ivandimitrov8080/configuration.nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

successful merge

Browse Source
This commit is contained in:
Ivan Kirilov Dimitrov 2024-08-03 17:09:52 +02:00
parent 1d438b291d
commit 3a301ddce5
No known key found for this signature in database
GPG Key ID: 0BDAD4B211C49294
20 changed files with 1056 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Justfile
View File

@ -33,3 +33,6 @@ ai:
installer-iso:
nix shell nixpkgs#nixos-generators --command nixos-generate -f install-iso --flake ./#nixos
vps:
nixos-rebuild switch --flake ./#vps --target-host root@10.0.0.1

636
flake.lock
View File

@ -1,5 +1,21 @@
{
"nodes": {
"blobs": {
"flake": false,
"locked": {
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"type": "gitlab"
}
},
"devshell": {
"inputs": {
"nixpkgs": [
@ -22,6 +38,30 @@
"type": "github"
}
},
"devshell_2": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": [
"webshite",
"ide",
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1717408969,
"narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=",
"owner": "numtide",
"repo": "devshell",
"rev": "1ebbe68d57457c8cae98145410b164b5477761f4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
@ -68,6 +108,84 @@
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_6": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_7": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_8": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
@ -134,6 +252,75 @@
"type": "github"
}
},
"flake-parts_4": {
"inputs": {
"nixpkgs-lib": [
"webshite",
"ide",
"neovim-nightly-overlay",
"nixpkgs"
]
},
"locked": {
"lastModified": 1717285511,
"narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_5": {
"inputs": {
"nixpkgs-lib": [
"webshite",
"ide",
"neovim-nightly-overlay",
"hercules-ci-effects",
"nixpkgs"
]
},
"locked": {
"lastModified": 1712014858,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
"type": "github"
},
"original": {
"id": "flake-parts",
"type": "indirect"
}
},
"flake-parts_6": {
"inputs": {
"nixpkgs-lib": [
"webshite",
"ide",
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1717285511,
"narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": [
@ -173,6 +360,46 @@
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": [
"webshite",
"ide",
"systems"
]
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat_2",
@ -235,6 +462,68 @@
"type": "github"
}
},
"git-hooks_3": {
"inputs": {
"flake-compat": "flake-compat_6",
"gitignore": "gitignore_3",
"nixpkgs": [
"webshite",
"ide",
"neovim-nightly-overlay",
"nixpkgs"
],
"nixpkgs-stable": [
"webshite",
"ide",
"neovim-nightly-overlay",
"nixpkgs"
]
},
"locked": {
"lastModified": 1718879355,
"narHash": "sha256-RTyqP4fBX2MdhNuMP+fnR3lIwbdtXhyj7w7fwtvgspc=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "8cd35b9496d21a6c55164d8547d9d5280162b07a",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"git-hooks_4": {
"inputs": {
"flake-compat": "flake-compat_8",
"gitignore": "gitignore_4",
"nixpkgs": [
"webshite",
"ide",
"nixvim",
"nixpkgs"
],
"nixpkgs-stable": [
"webshite",
"ide",
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1718879355,
"narHash": "sha256-RTyqP4fBX2MdhNuMP+fnR3lIwbdtXhyj7w7fwtvgspc=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "8cd35b9496d21a6c55164d8547d9d5280162b07a",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
