{pkgs, lib, config, system, ...}: let inherit (builtins.extraBuiltins) pass; inherit (lib) types; inherit (config.services) dovecot2; userPass = name: pass ("${config.networking.domain}/${config.networking.hostName}/"+name); in { imports = [ friot/dovecot.nix friot/gitolite.nix friot/nginx.nix friot/nsd.nix friot/postfix.nix friot/postgrey.nix friot/rmilter.nix friot/shorewall.nix ]; options = { enable = lib.mkEnableOption "friot"; networking.zones = lib.mkOption { type = types.attrsOf (types.submodule ({zone, ...}: { options = { iface = lib.mkOption { type = types.str; description = "Interface name."; example = "eth0"; }; ipv4 = lib.mkOption { type = types.str; description = "Static IPv4 address of the machine."; example = "1.2.3.4"; }; ipv6 = lib.mkOption { type = types.str; description = "Static IPv6 address of the machine."; example = "fe80::1"; }; }; })); }; }; config = { networking = { domain = "commonsoft.coop"; }; users.mutableUsers = false; users.users = { root.initialPassword = userPass "root"; root.password = config.users.users.root.initialPassword; julm = { uid = 1000; extraGroups = [ "sudo" ]; description = "Julien Moutinho"; home = "/home/julm"; shell = lib.mkDefault config.users.defaultUserShell; group = "julm"; # FIXME: unknown group initialPassword = userPass "julm"; password = config.users.users.julm.initialPassword; }; }; users.groups = { julm = { gid = config.users.users.julm.uid; }; }; services = { nixosManual = { enable = false; # NOTE: useless on this machine, and CPU intensive. }; disnix = { enable = false; }; openssh = { enable = true; }; openldap = { enable = true; #declarativeContents = '' # dn: dc=example,dc=org # objectClass: domain # dc: example # # dn: ou=users,dc=example,dc=org # objectClass = organizationalUnit # ou: users # # # ... #''; }; gitea = { enable = false; }; dovecot2 = { #debug = true; }; journald = { extraConfig = '' SystemMaxUse=50M ''; }; x509 = { domains = [ "www.${config.networking.domain}" ] ++ [ "git.${config.networking.domain}" ] ++ [ "mail.${config.networking.domain}" ] ++ builtins.attrNames dovecot2.domains; }; postfix.aliases = { "root@${config.networking.domain}" = [ "test@${config.networking.domain}" ]; "postmaster@${config.networking.domain}" = [ "test@${config.networking.domain}" ]; "abuse@${config.networking.domain}" = [ "test@${config.networking.domain}" ]; }; dovecot2.domains = { "${config.networking.domain}" = { accounts = { julm = { password = pass "${config.networking.domain}/mail/julm"; # "${config.networking.domain}/dovecot2/julm"; # "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0="; aliases = ["julien.moutinho@${config.networking.domain}"]; quota = "512M"; }; test = { password = pass "${config.networking.domain}/mail/test"; # "${config.networking.domain}/dovecot2/test"; # "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0="; aliases = ["test-alias@${config.networking.domain}"]; quota = "512M"; }; }; }; }; }; environment = { systemPackages = with pkgs; [ htop tree vim postgresql dnsutils tcpdump #mysql #procmail postgrey duplicity pypolicyd-spf unbound nsd dropbear cryptsetup openssl gitolite postgresql cgit openldap #mail #sympa multitail inetutils cgit ncdu #mailutils ]; }; }; }