about summary refs log tree commit diff
path: root/configurations/manwe
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2022-11-10 14:19:19 +0300
committerAzat Bahawi <azat@bahawi.net>2022-11-10 14:19:19 +0300
commit164b2b3f693dd5da3c1b1661e43c45b36a6b764c (patch)
tree2fc9a4ab1d3b44a3eb6d686b42527a18411c240b /configurations/manwe
parent2022-10-26 (diff)
2022-11-10
Diffstat (limited to '')
-rw-r--r--configurations/manwe/mailserver.nix148
-rw-r--r--configurations/manwe/webserver.nix4
2 files changed, 77 insertions, 75 deletions
diff --git a/configurations/manwe/mailserver.nix b/configurations/manwe/mailserver.nix
index 83713f9..966c21c 100644
--- a/configurations/manwe/mailserver.nix
+++ b/configurations/manwe/mailserver.nix
@@ -7,90 +7,90 @@
 with lib; {
   imports = [inputs.simple-nixos-mailserver.nixosModule];
 
-  config = {
-    secrets = {
-      dkim-key-azahi-cc = {
-        file = "${inputs.self}/secrets/dkim-key-azahi-cc";
-        path = "/var/dkim/${my.domain.azahi}.${config.mailserver.dkimSelector}.key";
-        owner = "opendkim";
-        group = "opendkim";
-      };
-      dkim-key-rohan-net = {
-        file = "${inputs.self}/secrets/dkim-key-rohan-net";
-        path = "/var/dkim/${my.domain.rohan}.${config.mailserver.dkimSelector}.key";
-        owner = "opendkim";
-        group = "opendkim";
-      };
-      dkim-key-gondor-net = {
-        file = "${inputs.self}/secrets/dkim-key-gondor-net";
-        path = "/var/dkim/${my.domain.gondor}.${config.mailserver.dkimSelector}.key";
-        owner = "opendkim";
-        group = "opendkim";
-      };
-      dkim-key-shire-me = {
-        file = "${inputs.self}/secrets/dkim-key-shire-me";
-        path = "/var/dkim/${my.domain.shire}.${config.mailserver.dkimSelector}.key";
-        owner = "opendkim";
-        group = "opendkim";
-      };
+  secrets = {
+    dkim-key-azahi-cc = {
+      file = "${inputs.self}/secrets/dkim-key-azahi-cc";
+      path = "/var/dkim/${my.domain.azahi}.${config.mailserver.dkimSelector}.key";
+      owner = "opendkim";
+      group = "opendkim";
+    };
+    dkim-key-rohan-net = {
+      file = "${inputs.self}/secrets/dkim-key-rohan-net";
+      path = "/var/dkim/${my.domain.rohan}.${config.mailserver.dkimSelector}.key";
+      owner = "opendkim";
+      group = "opendkim";
+    };
+    dkim-key-gondor-net = {
+      file = "${inputs.self}/secrets/dkim-key-gondor-net";
+      path = "/var/dkim/${my.domain.gondor}.${config.mailserver.dkimSelector}.key";
+      owner = "opendkim";
+      group = "opendkim";
+    };
+    dkim-key-shire-me = {
+      file = "${inputs.self}/secrets/dkim-key-shire-me";
+      path = "/var/dkim/${my.domain.shire}.${config.mailserver.dkimSelector}.key";
+      owner = "opendkim";
+      group = "opendkim";
     };
+  };
 
-    nixfiles.modules.acme.enable = true;
+  nixfiles.modules.acme.enable = true;
 
-    mailserver = let
-      cert = config.certs.${my.domain.shire};
-    in {
-      enable = true;
+  mailserver = let
+    cert = config.certs.${my.domain.shire};
+  in {
+    enable = true;
 
-      fqdn = config.networking.domain;
-      domains = with my.domain; [azahi gondor rohan shire];
+    fqdn = config.networking.domain;
+    domains = with my.domain; [azahi gondor rohan shire];
 
-      localDnsResolver = false;
+    localDnsResolver = false;
 
-      certificateScheme = 1;
-      certificateFile = "${cert.directory}/fullchain.pem";
-      keyFile = "${cert.directory}/key.pem";
+    certificateScheme = 1;
+    certificateFile = "${cert.directory}/fullchain.pem";
+    keyFile = "${cert.directory}/key.pem";
 
-      lmtpSaveToDetailMailbox = "no";
+    lmtpSaveToDetailMailbox = "no";
 
-      loginAccounts = with my.domain; {
-        "azahi@${shire}" = {
-          hashedPassword = "@HASHED_PASSWORD@";
-          aliases = [
-            "@${azahi}"
-            "@${rohan}"
-            "@${gondor}"
-            "abuse@${shire}"
-            "admin@${shire}"
-            "ceo@${shire}"
-            "postmaster@${shire}"
-          ];
-        };
-        "samwise@${shire}" = {
-          hashedPassword = "@HASHED_PASSWORD@";
-          aliases = ["chad@${shire}"];
-          quota = "1G";
-        };
-        "pippin@${shire}" = {
-          hashedPassword = "@HASHED_PASSWORD@";
-          quota = "1G";
-        };
-        "meriadoc@${shire}" = {
-          hashedPassword = "@HASHED_PASSWORD@";
-          quota = "1G";
-        };
+    loginAccounts = with my.domain; {
+      "azahi@${shire}" = {
+        hashedPassword = "@HASHED_PASSWORD@";
+        aliases = [
+          "@${azahi}"
+          "@${rohan}"
+          "@${gondor}"
+          "abuse@${shire}"
+          "admin@${shire}"
+          "ceo@${shire}"
+          "postmaster@${shire}"
+        ];
+      };
+      "samwise@${shire}" = {
+        hashedPassword = "@HASHED_PASSWORD@";
+        aliases = ["chad@${shire}"];
+        quota = "1G";
+      };
+      "pippin@${shire}" = {
+        hashedPassword = "@HASHED_PASSWORD@";
+        quota = "1G";
+      };
+      "meriadoc@${shire}" = {
+        hashedPassword = "@HASHED_PASSWORD@";
+        quota = "1G";
       };
     };
+  };
 
-    services.fail2ban.jails = {
-      dovecot = ''
-        enabled = true
-        mode = aggressive
-      '';
-      postfix = ''
-        enabled = true
-        mode = aggressive
-      '';
-    };
+  services.fail2ban.jails = {
+    dovecot = ''
+      enabled = true
+      mode = aggressive
+    '';
+    postfix = ''
+      enabled = true
+      mode = aggressive
+    '';
   };
+
+  system.extraDependencies = [inputs.simple-nixos-mailserver];
 }
diff --git a/configurations/manwe/webserver.nix b/configurations/manwe/webserver.nix
index dde3e63..e1ee425 100644
--- a/configurations/manwe/webserver.nix
+++ b/configurations/manwe/webserver.nix
@@ -4,7 +4,7 @@
   ...
 }:
 with lib; {
-  config.nixfiles.modules.nginx.virtualHosts = with my.domain;
+  nixfiles.modules.nginx.virtualHosts = with my.domain;
     {
       ${shire}.locations."/".return = "301 https://www.youtube.com/watch?v=dQw4w9WgXcQ";
       "git.${shire}".locations."/".return = "301 https://git.${azahi}";
@@ -20,4 +20,6 @@ with lib; {
       ${gondor}.locations."/".return = concatStrings [frodo gondor];
       ${rohan}.locations."/".return = concatStrings [frodo rohan];
     });
+
+  system.extraDependencies = [inputs.azahi-cc];
 }

Consider giving Nix/NixOS a try! <3