diff --git a/.gitattributes b/.gitattributes index 2563acd..f3daf0d 100644 --- a/.gitattributes +++ b/.gitattributes @@ -2,3 +2,5 @@ secrets.config.nix filter=git-crypt diff=git-crypt **/*.age filter=git-crypt diff=git-crypt + +machines/magenta/mail-accounts.nix filter=git-crypt diff=git-crypt diff --git a/flake.lock b/flake.lock index a1e43dd..bfef15b 100644 --- a/flake.lock +++ b/flake.lock @@ -42,6 +42,22 @@ "type": "github" } }, + "blobs": { + "flake": false, + "locked": { + "lastModified": 1604995301, + "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=", + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "type": "gitlab" + } + }, "cmp-luasnip": { "flake": false, "locked": { @@ -246,6 +262,31 @@ "type": "github" } }, + "mailserver": { + "inputs": { + "blobs": "blobs", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-22_05": "nixpkgs-22_05", + "utils": [ + "flake-utils" + ] + }, + "locked": { + "lastModified": 1658267644, + "narHash": "sha256-NJRe1rnlF112eZwxNASlRL8/ghwD8g+lpHIYRkWQxC8=", + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "rev": "004c229ca44c069d93c92abf67ff1619fb508c6a", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "type": "gitlab" + } + }, "myneovim": { "inputs": { "cmp-luasnip": "cmp-luasnip", @@ -344,6 +385,21 @@ "type": "github" } }, + "nixpkgs-22_05": { + "locked": { + "lastModified": 1654936503, + "narHash": "sha256-soKzdhI4jTHv/rSbh89RdlcJmrPgH8oMb/PLqiqIYVQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "dab6df51387c3878cdea09f43589a15729cae9f4", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.05", + "type": "indirect" + } + }, "nvim-cmp": { "flake": false, "locked": { @@ -451,6 +507,7 @@ "flake-utils": "flake-utils", "hardware": "hardware", "home-manager": "home-manager", + "mailserver": "mailserver", "myneovim": "myneovim", "nil": "nil", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index 44769ac..79b0210 100644 --- a/flake.nix +++ b/flake.nix @@ -39,6 +39,13 @@ url = "git+https://git.pleshevski.ru/pleshevskiy/vnetod"; inputs.nixpkgs.follows = "nixpkgs"; }; + + mailserver = { + url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.utils.follows = "flake-utils"; + + }; }; outputs = inputs @ { self, flake-utils, nixpkgs, hardware, ... }: diff --git a/machines/asus-gl553vd/default.nix b/machines/asus-gl553vd/default.nix index 1a729c9..afbd5ac 100644 --- a/machines/asus-gl553vd/default.nix +++ b/machines/asus-gl553vd/default.nix @@ -20,7 +20,11 @@ in # Use the systemd-boot EFI boot loader. boot.loader = { - systemd-boot.enable = true; + systemd-boot = { + enable = true; + configurationLimit = 10; + }; + efi.canTouchEfiVariables = true; }; diff --git a/machines/default.nix b/machines/default.nix index 2f2e97d..ef936b5 100644 --- a/machines/default.nix +++ b/machines/default.nix @@ -34,5 +34,9 @@ in system = "x86_64-linux"; targetHost = "45.131.41.215"; + + extraModules = [ + inputs.mailserver.nixosModule + ]; }; } diff --git a/machines/magenta/default.nix b/machines/magenta/default.nix index 252d3e8..fe61b95 100644 --- a/machines/magenta/default.nix +++ b/machines/magenta/default.nix @@ -1,4 +1,4 @@ -{ ... }: +{ config, ... }: let data = import ../../data.nix; @@ -7,7 +7,9 @@ in imports = [ ./hardware-configuration.nix ./networking.nix # generated at runtime by nixos-infect + ./mail-accounts.nix ../modules/common.nix + ../modules/nix.nix ]; boot.cleanTmpDir = true; @@ -16,4 +18,19 @@ in services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = data.publicKeys.users.jan; + + security.acme = { + acceptTerms = true; + defaults.email = "dmitriy@pleshevski.ru"; + }; + + mailserver = { + enable = true; + fqdn = "mail.pleshevski.ru"; + domains = [ "pleshevski.ru" ]; + + # Use Let's Encrypt certificates. Note that this needs to set up a stripped + # down nginx and opens port 80. + certificateScheme = 3; + }; } diff --git a/machines/magenta/mail-accounts.nix b/machines/magenta/mail-accounts.nix new file mode 100644 index 0000000..a7674f9 Binary files /dev/null and b/machines/magenta/mail-accounts.nix differ diff --git a/machines/modules/common.nix b/machines/modules/common.nix index d0b7ce1..4087f7b 100644 --- a/machines/modules/common.nix +++ b/machines/modules/common.nix @@ -8,18 +8,9 @@ users.mutableUsers = false; - programs.zsh.enable = true; - - environment.systemPackages = with pkgs; [ - gnumake - vim - wget - ]; - # Enable the OpenSSH daemon. services.openssh.enable = true; - # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; diff --git a/secrets.config.nix b/secrets.config.nix index 16c5ea6..472f409 100644 Binary files a/secrets.config.nix and b/secrets.config.nix differ diff --git a/secrets.nix b/secrets.nix index 43ba5e0..00bbe78 100644 Binary files a/secrets.nix and b/secrets.nix differ diff --git a/secrets/mailserver-users-family-passfile.age b/secrets/mailserver-users-family-passfile.age new file mode 100644 index 0000000..3e40050 Binary files /dev/null and b/secrets/mailserver-users-family-passfile.age differ diff --git a/secrets/mailserver-users-jan-passfile.age b/secrets/mailserver-users-jan-passfile.age new file mode 100644 index 0000000..af8c67b Binary files /dev/null and b/secrets/mailserver-users-jan-passfile.age differ diff --git a/users/jan/secrets.nix b/users/jan/secrets.nix index 41eed1d..c38bdc7 100644 Binary files a/users/jan/secrets.nix and b/users/jan/secrets.nix differ