add mail server to magenta vps

This commit is contained in:
Dmitriy Pleshevskiy 2022-10-13 23:11:12 +03:00
parent e5c7ebd23c
commit 07b6b0fc08
Signed by: pleshevskiy
GPG key ID: 1B59187B161C0215
13 changed files with 93 additions and 11 deletions

2
.gitattributes vendored
View file

@ -2,3 +2,5 @@
secrets.config.nix filter=git-crypt diff=git-crypt secrets.config.nix filter=git-crypt diff=git-crypt
**/*.age filter=git-crypt diff=git-crypt **/*.age filter=git-crypt diff=git-crypt
machines/magenta/mail-accounts.nix filter=git-crypt diff=git-crypt

View file

@ -42,6 +42,22 @@
"type": "github" "type": "github"
} }
}, },
"blobs": {
"flake": false,
"locked": {
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"type": "gitlab"
}
},
"cmp-luasnip": { "cmp-luasnip": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -246,6 +262,31 @@
"type": "github" "type": "github"
} }
}, },
"mailserver": {
"inputs": {
"blobs": "blobs",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-22_05": "nixpkgs-22_05",
"utils": [
"flake-utils"
]
},
"locked": {
"lastModified": 1658267644,
"narHash": "sha256-NJRe1rnlF112eZwxNASlRL8/ghwD8g+lpHIYRkWQxC8=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "004c229ca44c069d93c92abf67ff1619fb508c6a",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"type": "gitlab"
}
},
"myneovim": { "myneovim": {
"inputs": { "inputs": {
"cmp-luasnip": "cmp-luasnip", "cmp-luasnip": "cmp-luasnip",
@ -344,6 +385,21 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-22_05": {
"locked": {
"lastModified": 1654936503,
"narHash": "sha256-soKzdhI4jTHv/rSbh89RdlcJmrPgH8oMb/PLqiqIYVQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dab6df51387c3878cdea09f43589a15729cae9f4",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-22.05",
"type": "indirect"
}
},
"nvim-cmp": { "nvim-cmp": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -451,6 +507,7 @@
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"hardware": "hardware", "hardware": "hardware",
"home-manager": "home-manager", "home-manager": "home-manager",
"mailserver": "mailserver",
"myneovim": "myneovim", "myneovim": "myneovim",
"nil": "nil", "nil": "nil",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",

View file

@ -39,6 +39,13 @@
url = "git+https://git.pleshevski.ru/pleshevskiy/vnetod"; url = "git+https://git.pleshevski.ru/pleshevskiy/vnetod";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
inputs.nixpkgs.follows = "nixpkgs";
inputs.utils.follows = "flake-utils";
};
}; };
outputs = inputs @ { self, flake-utils, nixpkgs, hardware, ... }: outputs = inputs @ { self, flake-utils, nixpkgs, hardware, ... }:

View file

@ -20,7 +20,11 @@ in
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
boot.loader = { boot.loader = {
systemd-boot.enable = true; systemd-boot = {
enable = true;
configurationLimit = 10;
};
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
}; };

View file

@ -34,5 +34,9 @@ in
system = "x86_64-linux"; system = "x86_64-linux";
targetHost = "45.131.41.215"; targetHost = "45.131.41.215";
extraModules = [
inputs.mailserver.nixosModule
];
}; };
} }

View file

@ -1,4 +1,4 @@
{ ... }: { config, ... }:
let let
data = import ../../data.nix; data = import ../../data.nix;
@ -7,7 +7,9 @@ in
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./networking.nix # generated at runtime by nixos-infect ./networking.nix # generated at runtime by nixos-infect
./mail-accounts.nix
../modules/common.nix ../modules/common.nix
../modules/nix.nix
]; ];
boot.cleanTmpDir = true; boot.cleanTmpDir = true;
@ -16,4 +18,19 @@ in
services.openssh.enable = true; services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = data.publicKeys.users.jan; users.users.root.openssh.authorizedKeys.keys = data.publicKeys.users.jan;
security.acme = {
acceptTerms = true;
defaults.email = "dmitriy@pleshevski.ru";
};
mailserver = {
enable = true;
fqdn = "mail.pleshevski.ru";
domains = [ "pleshevski.ru" ];
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
# down nginx and opens port 80.
certificateScheme = 3;
};
} }

Binary file not shown.

View file

@ -8,18 +8,9 @@
users.mutableUsers = false; users.mutableUsers = false;
programs.zsh.enable = true;
environment.systemPackages = with pkgs; [
gnumake
vim
wget
];
# Enable the OpenSSH daemon. # Enable the OpenSSH daemon.
services.openssh.enable = true; services.openssh.enable = true;
# Open ports in the firewall. # Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ];

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.