{pkgs, lib, config, system, ...}:
let inherit (builtins.extraBuiltins) pass;
inherit (lib) types;
+ inherit (config) networking;
inherit (config.services) dovecot2;
- userPass = name: pass ("${config.networking.domain}/${config.networking.hostName}/"+name);
+ userPass = name: pass "${networking.domainBase}/${networking.hostName}/login/${name}";
in {
imports = [
- <nixsys/install/modules.nix>
+ <nixpkgs-plurasoft/install/modules.nix>
+ ../overlays/tools/networking/shorewall/service.nix
+ ../overlays/tools/networking/shorewall6/service.nix
+ ../overlays/servers/mail/rspamd/service.nix
friot/dovecot.nix
friot/gitolite.nix
friot/nginx.nix
friot/nsd.nix
friot/postfix.nix
friot/postgrey.nix
- friot/rmilter.nix
+ friot/postgresql.nix
+ #friot/rmilter.nix
+ friot/rspamd.nix
+ #friot/redmine.nix
friot/shorewall.nix
friot/openldap.nix
#friot/discourse.nix
];
options = {
enable = lib.mkEnableOption "friot";
- networking.baseName = lib.mkOption {
+ networking.domainBase = lib.mkOption {
type = types.str;
description = "Base network name.";
example = "example";
};
+ networking.domainAliases = lib.mkOption {
+ type = types.listOf types.str;
+ description = "Domain aliases.";
+ example = [ "example.org" "example.net" ];
+ };
networking.zones = lib.mkOption {
- type = types.attrsOf (types.submodule ({zone, ...}: {
+ type = types.attrsOf (types.submodule ({name, options, config, ...}: {
options = {
iface = lib.mkOption {
type = types.str;
};
};
config = {
- nixpkgs.overlays = import ../overlays.nix;
+ nix = {
+ extraOptions = ''
+ auto-optimise-store = true
+ '';
+ gc = {
+ automatic = true;
+ dates = "weekly";
+ options = "--delete-older-than 30d";
+ };
+ };
+
+ nixpkgs = {
+ config = {
+ allowUnfree = false;
+ packageOverrides = pkgs: {
+ postfix = pkgs.postfix.override {
+ withLDAP = true;
+ };
+ };
+ };
+ overlays = import ../overlays.nix;
+ };
+
+ boot = {
+ initrd = {
+ network = {
+ enable = config.deployment.targetEnv != "virtualbox";
+ ssh = {
+ enable = true;
+ authorizedKeys = [ (pass "${networking.domain}/ssh/pub/julm") ];
+ };
+ };
+ };
+ kernel = {
+ sysctl = {
+ "vm.swappiness" = 10;
+ "vm.vfs_cache_pressure" = 50;
+ };
+ };
+ };
+
+ time = {
+ timeZone = "Europe/Paris";
+ };
+
+ i18n = {
+ consoleFont = "Lat2-Terminus16";
+ consoleKeyMap = "fr";
+ defaultLocale = "fr_FR.UTF-8";
+ };
+
networking = {
- baseName = "commonsoft";
- domain = "${config.networking.baseName}.coop";
+ domainBase = "plurasoft";
+ domain = "${networking.domainBase}.fr";
+ domainAliases = [
+ "plura.fr"
+ "${networking.domainBase}.org"
+ "${networking.domainBase}.net"
+ "${networking.domainBase}.coop"
+ ];
};
- users.mutableUsers = false;
- users.users = {
- root.initialPassword = userPass "root";
- root.password = config.users.users.root.initialPassword;
+
+ users = {
+ mutableUsers = false;
+ users = {
+ root.initialPassword = userPass "root";
+ root.password = config.users.users.root.initialPassword;
+ julm = {
+ uid = 1000;
+ extraGroups = [ "sudo" ];
+ description = "Julien Moutinho";
+ home = "/home/julm";
+ shell = lib.mkDefault config.users.defaultUserShell;
+ group = "users"; # FIXME: unknown group
+ initialPassword = userPass "julm";
+ password = config.users.users.julm.initialPassword;
+ };
+ };
+ groups = {
julm = {
- uid = 1000;
- extraGroups = [ "sudo" ];
- description = "Julien Moutinho";
- home = "/home/julm";
- shell = lib.mkDefault config.users.defaultUserShell;
- group = "julm"; # FIXME: unknown group
- initialPassword = userPass "julm";
- password = config.users.users.julm.initialPassword;
+ gid = config.users.users.julm.uid;
};
- };
- users.groups = {
- julm = {
- gid = config.users.users.julm.uid;
};
};
+ documentation.nixos = {
+ enable = false; # NOTE: useless on this machine, and CPU intensive.
+ };
+
services = {
- nixosManual = {
- enable = false; # NOTE: useless on this machine, and CPU intensive.
