ivandimitrov8080/mail.idimitrov.dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

roundcube

Browse Source
This commit is contained in:
Ivan Dimitrov 2023-11-15 16:37:04 +02:00
parent 46492ae750
commit 9241778fce
5 changed files with 106 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
mailserver/configuration.nix
View File

@ -1,6 +1,42 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
mailserver.enable = true; time.timeZone = "Europe/Sofia";
system.stateVersion = "23.11";
nix = {
extraOptions = ''
experimental-features = nix-command flakes
'';
};
security = {
acme = {
acceptTerms = true;
defaults.email = "security@idimitrov.dev";
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
users = {
users.ivand = {
isNormalUser = true;
hashedPassword =
"$2b$05$hPrPcewxj4qjLCRQpKBAu.FKvKZdIVlnyn4uYsWE8lc21Jhvc9jWG";
extraGroups = [ "wheel" "adm" "mlocate" ];
openssh.authorizedKeys.keys = [
''
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyW157tNiQdeoQsoo5AEzhyi6BvPeqEvChCxCHf3hikmFDqb6bvvlKYb9grW+fqE0HzALRwpXvPKnuUwHKPVG8HZ7NC9bT5RPMO0rFviNoxWF2PNDWG0ivPmLrQGKtCPM3aUIhSdUdlJ7ImYl34KBkUIrSmL7WlLJUvh1PtyyuVfrhpFzFxHwYwVCNO33L89lfl5PY/G9qrjlH64urt/6aWqMdHD8bZ4MHBPcnSwLMd7f0nNa0aTAJMabsfmndZhV24y7T1FUWG0dl27Q4rnpnZJWBDD1IyWIX/aN+DD6eVVWa4tRVJs6ycfw48hft0zs9zLn9mU4a2hxQ6VvfwpqZHOO8XqqOSai9Yw9Ba60iVQokQQiL91KidoSF7zD0U0szdEmylANyAntUcJ1kdu496s21IU2hjYfN/3seH5a9hBk8iPHp/eTeVUXFKh27rRWn0gc+rba1LF0BWfTjRYR7e1uvPEau0I61sNsp3lnMULdkgkZ9rap1sRM6ULlaRXM= ivand@nixos
''
];
};
extraGroups = { mlocate = { }; };
};
environment = {
systemPackages = with pkgs; [ coreutils-full fd git vim mlocate busybox bash scripts ];
};
services = { services = {
openssh = { openssh = {
enable = true; enable = true;
@ -8,25 +44,5 @@
PermitRootLogin = "prohibit-password"; PermitRootLogin = "prohibit-password";
}; };
}; };
minetest-server = {
enable = true;
port = 30000;
gameId = "mineclone2";
}; };
};
networking.firewall = {
enable = true;
allowedTCPPorts = [ 30000 ];
allowedUDPPorts = [ 30000 ];
};
systemd = {
services = {
"serial-getty@ttyS0".enable = lib.mkForce false;
};
extraConfig = ''
DefaultTimeoutStartSec=900s
'';
};
time.timeZone = "Europe/Sofia";
system.stateVersion = "23.11";
} }