@ -281,6 +570,54 @@
"type": "github"
}
},
"gitignore_3": {
"inputs": {
"nixpkgs": [
"webshite",
"ide",
"neovim-nightly-overlay",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_4": {
"inputs": {
"nixpkgs": [
"webshite",
"ide",
"nixvim",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"hercules-ci-effects": {
"inputs": {
"flake-parts": "flake-parts_2",
@ -304,6 +641,30 @@
"type": "github"
}
},
"hercules-ci-effects_2": {
"inputs": {
"flake-parts": "flake-parts_5",
"nixpkgs": [
"webshite",
"ide",
"neovim-nightly-overlay",
"nixpkgs"
]
},
"locked": {
"lastModified": 1718018037,
"narHash": "sha256-03rLBd/lKecgaKz0j5ESUf9lDn5R0SJatZTKLL5unWE=",
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"rev": "0ab08b23ce3c3f75fe9a5598756b6fb8bcf0b414",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -346,6 +707,29 @@
"type": "github"
}
},
"home-manager_3": {
"inputs": {
"nixpkgs": [
"webshite",
"ide",
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719037157,
"narHash": "sha256-aOKd8+mhBsLQChCu1mn/W5ww79ta5cXVE59aJFrifM8=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "cd886711998fe5d9ff7979fdd4b4cbd17b1f1511",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"hosts": {
"inputs": {
"nixpkgs": [
@ -390,6 +774,31 @@
"type": "github"
}
},
"ide_2": {
"inputs": {
"flake-utils": "flake-utils_3",
"neovim-nightly-overlay": "neovim-nightly-overlay_2",
"nixpkgs": [
"webshite",
"nixpkgs"
],
"nixvim": "nixvim_2",
"systems": "systems_4"
},
"locked": {
"lastModified": 1720387774,
"narHash": "sha256-vbdLOPW2s5HZ/aRJl2GtcL1d4racetoPRn6W7dGVl+E=",
"owner": "ivandimitrov8080",
"repo": "flake-ide",
"rev": "7194c89a92430d755aabd11d2eae25d13b6e8f00",
"type": "github"
},
"original": {
"owner": "ivandimitrov8080",
"repo": "flake-ide",
"type": "github"
}
},
"musnix": {
"inputs": {
"nixpkgs": [
@ -436,6 +845,33 @@
"type": "github"
}
},
"neovim-nightly-overlay_2": {
"inputs": {
"flake-compat": "flake-compat_5",
"flake-parts": "flake-parts_4",
"git-hooks": "git-hooks_3",
"hercules-ci-effects": "hercules-ci-effects_2",
"neovim-src": "neovim-src_2",
"nixpkgs": [
"webshite",
"ide",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719211247,
"narHash": "sha256-GaEckCf2RaHzoEDj/j07BIV6eyDOT5wCFVSdbbkZ87U=",
"owner": "nix-community",
"repo": "neovim-nightly-overlay",
"rev": "820da0e6b6127df9ad05ef3af40d767577e21ba1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "neovim-nightly-overlay",
"type": "github"
}
},
"neovim-src": {
"flake": false,
"locked": {
@ -452,6 +888,22 @@
"type": "github"
}
},
"neovim-src_2": {
"flake": false,
"locked": {
"lastModified": 1719138008,
"narHash": "sha256-+rM0RjvuW6/vzxdJxEU6KvQEF159NXrgB+irtS044Cc=",
"owner": "neovim",
"repo": "neovim",
"rev": "be999e6a0e5b251b2b37500d06636d4167334c6e",
"type": "github"
},
"original": {
"owner": "neovim",
"repo": "neovim",
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
@ -474,6 +926,29 @@
"type": "github"
}
},
"nix-darwin_2": {
"inputs": {
"nixpkgs": [
"webshite",
"ide",
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719128254,
"narHash": "sha256-I7jMpq0CAOZA/i70+HDQO/ulLttyQu/K70cSESiMX7A=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "50581970f37f06a4719001735828519925ef8310",
"type": "github"
},
"original": {
"owner": "lnl7",
