbox.comp.sourcephile.pont"; coderepo = [ "sourcephile-txt" ]; }; test = { address = [ "test@${domain}" "public-inbox+test@${domain}" ]; description = '' test@${domain} : une cible de test pour effectuer des tirs de mails. ''; url = "https://mails.${domain}/inbox/test"; newsgroup = "inbox.comp.sourcephile.test"; hide = [ "www" "manifest" ]; }; */}; settings.coderepo = { sourcephile-txt = { dir = "/var/lib/gitolite/repositories/sourcephile-txt.git"; cgitUrl = "https://code.${domain}/sourcephile-txt.git"; }; sourcephile-nix = { dir = "/var/lib/gitolite/repositories/sourcephile-nix.git"; cgitUrl = "https://code.${domain}/sourcephile-nix.git"; }; }; }; }