+ redis = {
+ enable = true;
};
disnix = {
enable = false;
};
openssh = {
enable = true;
+ extraConfig = ''
+ '';
};
gitea = {
enable = false;
};
x509 = {
domains =
- [ "www.${config.networking.domain}" ] ++
- [ "git.${config.networking.domain}" ] ++
- [ "mail.${config.networking.domain}" ] ++
- builtins.attrNames dovecot2.domains;
- };
- postfix.aliases = {
- "root@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
- "postmaster@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
- "abuse@${config.networking.domain}" = [ "test@${config.networking.domain}" ];
- };
- dovecot2.domains = {
- "${config.networking.domain}" = {
- accounts = {
- julm = {
- password = pass "${config.networking.domain}/mail/julm";
- # "${config.networking.domain}/dovecot2/julm";
- # "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
- aliases = ["julien.moutinho@${config.networking.domain}"];
- quota = "512M";
- };
- test = {
- password = pass "${config.networking.domain}/mail/test";
- # "${config.networking.domain}/dovecot2/test";
- # "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
- aliases = ["test-alias@${config.networking.domain}"];
- quota = "512M";
- };
- };
- };
+ lib.concatMap
+ (dom: map (sub: "${sub}.${dom}")
+ ["www" "git" "mail"])
+ ([networking.domain] ++ networking.domainAliases)
+ ++ networking.domainAliases;
};
+ #postfix.aliases = {
+ # "root@${networking.domain}" = [ "test@${networking.domain}" ];
+ # "postmaster@${networking.domain}" = [ "test@${networking.domain}" ];
+ # "abuse@${networking.domain}" = [ "test@${networking.domain}" ];
+ #};
+ #dovecot2.domains = {
+ # "${networking.domain}" = {
+ # accounts = {
+ # julm = {
+ # password = pass "${networking.domain}/mail/julm";
+ # # "${networking.domain}/dovecot2/julm";
+ # # "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
+ # aliases = ["julien.moutinho@${networking.domain}"];
+ # quota = "512M";
+ # };
+ # test = {
+ # password = pass "${networking.domain}/mail/test";
+ # # "${networking.domain}/dovecot2/test";
+ # # "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
+ # aliases = ["test-alias@${networking.domain}"];
+ # quota = "512M";
+ # };
+ # };
+ # };
+ #};
};
+
environment = {
systemPackages = with pkgs; [
htop
tree
vim
- postgresql
- dnsutils
tcpdump
#mysql
#procmail
duplicity
pypolicyd-spf
unbound
- nsd
dropbear
cryptsetup
openssl
- gitolite
postgresql
- cgit
openldap
#mail
#sympa
multitail
+ dnsutils
inetutils
- cgit
- ncdu
+ binutils
mailutils
+ ncdu
+ cgit
#sssd
- docker
+ #docker
#nss_ldap
#nss_pam_ldapd
+ tmux
socat
+ users-init
+ which
];
+ etc."inputrc".text = ''
+ # /etc/inputrc - global inputrc for libreadline
+ # See readline(3readline) and `info rluserman' for more information.
+
+ # Be 8 bit clean.
+ set input-meta on
+ set output-meta on
+
+ # To allow the use of 8bit-characters like the german umlauts, uncomment
+ # the line below. However this makes the meta key not work as a meta key,
+ # which is annoying to those which don't need to type in 8-bit characters.
+
+ # set convert-meta off
+
+ # try to enable the application keypad when it is called. Some systems
+ # need this to enable the arrow keys.
+ # set enable-keypad on
+
+ # see /usr/share/doc/bash/inputrc.arrows for other codes of arrow keys
+
+ # do not bell on tab-completion
+ # set bell-style none
+ # set bell-style visible
+
+ # some defaults / modifications for the emacs mode
+ $if mode=emacs
+
+ # allow the use of the Home/End keys
+ "\e[1~": beginning-of-line
+ "\e[4~": end-of-line
+
+ # allow the use of the Delete/Insert keys
+ "\e[3~": delete-char
+ "\e[2~": quoted-insert
+
+ # mappings for "page up" and "page down" to step to the beginning/end
+ # of the history
+ # "\e[5~": beginning-of-history
+ # "\e[6~": end-of-history
+
+ # alternate mappings for "page up" and "page down" to search the history
+ # "\e[5~": history-search-backward
+ # "\e[6~": history-search-forward
+
+ # mappings for Ctrl-left-arrow and Ctrl-right-arrow for word moving
+ "\e[1;5C": forward-word
+ "\e[1;5D": backward-word
+ "\e[5C": forward-word
+ "\e[5D": backward-word
+ "\e\e[C": forward-word
+ "\e\e[D": backward-word
+
+ $if term=rxvt
+ "\e[7~": beginning-of-line
+ "\e[8~": end-of-line
+ "\eOc": forward-word
+ "\eOd": backward-word
+ $endif
+
+ # for non RH/Debian xterm, can't hurt for RH/Debian xterm
+ # "\eOH": beginning-of-line
+ # "\eOF": end-of-line
+
+ # for freebsd console
+ # "\e[H": beginning-of-line
+ # "\e[F": end-of-line
+
+ $endif
+ '';
+ };
+
+ programs = {
+ bash = {
+ interactiveShellInit = ''
+ bind '"\e[A":history-search-backward'
+ bind '"\e[B":history-search-forward'
+
+ # Ignore duplicate commands, ignore commands starting with a space
+ export HISTCONTROL=erasedups:ignorespace
+ export HISTSIZE=42000
+ # Append to the history instead of overwriting (good for multiple connections)
+ shopt -s histappend
+ '';
+ shellAliases = {
+ cl = "clear";
+ l = "ls -alh";
+ ll = "ls -l";
+ ls = "ls --color=tty";
+
+ s="sudo systemctl";
+ s-u="systemctl --user";
+
+ nix-clean="sudo nix-collect-garbage -d";
+ nix-history="sudo nix-env --list-generations --profile /nix/var/nix/profiles/system";
+ nix-rollback="sudo nixos-rebuild switch --rollback";
+ nix-update="sudo nix-channel --update";
+ nix-upgrade="sudo nixos-rebuild switch";
+ nix-upstream="sudo nix-channel --list";
+ nix-config="gvim ~/.config/nixos/*.nix";
+ };
+ };
+
+ /*
+ dconf.enable = true;
+
+ gnupg.agent = {
+ enable = true;
+ enableSSHSupport = true;
+ };
+ */
+
+ mtr.enable = true;
};
};
}
sourcephile / git / sourcephile-nix.git / blobdiff