"repo": "nix-darwin",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1722421184,
@ -490,6 +965,21 @@
"type": "github"
}
},
"nixpkgs-24_05": {
"locked": {
"lastModified": 1717144377,
"narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "805a384895c696f802a9bf5bf4720f37385df547",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-24.05",
"type": "indirect"
}
},
"nixvim": {
"inputs": {
"devshell": "devshell",
@ -519,6 +1009,35 @@
"type": "github"
}
},
"nixvim_2": {
"inputs": {
"devshell": "devshell_2",
"flake-compat": "flake-compat_7",
"flake-parts": "flake-parts_6",
"git-hooks": "git-hooks_4",
"home-manager": "home-manager_3",
"nix-darwin": "nix-darwin_2",
"nixpkgs": [
"webshite",
"ide",
"nixpkgs"
],
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
"lastModified": 1719228487,
"narHash": "sha256-eJUcZAjOcGAoh97ZRsy+ls8IkHPMpDuh0IpRKSmoWs4=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "66c8592b31845cb0a1335ecc31ea40e89bed1a38",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixvim",
"type": "github"
}
},
"nuschtosSearch": {
"inputs": {
"flake-utils": "flake-utils_2",
@ -570,7 +1089,10 @@
"musnix": "musnix",
"nixpkgs": "nixpkgs",
"parts": "parts",
"sal": "sal"
"sal": "sal",
"simple-nixos-mailserver": "simple-nixos-mailserver",
"vpsadminos": "vpsadminos",
"webshite": "webshite"
}
},
"sal": {
@ -596,6 +1118,29 @@
"type": "github"
}
},
"simple-nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat_4",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-24_05": "nixpkgs-24_05"
},
"locked": {
"lastModified": 1721121314,
"narHash": "sha256-zwc7YXga/1ppaZMWFreZykXtFwBgXodxUZiUx969r+g=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "059b50b2e729729ea00c6831124d3837c494f3d5",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"type": "gitlab"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
@ -626,6 +1171,36 @@
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1680978846,
"narHash": "sha256-Gtqg8b/v49BFDpDetjclCYXm8mAnTrUzR0JnE2nv5aw=",
"owner": "nix-systems",
"repo": "x86_64-linux",
"rev": "2ecfcac5e15790ba6ce360ceccddb15ad16d08a8",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "x86_64-linux",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
@ -647,6 +1222,65 @@
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_2": {
"inputs": {
"nixpkgs": [
"webshite",
"ide",
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1718522839,
"narHash": "sha256-ULzoKzEaBOiLRtjeY3YoGFJMwWSKRYOic6VNw2UyTls=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "68eb1dc333ce82d0ab0c0357363ea17c31ea1f81",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"vpsadminos": {
"locked": {
"lastModified": 1722101851,
"narHash": "sha256-fM5Z8Qhk9/AbGYJ4VrJilGlFK9btBEF+ROtbYYJZJ1I=",
"owner": "vpsfreecz",
"repo": "vpsadminos",
"rev": "2c8ff8462a6f4aefb7bd2663d6ddbedd9d161f2c",
"type": "github"
},
"original": {
"owner": "vpsfreecz",
"repo": "vpsadminos",
"type": "github"
}
},
"webshite": {
"inputs": {
"ide": "ide_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1722604181,
"narHash": "sha256-lbli+H6fgQlVyXX4qtU8SfvncDB+HZOUd53Rj23pyv0=",
"owner": "ivandimitrov8080",
"repo": "idimitrov.dev",
"rev": "4d1b71bf30bcf24b0ef5e347026d2c5369cad8eb",
"type": "github"
},
"original": {
"owner": "ivandimitrov8080",
"repo": "idimitrov.dev",
"type": "github"
}
}
},
"root": "root",

