From 9241778fceb05735861537e8767ed2ba982a525c Mon Sep 17 00:00:00 2001
From: Ivan Dimitrov <ivan@idimitrov.dev>
Date: Wed, 15 Nov 2023 16:37:04 +0200
Subject: [PATCH] roundcube

---
 mailserver/configuration.nix | 58 +++++++++++++++++++++++-------------
 mailserver/default.nix       | 53 +-------------------------------
 mailserver/mailserver.nix    | 19 ++++++++++++
 mailserver/postgres.nix      | 34 +++++++++++++++++++++
 mailserver/roundcube.nix     | 15 ++++++++++
 5 files changed, 106 insertions(+), 73 deletions(-)
 create mode 100644 mailserver/mailserver.nix
 create mode 100644 mailserver/postgres.nix
 create mode 100644 mailserver/roundcube.nix

diff --git a/mailserver/configuration.nix b/mailserver/configuration.nix
index 55f6c6c..179abd9 100644
--- a/mailserver/configuration.nix
+++ b/mailserver/configuration.nix
@@ -1,6 +1,42 @@
 { config, pkgs, lib, ... }:
 {
-  mailserver.enable = true;
+  time.timeZone = "Europe/Sofia";
+  system.stateVersion = "23.11";
+
+  nix = {
+    extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+  };
+
+  security = {
+    acme = {
+      acceptTerms = true;
+      defaults.email = "security@idimitrov.dev";
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  users = {
+    users.ivand = {
+      isNormalUser = true;
+      hashedPassword =
+        "$2b$05$hPrPcewxj4qjLCRQpKBAu.FKvKZdIVlnyn4uYsWE8lc21Jhvc9jWG";
+      extraGroups = [ "wheel" "adm" "mlocate" ];
+      openssh.authorizedKeys.keys = [
+        ''
+          ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyW157tNiQdeoQsoo5AEzhyi6BvPeqEvChCxCHf3hikmFDqb6bvvlKYb9grW+fqE0HzALRwpXvPKnuUwHKPVG8HZ7NC9bT5RPMO0rFviNoxWF2PNDWG0ivPmLrQGKtCPM3aUIhSdUdlJ7ImYl34KBkUIrSmL7WlLJUvh1PtyyuVfrhpFzFxHwYwVCNO33L89lfl5PY/G9qrjlH64urt/6aWqMdHD8bZ4MHBPcnSwLMd7f0nNa0aTAJMabsfmndZhV24y7T1FUWG0dl27Q4rnpnZJWBDD1IyWIX/aN+DD6eVVWa4tRVJs6ycfw48hft0zs9zLn9mU4a2hxQ6VvfwpqZHOO8XqqOSai9Yw9Ba60iVQokQQiL91KidoSF7zD0U0szdEmylANyAntUcJ1kdu496s21IU2hjYfN/3seH5a9hBk8iPHp/eTeVUXFKh27rRWn0gc+rba1LF0BWfTjRYR7e1uvPEau0I61sNsp3lnMULdkgkZ9rap1sRM6ULlaRXM= ivand@nixos
+        ''
+      ];
+    };
+    extraGroups = { mlocate = { }; };
+  };
+
+  environment = {
+    systemPackages = with pkgs; [ coreutils-full fd git vim mlocate busybox bash scripts ];
+  };
+
   services = {
     openssh = {
       enable = true;
@@ -8,25 +44,5 @@
         PermitRootLogin = "prohibit-password";
       };
     };
-    minetest-server = {
-      enable = true;
-      port = 30000;
-      gameId = "mineclone2";
-    };
   };
-  networking.firewall = {
-    enable = true;
-    allowedTCPPorts = [ 30000 ];
-    allowedUDPPorts = [ 30000 ];
-  };
-  systemd = {
-    services = {
-      "serial-getty@ttyS0".enable = lib.mkForce false;
-    };
-    extraConfig = ''
-      DefaultTimeoutStartSec=900s
-    '';
-  };
-  time.timeZone = "Europe/Sofia";
-  system.stateVersion = "23.11";
 }
diff --git a/mailserver/default.nix b/mailserver/default.nix
index 32f94d9..37281a4 100644
--- a/mailserver/default.nix
+++ b/mailserver/default.nix
@@ -1,55 +1,4 @@
 { config, pkgs, ... }:
 {
-
-  imports = [ ./configuration.nix ];
-
-  nix = {
-    extraOptions = ''
-      experimental-features = nix-command flakes
-    '';
-  };
-
-  mailserver = {
-    fqdn = "mail.idimitrov.dev";
-    domains = [ "idimitrov.dev" "mail.idimitrov.dev" ];
-
-    loginAccounts = {
-      "ivan@idimitrov.dev" = {
-        hashedPassword = "$2b$05$rTVIQD98ogXeCBKdk/YufulWHqpMCAlb7SHDPlh5y8Xbukoa/uQLm";
-        aliases = [ "admin@idimitrov.dev" ];
-      };
-      "security@idimitrov.dev" = {
-        hashedPassword = "$2b$05$rTVIQD98ogXeCBKdk/YufulWHqpMCAlb7SHDPlh5y8Xbukoa/uQLm";
-      };
-    };
-
-    certificateScheme = "acme-nginx";
-    hierarchySeparator = "/";
