roundcube
This commit is contained in:
parent
46492ae750
commit
9241778fce
@ -1,6 +1,42 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
mailserver.enable = true;
|
||||
time.timeZone = "Europe/Sofia";
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
nix = {
|
||||
extraOptions = ''
|
||||
experimental-features = nix-command flakes
|
||||
'';
|
||||
};
|
||||
|
||||
security = {
|
||||
acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "security@idimitrov.dev";
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
users = {
|
||||
users.ivand = {
|
||||
isNormalUser = true;
|
||||
hashedPassword =
|
||||
"$2b$05$hPrPcewxj4qjLCRQpKBAu.FKvKZdIVlnyn4uYsWE8lc21Jhvc9jWG";
|
||||
extraGroups = [ "wheel" "adm" "mlocate" ];
|
||||
openssh.authorizedKeys.keys = [
|
||||
''
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyW157tNiQdeoQsoo5AEzhyi6BvPeqEvChCxCHf3hikmFDqb6bvvlKYb9grW+fqE0HzALRwpXvPKnuUwHKPVG8HZ7NC9bT5RPMO0rFviNoxWF2PNDWG0ivPmLrQGKtCPM3aUIhSdUdlJ7ImYl34KBkUIrSmL7WlLJUvh1PtyyuVfrhpFzFxHwYwVCNO33L89lfl5PY/G9qrjlH64urt/6aWqMdHD8bZ4MHBPcnSwLMd7f0nNa0aTAJMabsfmndZhV24y7T1FUWG0dl27Q4rnpnZJWBDD1IyWIX/aN+DD6eVVWa4tRVJs6ycfw48hft0zs9zLn9mU4a2hxQ6VvfwpqZHOO8XqqOSai9Yw9Ba60iVQokQQiL91KidoSF7zD0U0szdEmylANyAntUcJ1kdu496s21IU2hjYfN/3seH5a9hBk8iPHp/eTeVUXFKh27rRWn0gc+rba1LF0BWfTjRYR7e1uvPEau0I61sNsp3lnMULdkgkZ9rap1sRM6ULlaRXM= ivand@nixos
|
||||
''
|
||||
];
|
||||
};
|
||||
extraGroups = { mlocate = { }; };
|
||||
};
|
||||
|
||||
environment = {
|
||||
systemPackages = with pkgs; [ coreutils-full fd git vim mlocate busybox bash scripts ];
|
||||
};
|
||||
|
||||
services = {
|
||||
openssh = {
|
||||
enable = true;
|
||||
@ -8,25 +44,5 @@
|
||||
PermitRootLogin = "prohibit-password";
|
||||
};
|
||||
};
|
||||
minetest-server = {
|
||||
enable = true;
|
||||
port = 30000;
|
||||
gameId = "mineclone2";
|
||||
};
|
||||
};
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [ 30000 ];
|
||||
allowedUDPPorts = [ 30000 ];
|
||||
};
|
||||
systemd = {
|
||||
services = {
|
||||
"serial-getty@ttyS0".enable = lib.mkForce false;
|
||||
};
|
||||
extraConfig = ''
|
||||
DefaultTimeoutStartSec=900s
|
||||
'';
|
||||
};
|
||||
time.timeZone = "Europe/Sofia";
|
||||
system.stateVersion = "23.11";
|
||||
}
|
||||
|
@ -1,55 +1,4 @@
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
|
||||
imports = [ ./configuration.nix ];
|
||||
|
||||
nix = {
|
||||
extraOptions = ''
|
||||
experimental-features = nix-command flakes
|
||||
'';
|
||||
};
|
||||
|
||||
mailserver = {
|
||||
fqdn = "mail.idimitrov.dev";
|
||||
domains = [ "idimitrov.dev" "mail.idimitrov.dev" ];
|
||||
|
||||
loginAccounts = {
|
||||
"ivan@idimitrov.dev" = {
|
||||
hashedPassword = "$2b$05$rTVIQD98ogXeCBKdk/YufulWHqpMCAlb7SHDPlh5y8Xbukoa/uQLm";
|
||||
aliases = [ "admin@idimitrov.dev" ];
|
||||
};
|
||||
"security@idimitrov.dev" = {
|
||||
hashedPassword = "$2b$05$rTVIQD98ogXeCBKdk/YufulWHqpMCAlb7SHDPlh5y8Xbukoa/uQLm";
|
||||
};
|
||||
};
|
||||
|
||||
certificateScheme = "acme-nginx";
|
||||
hierarchySeparator = "/";
|
||||
};
|
||||
|
||||
security = {
|
||||
acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "security@idimitrov.dev";
|
||||
};
|
||||
};
|
||||
|
||||
users = {
|
||||
users.ivand = {
|
||||
isNormalUser = true;
|
||||
hashedPassword =
|
||||
"$2b$05$hPrPcewxj4qjLCRQpKBAu.FKvKZdIVlnyn4uYsWE8lc21Jhvc9jWG";
|
||||