53
mailserver/default.nix
View File

@ -1,55 +1,4 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = [ ./configuration.nix ./mailserver.nix ./roundcube.nix ./postgres.nix ];
imports = [ ./configuration.nix ];
nix = {
extraOptions = ''
experimental-features = nix-command flakes
'';
};
mailserver = {
fqdn = "mail.idimitrov.dev";
domains = [ "idimitrov.dev" "mail.idimitrov.dev" ];
loginAccounts = {
"ivan@idimitrov.dev" = {
hashedPassword = "$2b$05$rTVIQD98ogXeCBKdk/YufulWHqpMCAlb7SHDPlh5y8Xbukoa/uQLm";
aliases = [ "admin@idimitrov.dev" ];
};
"security@idimitrov.dev" = {
hashedPassword = "$2b$05$rTVIQD98ogXeCBKdk/YufulWHqpMCAlb7SHDPlh5y8Xbukoa/uQLm";
};
};
certificateScheme = "acme-nginx";
hierarchySeparator = "/";
};
security = {
acme = {
acceptTerms = true;
defaults.email = "security@idimitrov.dev";
};
};
users = {
users.ivand = {
isNormalUser = true;
hashedPassword =
"$2b$05$hPrPcewxj4qjLCRQpKBAu.FKvKZdIVlnyn4uYsWE8lc21Jhvc9jWG";
extraGroups = [ "wheel" "adm" "mlocate" ];
openssh.authorizedKeys.keys = [
''
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyW157tNiQdeoQsoo5AEzhyi6BvPeqEvChCxCHf3hikmFDqb6bvvlKYb9grW+fqE0HzALRwpXvPKnuUwHKPVG8HZ7NC9bT5RPMO0rFviNoxWF2PNDWG0ivPmLrQGKtCPM3aUIhSdUdlJ7ImYl34KBkUIrSmL7WlLJUvh1PtyyuVfrhpFzFxHwYwVCNO33L89lfl5PY/G9qrjlH64urt/6aWqMdHD8bZ4MHBPcnSwLMd7f0nNa0aTAJMabsfmndZhV24y7T1FUWG0dl27Q4rnpnZJWBDD1IyWIX/aN+DD6eVVWa4tRVJs6ycfw48hft0zs9zLn9mU4a2hxQ6VvfwpqZHOO8XqqOSai9Yw9Ba60iVQokQQiL91KidoSF7zD0U0szdEmylANyAntUcJ1kdu496s21IU2hjYfN/3seH5a9hBk8iPHp/eTeVUXFKh27rRWn0gc+rba1LF0BWfTjRYR7e1uvPEau0I61sNsp3lnMULdkgkZ9rap1sRM6ULlaRXM= ivand@nixos
''
];
};
extraGroups = { mlocate = { }; };
};
environment = {
systemPackages = with pkgs; [ coreutils-full fd git vim mlocate busybox bash scripts ];
};
} }

19
mailserver/mailserver.nix Normal file
View File

@ -0,0 +1,19 @@
{ config, pkgs, ... }:
{
mailserver = {
enable = true;
fqdn = "mail.idimitrov.dev";
domains = [ "idimitrov.dev" "mail.idimitrov.dev" ];
loginAccounts = {
"ivan@idimitrov.dev" = {
hashedPassword = "$2b$05$rTVIQD98ogXeCBKdk/YufulWHqpMCAlb7SHDPlh5y8Xbukoa/uQLm";
aliases = [ "admin@idimitrov.dev" ];
};
"security@idimitrov.dev" = {
hashedPassword = "$2b$05$rTVIQD98ogXeCBKdk/YufulWHqpMCAlb7SHDPlh5y8Xbukoa/uQLm";
};
};
certificateScheme = "acme-nginx";
hierarchySeparator = "/";
};
}

34
mailserver/postgres.nix Normal file
View File

@ -0,0 +1,34 @@
{ config, pkgs, ... }:
{
services = {
postgresql = {
enable = true;
ensureDatabases = [ "roundcube" ];
ensureUsers = [
{
name = "roundcube";
ensurePermissions = {
"DATABASE \"roundcube\"" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
"ALL SEQUENCES IN SCHEMA public" = "ALL PRIVILEGES";
"SCHEMA public" = "ALL PRIVILEGES";
};
}
{
name = "root";
ensureClauses = {
superuser = true;
createrole = true;
createdb = true;
};
}
];
initialScript = pkgs.writeText "init" ''
GRANT ALL PRIVILEGES ON DATABASE roundcube TO roundcube;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO roundcube;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO roundcube;
GRANT ALL PRIVILEGES ON SCHEMA public TO roundcube;
'';
};
};
}

15
mailserver/roundcube.nix Normal file
View File

@ -0,0 +1,15 @@
{ config, pkgs, ... }:
{
services = {
roundcube = {
enable = true;
hostName = "${config.mailserver.fqdn}";
extraConfig = ''
$config['smtp_host'] = "tls://${config.mailserver.fqdn}";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
};
nginx.enable = true;
};
}