-  };
-
-  security = {
-    acme = {
-      acceptTerms = true;
-      defaults.email = "security@idimitrov.dev";
-    };
-  };
-
-  users = {
-    users.ivand = {
-      isNormalUser = true;
-      hashedPassword =
-        "$2b$05$hPrPcewxj4qjLCRQpKBAu.FKvKZdIVlnyn4uYsWE8lc21Jhvc9jWG";
-      extraGroups = [ "wheel" "adm" "mlocate" ];
-      openssh.authorizedKeys.keys = [
-        ''
-          ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyW157tNiQdeoQsoo5AEzhyi6BvPeqEvChCxCHf3hikmFDqb6bvvlKYb9grW+fqE0HzALRwpXvPKnuUwHKPVG8HZ7NC9bT5RPMO0rFviNoxWF2PNDWG0ivPmLrQGKtCPM3aUIhSdUdlJ7ImYl34KBkUIrSmL7WlLJUvh1PtyyuVfrhpFzFxHwYwVCNO33L89lfl5PY/G9qrjlH64urt/6aWqMdHD8bZ4MHBPcnSwLMd7f0nNa0aTAJMabsfmndZhV24y7T1FUWG0dl27Q4rnpnZJWBDD1IyWIX/aN+DD6eVVWa4tRVJs6ycfw48hft0zs9zLn9mU4a2hxQ6VvfwpqZHOO8XqqOSai9Yw9Ba60iVQokQQiL91KidoSF7zD0U0szdEmylANyAntUcJ1kdu496s21IU2hjYfN/3seH5a9hBk8iPHp/eTeVUXFKh27rRWn0gc+rba1LF0BWfTjRYR7e1uvPEau0I61sNsp3lnMULdkgkZ9rap1sRM6ULlaRXM= ivand@nixos
-        ''
-      ];
-    };
-    extraGroups = { mlocate = { }; };
-  };
-
-  environment = {
-    systemPackages = with pkgs; [ coreutils-full fd git vim mlocate busybox bash scripts ];
-  };
+  imports = [ ./configuration.nix ./mailserver.nix ./roundcube.nix ./postgres.nix ];
 }
diff --git a/mailserver/mailserver.nix b/mailserver/mailserver.nix
new file mode 100644
index 0000000..cf06e0c
--- /dev/null
+++ b/mailserver/mailserver.nix
@@ -0,0 +1,19 @@
+{ config, pkgs, ... }:
+{
+  mailserver = {
+    enable = true;
+    fqdn = "mail.idimitrov.dev";
+    domains = [ "idimitrov.dev" "mail.idimitrov.dev" ];
+    loginAccounts = {
+      "ivan@idimitrov.dev" = {
+        hashedPassword = "$2b$05$rTVIQD98ogXeCBKdk/YufulWHqpMCAlb7SHDPlh5y8Xbukoa/uQLm";
+        aliases = [ "admin@idimitrov.dev" ];
+      };
+      "security@idimitrov.dev" = {
+        hashedPassword = "$2b$05$rTVIQD98ogXeCBKdk/YufulWHqpMCAlb7SHDPlh5y8Xbukoa/uQLm";
+      };
+    };
+    certificateScheme = "acme-nginx";
+    hierarchySeparator = "/";
+  };
+}
diff --git a/mailserver/postgres.nix b/mailserver/postgres.nix
new file mode 100644
index 0000000..f54876b
--- /dev/null
+++ b/mailserver/postgres.nix
@@ -0,0 +1,34 @@
+{ config, pkgs, ... }:
+{
+  services = {
+    postgresql = {
+      enable = true;
+      ensureDatabases = [ "roundcube" ];
+      ensureUsers = [
+        {
+          name = "roundcube";
+          ensurePermissions = {
+            "DATABASE \"roundcube\"" = "ALL PRIVILEGES";
+            "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
+            "ALL SEQUENCES IN SCHEMA public" = "ALL PRIVILEGES";
+            "SCHEMA public" = "ALL PRIVILEGES";
+          };
+        }
+        {
+          name = "root";
+          ensureClauses = {
+            superuser = true;
+            createrole = true;
+            createdb = true;
+          };
+        }
+      ];
+      initialScript = pkgs.writeText "init" ''
+        GRANT ALL PRIVILEGES ON DATABASE roundcube TO roundcube;
+        GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO roundcube;
+        GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO roundcube;
+        GRANT ALL PRIVILEGES ON SCHEMA public TO roundcube;
+      '';
+    };
+  };
+}
diff --git a/mailserver/roundcube.nix b/mailserver/roundcube.nix
new file mode 100644
index 0000000..11ad13e
--- /dev/null
+++ b/mailserver/roundcube.nix
@@ -0,0 +1,15 @@
+{ config, pkgs, ... }:
+{
+  services = {
+    roundcube = {
+      enable = true;
+      hostName = "${config.mailserver.fqdn}";
+      extraConfig = ''
+        $config['smtp_host'] = "tls://${config.mailserver.fqdn}";
+        $config['smtp_user'] = "%u";
+        $config['smtp_pass'] = "%p";
+      '';
+    };
+    nginx.enable = true;
+  };
+}