9
flake.nix
View File

@ -1,6 +1,7 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
vpsadminos.url = "github:vpsfreecz/vpsadminos";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
@ -25,6 +26,14 @@
url = "github:musnix/musnix";
inputs.nixpkgs.follows = "nixpkgs";
};
simple-nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
inputs.nixpkgs.follows = "nixpkgs";
};
webshite = {
url = "github:ivandimitrov8080/idimitrov.dev";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs: inputs.parts.lib.mkFlake { inherit inputs; } { imports = [ ./. ]; };
}

4
hardware-configurations/default.nix
View File

@ -16,8 +16,8 @@ top@{ ... }: {
"/boot" = { device = "/dev/disk/by-uuid/4C3C-993A"; fsType = "vfat"; };
};
swapDevices = [ ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
networking.useDHCP = lib.mkForce true;
nixpkgs.hostPlatform = lib.mkForce "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkForce false;
};
};

103
hosts/vps/mailserver/configuration.nix Normal file
View File

@ -0,0 +1,103 @@
{ pkgs, ... }:
{
time.timeZone = "Europe/Prague";
fileSystems."/mnt/export1981" = {
device = "172.16.128.47:/nas/5490";
fsType = "nfs";
options = [ "nofail" ];
};
nix = {
extraOptions = ''
experimental-features = nix-command flakes
'';
};
security = {
acme = {
acceptTerms = true;
defaults.email = "security@idimitrov.dev";
};
};
networking = {
firewall = pkgs.lib.mkForce {
enable = true;
allowedTCPPorts = [
25 # smtp
465 # smtps
80 # http
443 # https
];
allowedUDPPorts = [
25
465
80
443
51820 # wireguard
];
extraCommands = ''
iptables -N vpn # create a new chain named vpn
iptables -A vpn --src 10.0.0.2 -j ACCEPT # allow
iptables -A vpn --src 10.0.0.3 -j ACCEPT # allow
iptables -A vpn --src 10.0.0.4 -j ACCEPT # allow
iptables -A vpn -j DROP # drop everyone else
iptables -I INPUT -m tcp -p tcp --dport 22 -j vpn
'';
extraStopCommands = ''
iptables -F vpn
iptables -D INPUT -m tcp -p tcp --dport 22 -j vpn
iptables -X vpn
'';
};
};
users = {
users.ivand = {
isNormalUser = true;
hashedPassword =
"$2b$05$hPrPcewxj4qjLCRQpKBAu.FKvKZdIVlnyn4uYsWE8lc21Jhvc9jWG";
extraGroups = [ "wheel" "adm" "mlocate" ];
openssh.authorizedKeys.keys = [
''
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyW157tNiQdeoQsoo5AEzhyi6BvPeqEvChCxCHf3hikmFDqb6bvvlKYb9grW+fqE0HzALRwpXvPKnuUwHKPVG8HZ7NC9bT5RPMO0rFviNoxWF2PNDWG0ivPmLrQGKtCPM3aUIhSdUdlJ7ImYl34KBkUIrSmL7WlLJUvh1PtyyuVfrhpFzFxHwYwVCNO33L89lfl5PY/G9qrjlH64urt/6aWqMdHD8bZ4MHBPcnSwLMd7f0nNa0aTAJMabsfmndZhV24y7T1FUWG0dl27Q4rnpnZJWBDD1IyWIX/aN+DD6eVVWa4tRVJs6ycfw48hft0zs9zLn9mU4a2hxQ6VvfwpqZHOO8XqqOSai9Yw9Ba60iVQokQQiL91KidoSF7zD0U0szdEmylANyAntUcJ1kdu496s21IU2hjYfN/3seH5a9hBk8iPHp/eTeVUXFKh27rRWn0gc+rba1LF0BWfTjRYR7e1uvPEau0I61sNsp3lnMULdkgkZ9rap1sRM6ULlaRXM= ivand@nixos
''
];
};
extraGroups = { mlocate = { }; };
};
environment = {
enableAllTerminfo = true;
};
services = {
openssh = {
enable = true;
settings = {
PermitRootLogin = "prohibit-password";
};
};
};
systemd = {
timers = {
bingwp = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-* 10:00:00";
Persistent = true;
};
};
};
services = {
bingwp = {
description = "Download bing image of the day";
script = ''
${pkgs.nushell}/bin/nu -c "http get ('https://bing.com' + ((http get https://www.bing.com/HPImageArchive.aspx?format=js&n=1).images.0.url)) | save ('/var/pic' | path join ( [ (date now | format date '%Y-%m-%d'), '.png' ] | str join ))"
${pkgs.nushell}/bin/nu -c "${pkgs.toybox}/bin/ln -sf (ls /var/pic | where type == file | get name | sort | last) /var/pic/latest.png"
'';
};
};
};
}

3
hosts/vps/mailserver/default.nix Normal file
View File

@ -0,0 +1,3 @@
{
imports = [ ./configuration.nix ./mailserver ./roundcube ./postgres ./wireguard ./nginx ./tor ./i2pd ./gitea ./dnscrypt ./monero ];
}

33
hosts/vps/mailserver/dnscrypt/default.nix Normal file
View File

@ -0,0 +1,33 @@
{
networking = {
nameservers = [ "127.0.0.1" "::1" ];
dhcpcd.extraConfig = "nohook resolv.conf";
};
services.dnscrypt-proxy2 = {
enable = true;
settings = {
ipv4_servers = true;
ipv6_servers = true;
dnscrypt_servers = true;
doh_servers = false;
odoh_servers = false;
require_dnssec = true;
require_nolog = true;
require_nofilter = true;
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
};
};
systemd.services.dnscrypt-proxy2.serviceConfig = {
StateDirectory = "dnscrypt-proxy";
};
}