extraGroups = [ "wheel" "adm" "mlocate" ];
|
||||
openssh.authorizedKeys.keys = [
|
||||
''
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyW157tNiQdeoQsoo5AEzhyi6BvPeqEvChCxCHf3hikmFDqb6bvvlKYb9grW+fqE0HzALRwpXvPKnuUwHKPVG8HZ7NC9bT5RPMO0rFviNoxWF2PNDWG0ivPmLrQGKtCPM3aUIhSdUdlJ7ImYl34KBkUIrSmL7WlLJUvh1PtyyuVfrhpFzFxHwYwVCNO33L89lfl5PY/G9qrjlH64urt/6aWqMdHD8bZ4MHBPcnSwLMd7f0nNa0aTAJMabsfmndZhV24y7T1FUWG0dl27Q4rnpnZJWBDD1IyWIX/aN+DD6eVVWa4tRVJs6ycfw48hft0zs9zLn9mU4a2hxQ6VvfwpqZHOO8XqqOSai9Yw9Ba60iVQokQQiL91KidoSF7zD0U0szdEmylANyAntUcJ1kdu496s21IU2hjYfN/3seH5a9hBk8iPHp/eTeVUXFKh27rRWn0gc+rba1LF0BWfTjRYR7e1uvPEau0I61sNsp3lnMULdkgkZ9rap1sRM6ULlaRXM= ivand@nixos
|
||||
''
|
||||
];
|
||||
};
|
||||
extraGroups = { mlocate = { }; };
|
||||
};
|
||||
|
||||
environment = {
|
||||
systemPackages = with pkgs; [ coreutils-full fd git vim mlocate busybox bash scripts ];
|
||||
};
|
||||
imports = [ ./configuration.nix ./mailserver.nix ./roundcube.nix ./postgres.nix ];
|
||||
}
|
||||
|
19
mailserver/mailserver.nix
Normal file
19
mailserver/mailserver.nix
Normal file
@ -0,0 +1,19 @@
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
mailserver = {
|
||||
enable = true;
|
||||
fqdn = "mail.idimitrov.dev";
|
||||
domains = [ "idimitrov.dev" "mail.idimitrov.dev" ];
|
||||
loginAccounts = {
|
||||
"ivan@idimitrov.dev" = {
|
||||
hashedPassword = "$2b$05$rTVIQD98ogXeCBKdk/YufulWHqpMCAlb7SHDPlh5y8Xbukoa/uQLm";
|
||||
aliases = [ "admin@idimitrov.dev" ];
|
||||
};
|
||||
"security@idimitrov.dev" = {
|
||||
hashedPassword = "$2b$05$rTVIQD98ogXeCBKdk/YufulWHqpMCAlb7SHDPlh5y8Xbukoa/uQLm";
|
||||
};
|
||||
};
|
||||
certificateScheme = "acme-nginx";
|
||||
hierarchySeparator = "/";
|
||||
};
|
||||
}
|
34
mailserver/postgres.nix
Normal file
34
mailserver/postgres.nix
Normal file
@ -0,0 +1,34 @@
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
services = {
|
||||
postgresql = {
|
||||
enable = true;
|
||||
ensureDatabases = [ "roundcube" ];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "roundcube";
|
||||
ensurePermissions = {
|
||||
"DATABASE \"roundcube\"" = "ALL PRIVILEGES";
|
||||
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
|
||||
"ALL SEQUENCES IN SCHEMA public" = "ALL PRIVILEGES";
|
||||
"SCHEMA public" = "ALL PRIVILEGES";
|
||||
};
|
||||
}
|
||||
{
|
||||
name = "root";
|
||||
ensureClauses = {
|
||||
superuser = true;
|
||||
createrole = true;
|
||||
createdb = true;
|
||||
};
|
||||
}
|
||||
];
|
||||
initialScript = pkgs.writeText "init" ''
|
||||
GRANT ALL PRIVILEGES ON DATABASE roundcube TO roundcube;
|
||||
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO roundcube;
|
||||
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO roundcube;
|
||||
GRANT ALL PRIVILEGES ON SCHEMA public TO roundcube;
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
15
mailserver/roundcube.nix
Normal file
15
mailserver/roundcube.nix
Normal file
@ -0,0 +1,15 @@
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
services = {
|
||||
roundcube = {
|
||||
enable = true;
|
||||
hostName = "${config.mailserver.fqdn}";
|
||||
extraConfig = ''
|
||||
$config['smtp_host'] = "tls://${config.mailserver.fqdn}";
|
||||
$config['smtp_user'] = "%u";
|
||||
$config['smtp_pass'] = "%p";
|
||||
'';
|
||||
};
|
||||
nginx.enable = true;
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue
Block a user