in {
imports = [
<nixsys/install/modules.nix>
+ friot/dovecot.nix
+ friot/gitolite.nix
friot/nginx.nix
- friot/shorewall.nix
+ friot/nsd.nix
friot/postfix.nix
friot/postgrey.nix
- friot/dovecot.nix
friot/rmilter.nix
- friot/nsd.nix
+ friot/shorewall.nix
+ friot/openldap.nix
+ #friot/discourse.nix
];
options = {
enable = lib.mkEnableOption "friot";
+ networking.baseName = lib.mkOption {
+ type = types.str;
+ description = "Base network name.";
+ example = "example";
+ };
networking.zones = lib.mkOption {
- type = types.attrsOf (types.submodule ({zone, ...}: {
+ type = types.attrsOf (types.submodule ({name, options, config, ...}: {
options = {
iface = lib.mkOption {
type = types.str;
};
};
config = {
+ nixpkgs.overlays = import ../overlays.nix;
networking = {
- domain = "commonade.coop";
+ baseName = "commonsoft";
+ domain = "${config.networking.baseName}.coop";
};
- #fqdn = "machine1.logic.coop";
users.mutableUsers = false;
users.users = {
root.initialPassword = userPass "root";
root.password = config.users.users.root.initialPassword;
julm = {
- uid = 4242;
+ uid = 1000;
extraGroups = [ "sudo" ];
description = "Julien Moutinho";
home = "/home/julm";
password = config.users.users.julm.initialPassword;
};
};
+ users.groups = {
+ julm = {
+ gid = config.users.users.julm.uid;
+ };
+ };
services = {
nixosManual = {
openssh = {
enable = true;
};
- openldap = {
- enable = true;
- #declarativeContents = ''
- # dn: dc=example,dc=org
- # objectClass: domain
- # dc: example
- #
- # dn: ou=users,dc=example,dc=org
- # objectClass = organizationalUnit
- # ou: users
- #
- # # ...
- #'';
- };
- gitolite = {
- enable = true;
- user = "git";
- group = config.services.gitolite.user;
- adminPubkey = pass "${config.networking.domain}/ssh/julm";
- extraGitoliteRc = ''
- $RC{UMASK} = '0027';
- $RC{LOG_DEST} = 'repo-log,syslog';
- $RC{LOG_FACILITY} = 'local0';
- $RC{GIT_CONFIG_KEYS} = 'hooks.* gitweb.*';
- $RC{LOCAL_CODE} = "$rc{GL_ADMIN_BASE}/local"
- if -d "$rc{GL_ADMIN_BASE}/local";
- push(@{$RC{ENABLE}}, ( 'Alias'
- , 'cgit'
- , 'create'
- , 'D'
- , 'fork'
- , 'keysubdirs-as-groups'
- , 'readme'
- , 'expand-deny-messages'
- , 'repo-specific-hooks'
- , 'Shell julm'
- , 'ssh-authkeys-split'
- ));
- '';
- };
gitea = {
enable = false;
};
+ sssd = {
+ enable = false;
+ };
dovecot2 = {
#debug = true;
};
};
x509 = {
domains =
+ [ "www.${config.networking.domain}" ] ++
+ [ "git.${config.networking.domain}" ] ++
+ [ "mail.${config.networking.domain}" ] ++
builtins.attrNames dovecot2.domains;
};
postfix.aliases = {
dovecot2.domains = {
"${config.networking.domain}" = {
accounts = {
+ julm = {
+ password = pass "${config.networking.domain}/mail/julm";
+ # "${config.networking.domain}/dovecot2/julm";
+ # "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
+ aliases = ["julien.moutinho@${config.networking.domain}"];
+ quota = "512M";
+ };
test = {
- password = builtins.extraBuiltins.pass "${config.networking.domain}/dovecot2/test";
+ password = pass "${config.networking.domain}/mail/test";
# "${config.networking.domain}/dovecot2/test";
# "{SSHA512}uyjL1KYx4z7HpfNvnKzuVxpMLD2KVueGGBvOcj7AF1EZCTVhT++IIKUVOC4xpZtWdqVD0OVmZqgYr2qpn/3t3Aj4oU0=";
aliases = ["test-alias@${config.networking.domain}"];
inetutils
cgit
ncdu
+ mailutils
+ #sssd
+ docker
+ #nss_ldap
+ #nss_pam_ldapd
+ socat
];
};
};
sourcephile / git / sourcephile-nix.git / blobdiff