23
hosts/vps/mailserver/gitea/default.nix Normal file
View File

@ -0,0 +1,23 @@
{ ... }:
{
services.gitea = {
enable = true;
appName = "src";
database = {
type = "postgres";
};
settings = {
server = {
DOMAIN = "src.idimitrov.dev";
ROOT_URL = "https://src.idimitrov.dev/";
HTTP_PORT = 3001;
};
repository = {
DEFAULT_BRANCH = "master";
};
service = {
DISABLE_REGISTRATION = true;
};
};
};
}

14
hosts/vps/mailserver/i2pd/default.nix Normal file
View File

@ -0,0 +1,14 @@
{
services.i2pd = {
enable = true;
inTunnels = {
idimitrov = {
enable = true;
keys = "idimitrov-keys.dat";
inPort = 80;
destination = "127.0.0.1";
port = 3000;
};
};
};
}

21
hosts/vps/mailserver/mailserver/default.nix Normal file
View File

@ -0,0 +1,21 @@
{ config, pkgs, ... }:
{
mailserver = {
enable = true;
localDnsResolver = false;
fqdn = "mail.idimitrov.dev";
domains = [ "idimitrov.dev" "mail.idimitrov.dev" ];
loginAccounts = {
"ivan@idimitrov.dev" = {
hashedPassword = "$2b$05$rTVIQD98ogXeCBKdk/YufulWHqpMCAlb7SHDPlh5y8Xbukoa/uQLm";
aliases = [ "admin@idimitrov.dev" ];
};
"security@idimitrov.dev" = {
hashedPassword = "$2b$05$rTVIQD98ogXeCBKdk/YufulWHqpMCAlb7SHDPlh5y8Xbukoa/uQLm";
};
};
certificateScheme = "acme-nginx";
hierarchySeparator = "/";
};
services.dovecot2.sieve.extensions = [ "fileinto" ];
}

6
hosts/vps/mailserver/monero/default.nix Normal file
View File

@ -0,0 +1,6 @@
{
services.monero = {
enable = false;
dataDir = "/mnt/export1981/monero";
};
}

72
hosts/vps/mailserver/nginx/default.nix Normal file
View File

@ -0,0 +1,72 @@
{ config, pkgs, ... }:
let
webshiteConfig = ''
add_header 'Referrer-Policy' 'origin-when-cross-origin';
add_header X-Content-Type-Options nosniff;
add_header Onion-Location http://sxfx23zafag4lixkb4s6zwih7ga5jnzfgtgykcerd354bvb6u7alnkid.onion;
'';
restrictToVpn = ''
allow 10.0.0.2/32;
allow fdc9:281f:04d7:9ee9::2/128;
allow 10.0.0.3/32;
allow 10.0.0.4/32;
deny all;
'';
extensions = [ "html" "txt" "png" "jpg" "jpeg" ];
serveStatic = exts: ''
try_files $uri $uri/ ${pkgs.lib.strings.concatStringsSep " " (builtins.map (x: "$uri." + "${x}") exts)} =404;
'';
in
{
services = {
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
virtualHosts = {
"idimitrov.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
root = "${pkgs.webshite}";
extraConfig = serveStatic extensions;
};
extraConfig = webshiteConfig;
};
"www.idimitrov.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
root = "${pkgs.webshite}";
extraConfig = serveStatic extensions;
};
extraConfig = webshiteConfig;
};
"${config.mailserver.fqdn}" = {
extraConfig = restrictToVpn;
};
"src.idimitrov.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3001";
};
};
"pic.idimitrov.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
root = "/var/pic";
extraConfig = ''
autoindex on;
${serveStatic ["png"]}
'';
};
};
};
};
};
}

39
hosts/vps/mailserver/postgres/default.nix Normal file
View File

@ -0,0 +1,39 @@
{ config, pkgs, ... }:
{
services = {
postgresql = {
enable = true;
ensureDatabases = [ "roundcube" "gitea" ];
ensureUsers = [
{
name = "roundcube";
ensureDBOwnership = true;
}
{
name = "gitea";
ensureDBOwnership = true;
}
{
name = "root";
ensureClauses = {
superuser = true;
createrole = true;
createdb = true;
};
}
];
authentication = ''
local gitea all ident map=gitea-users
'';
identMap = ''
gitea-users gitea gitea
'';
initialScript = pkgs.writeText "init" ''
GRANT ALL PRIVILEGES ON DATABASE roundcube TO roundcube;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO roundcube;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO roundcube;
GRANT ALL PRIVILEGES ON SCHEMA public TO roundcube;
'';
};
};
}

