add mail server to magenta vps

2022-10-13 23:11:12 +03:00 · 2022-10-13 23:11:12 +03:00 · 07b6b0fc08
commit 07b6b0fc08
parent e5c7ebd23c
13 changed files with 93 additions and 11 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -2,3 +2,5 @@

 secrets.config.nix filter=git-crypt diff=git-crypt
 **/*.age filter=git-crypt diff=git-crypt
+
+machines/magenta/mail-accounts.nix filter=git-crypt diff=git-crypt
--- a/flake.lock
+++ b/flake.lock
@ -42,6 +42,22 @@
        "type": "github"
      }
    },
+    "blobs": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1604995301,
+        "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
+        "owner": "simple-nixos-mailserver",
+        "repo": "blobs",
+        "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "simple-nixos-mailserver",
+        "repo": "blobs",
+        "type": "gitlab"
+      }
+    },
    "cmp-luasnip": {
      "flake": false,
      "locked": {
@ -246,6 +262,31 @@
        "type": "github"
      }
    },
+    "mailserver": {
+      "inputs": {
+        "blobs": "blobs",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-22_05": "nixpkgs-22_05",
+        "utils": [
+          "flake-utils"
+        ]
+      },
+      "locked": {
+        "lastModified": 1658267644,
+        "narHash": "sha256-NJRe1rnlF112eZwxNASlRL8/ghwD8g+lpHIYRkWQxC8=",
+        "owner": "simple-nixos-mailserver",
+        "repo": "nixos-mailserver",
+        "rev": "004c229ca44c069d93c92abf67ff1619fb508c6a",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "simple-nixos-mailserver",
+        "repo": "nixos-mailserver",
+        "type": "gitlab"
+      }
+    },
    "myneovim": {
      "inputs": {
        "cmp-luasnip": "cmp-luasnip",
@ -344,6 +385,21 @@
        "type": "github"
      }
    },
+    "nixpkgs-22_05": {
+      "locked": {
+        "lastModified": 1654936503,
+        "narHash": "sha256-soKzdhI4jTHv/rSbh89RdlcJmrPgH8oMb/PLqiqIYVQ=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "dab6df51387c3878cdea09f43589a15729cae9f4",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-22.05",
+        "type": "indirect"
+      }
+    },
    "nvim-cmp": {
      "flake": false,
      "locked": {
@ -451,6 +507,7 @@
        "flake-utils": "flake-utils",
        "hardware": "hardware",
        "home-manager": "home-manager",
+        "mailserver": "mailserver",
        "myneovim": "myneovim",
        "nil": "nil",
        "nixpkgs": "nixpkgs",
--- a/flake.nix
+++ b/flake.nix
@ -39,6 +39,13 @@
      url = "git+https://git.pleshevski.ru/pleshevskiy/vnetod";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+
+    mailserver = {
+      url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.utils.follows = "flake-utils";
+
+    };
  };

  outputs = inputs @ { self, flake-utils, nixpkgs, hardware, ... }:
--- a/machines/asus-gl553vd/default.nix
+++ b/machines/asus-gl553vd/default.nix
@ -20,7 +20,11 @@ in

  # Use the systemd-boot EFI boot loader.
  boot.loader = {
-    systemd-boot.enable = true;
+    systemd-boot = {
+      enable = true;
+      configurationLimit = 10;
+    };
+
    efi.canTouchEfiVariables = true;
  };

--- a/machines/default.nix
+++ b/machines/default.nix
@ -34,5 +34,9 @@ in
    system = "x86_64-linux";

    targetHost = "45.131.41.215";
+
+    extraModules = [
+      inputs.mailserver.nixosModule
+    ];
  };
 }
--- a/machines/magenta/default.nix
+++ b/machines/magenta/default.nix
@ -1,4 +1,4 @@
-{ ... }:
+{ config, ... }:

 let
  data = import ../../data.nix;
@ -7,7 +7,9 @@ in
  imports = [
    ./hardware-configuration.nix
    ./networking.nix # generated at runtime by nixos-infect
+    ./mail-accounts.nix
    ../modules/common.nix
+    ../modules/nix.nix
  ];

  boot.cleanTmpDir = true;
@ -16,4 +18,19 @@ in

  services.openssh.enable = true;
  users.users.root.openssh.authorizedKeys.keys = data.publicKeys.users.jan;
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "dmitriy@pleshevski.ru";
+  };
+
+  mailserver = {
+    enable = true;
+    fqdn = "mail.pleshevski.ru";
+    domains = [ "pleshevski.ru" ];
+
+    # Use Let's Encrypt certificates. Note that this needs to set up a stripped
+    # down nginx and opens port 80.
+    certificateScheme = 3;
+  };
 }
--- a/machines/magenta/mail-accounts.nix
+++ b/machines/magenta/mail-accounts.nix
--- a/machines/modules/common.nix
+++ b/machines/modules/common.nix
@ -8,18 +8,9 @@

  users.mutableUsers = false;

-  programs.zsh.enable = true;
-
-  environment.systemPackages = with pkgs; [
-    gnumake
-    vim
-    wget
-  ];
-
  # Enable the OpenSSH daemon.
  services.openssh.enable = true;

-
  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
--- a/secrets.config.nix
+++ b/secrets.config.nix
--- a/secrets.nix
+++ b/secrets.nix
--- a/secrets/mailserver-users-family-passfile.age
+++ b/secrets/mailserver-users-family-passfile.age
--- a/secrets/mailserver-users-jan-passfile.age
+++ b/secrets/mailserver-users-jan-passfile.age
--- a/users/jan/secrets.nix
+++ b/users/jan/secrets.nix