18
hosts/vps/mailserver/roundcube/default.nix Normal file
View File

@ -0,0 +1,18 @@
{ config, pkgs, ... }:
{
services = {
roundcube = {
enable = true;
package = pkgs.roundcube.withPlugins (plugins: [ plugins.persistent_login ]);
plugins = [
"persistent_login"
];
hostName = "${config.mailserver.fqdn}";
extraConfig = ''
$config['smtp_host'] = "tls://${config.mailserver.fqdn}";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
};
};
}

21
hosts/vps/mailserver/tor/default.nix Normal file
View File

@ -0,0 +1,21 @@
{
services.tor = {
enable = true;
client.enable = true;
relay = {
enable = true;
role = "relay";
onionServices = {
idimitrov = {
map = [{
port = 80;
target = {
addr = "127.0.0.1";
port = 3000;
};
}];
};
};
};
};
}

43
hosts/vps/mailserver/wireguard/default.nix Normal file
View File

@ -0,0 +1,43 @@
{ pkgs, ... }: {
networking.nat = {
enable = true;
enableIPv6 = true;
externalInterface = "venet0";
internalInterfaces = [ "wg0" ];
};
networking.wg-quick.interfaces = {
wg0 = {
address = [ "10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64" ];
listenPort = 51820;
privateKeyFile = "/etc/wireguard/privatekey";
postUp = ''
${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.1/24 -o venet0 -j MASQUERADE
${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o venet0 -j MASQUERADE
'';
preDown = ''
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.1/24 -o venet0 -j MASQUERADE
${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o venet0 -j MASQUERADE
'';
peers = [
{
publicKey = "28yXYLk4U0r6MdWFEZzk6apI8uhg962wMprF47wUJyI=";
allowedIPs = [ "10.0.0.2/32" "fdc9:281f:04d7:9ee9::2/128" ];
}
{
publicKey = "RqTsFxFCcgYsytcDr+jfEoOA5UNxa1ZzGlpx6iuTpXY=";
allowedIPs = [ "10.0.0.3/32" ];
}
{
publicKey = "kI93V0dVKSqX8hxMJHK5C0c1hEDPQTgPQDU8TKocVgo=";
allowedIPs = [ "10.0.0.4/32" ];
}
];
};
};
}

1
nixos/configs/default.nix
View File

@ -21,5 +21,6 @@ in
nonya = novaConfig (with mods; [ anon cryptocurrency ivand ]);
ai = novaConfig (with mods; [ ai ivand ]);
installer-iso = configWithModules { hardware = { }; modules = (with mods; [ grub base ]); };
vps = configWithModules { hardware = { nixpkgs.hostPlatform = system; }; modules = (with mods; [ base shell vps ]); };
};
}

7
nixos/modules/default.nix
View File

@ -214,5 +214,12 @@ top@{ inputs, moduleWithSystem, ... }: {
environment.systemPackages = with pkgs; [ monero-cli ];
services = { monero.enable = true; };
});
vps = moduleWithSystem (toplevel@{ ... }: perSystem@{ ... }: {
imports = [
inputs.vpsadminos.nixosConfigurations.container
inputs.simple-nixos-mailserver.nixosModule
../../hosts/vps/mailserver
];
});
};
}

4
overlays/default.nix
View File

@ -1,13 +1,13 @@
top@{ inputs, withSystem, ... }: {
flake.overlays.default = final: prev:
let system = "x86_64-linux"; in
withSystem system (
let system = "x86_64-linux"; in withSystem system (
{ config, ... }: {
nvim = config.packages.nvim;
bingwp = config.packages.bingwp;
screenshot = config.packages.screenshot;
cursors = config.packages.cursors;
wpd = config.packages.wpd;
webshite = config.packages.webshite;
sal = inputs.sal.packages.${system}.default;
}
);

1
packages/default.nix
View File

@ -60,6 +60,7 @@ top@{ inputs, ... }: {
hash = "sha256-CuzD6O/RImFKLWzJoiUv7nlIdoXNvwwl+k5mTeVIY10=";
};
});
webshite = inputs.webshite.packages.${system}.default;
};
};
}