about summary refs log tree commit diff
path: root/configurations/manwe
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2022-12-17 16:39:09 +0300
committerAzat Bahawi <azat@bahawi.net>2022-12-17 16:39:09 +0300
commit8f137c28230623259a964484adcf31fe00756594 (patch)
tree82bce6a13fda125087cf6d9dc80aa91d9230d6c4 /configurations/manwe
parent2022-11-20 (diff)
2022-12-17
Diffstat (limited to 'configurations/manwe')
-rw-r--r--configurations/manwe/default.nix88
-rw-r--r--configurations/manwe/mailserver.nix96
-rw-r--r--configurations/manwe/webserver.nix25
3 files changed, 0 insertions, 209 deletions
diff --git a/configurations/manwe/default.nix b/configurations/manwe/default.nix
deleted file mode 100644
index b8dd324..0000000
--- a/configurations/manwe/default.nix
+++ /dev/null
@@ -1,88 +0,0 @@
-{
-  config,
-  lib,
-  this,
-  ...
-}:
-with lib; {
-  imports = [
-    ./mailserver.nix
-    ./webserver.nix
-  ];
-
-  nixfiles.modules = {
-    nsd = {
-      enable = true;
-      fqdn = "ns1.${config.networking.domain}";
-    };
-    unbound.enable = true;
-
-    wireguard.server.enable = true;
-
-    acme.enable = true;
-
-    monitoring.enable = true;
-
-    postgresql.enable = true;
-
-    git.server = {
-      enable = true;
-      domain = "git.${my.domain.azahi}";
-    };
-
-    gotify.enable = true;
-    matrix.dendrite = {
-      enable = true;
-      domain = my.domain.azahi;
-    };
-    radicale.enable = true;
-    rss-bridge.enable = true;
-    shadowsocks.enable = true;
-    soju = {
-      enable = true;
-      domain = my.domain.azahi;
-    };
-    vaultwarden.enable = true;
-  };
-
-  boot = {
-    loader.grub = {
-      enable = true;
-      device = "/dev/sda";
-    };
-
-    initrd.availableKernelModules = [
-      "ata_piix"
-      "sd_mod"
-      "sr_mod"
-      "uhci_hcd"
-      "virtio_pci"
-      "virtio_scsi"
-    ];
-  };
-
-  fileSystems = {
-    "/boot" = {
-      device = "/dev/sda1";
-      fsType = "xfs";
-      options = ["noatime"];
-    };
-
-    "/" = {
-      device = "/dev/sda2";
-      fsType = "xfs";
-      options = ["noatime"];
-    };
-  };
-
-  swapDevices = [
-    {
-      device = "/dev/sda3";
-    }
-  ];
-
-  zramSwap = {
-    enable = true;
-    memoryPercent = 25;
-  };
-}
diff --git a/configurations/manwe/mailserver.nix b/configurations/manwe/mailserver.nix
deleted file mode 100644
index 966c21c..0000000
--- a/configurations/manwe/mailserver.nix
+++ /dev/null
@@ -1,96 +0,0 @@
-{
-  config,
-  inputs,
-  lib,
-  ...
-}:
-with lib; {
-  imports = [inputs.simple-nixos-mailserver.nixosModule];
-
-  secrets = {
-    dkim-key-azahi-cc = {
-      file = "${inputs.self}/secrets/dkim-key-azahi-cc";
-      path = "/var/dkim/${my.domain.azahi}.${config.mailserver.dkimSelector}.key";
-      owner = "opendkim";
-      group = "opendkim";
-    };
-    dkim-key-rohan-net = {
-      file = "${inputs.self}/secrets/dkim-key-rohan-net";
-      path = "/var/dkim/${my.domain.rohan}.${config.mailserver.dkimSelector}.key";
-      owner = "opendkim";
-      group = "opendkim";
-    };
-    dkim-key-gondor-net = {
-      file = "${inputs.self}/secrets/dkim-key-gondor-net";
-      path = "/var/dkim/${my.domain.gondor}.${config.mailserver.dkimSelector}.key";
-      owner = "opendkim";
-      group = "opendkim";
-    };
-    dkim-key-shire-me = {
-      file = "${inputs.self}/secrets/dkim-key-shire-me";
-      path = "/var/dkim/${my.domain.shire}.${config.mailserver.dkimSelector}.key";
-      owner = "opendkim";
-      group = "opendkim";
-    };
-  };
-
-  nixfiles.modules.acme.enable = true;
-
-  mailserver = let
-    cert = config.certs.${my.domain.shire};
-  in {
-    enable = true;
-
-    fqdn = config.networking.domain;
-    domains = with my.domain; [azahi gondor rohan shire];
-
-    localDnsResolver = false;
-
-    certificateScheme = 1;
-    certificateFile = "${cert.directory}/fullchain.pem";
-    keyFile = "${cert.directory}/key.pem";
-
-    lmtpSaveToDetailMailbox = "no";
-
-    loginAccounts = with my.domain; {
-      "azahi@${shire}" = {
-        hashedPassword = "@HASHED_PASSWORD@";
-        aliases = [
-          "@${azahi}"
-          "@${rohan}"
-          "@${gondor}"
-          "abuse@${shire}"
-          "admin@${shire}"
-          "ceo@${shire}"
-          "postmaster@${shire}"
-        ];
-      };
-      "samwise@${shire}" = {
-        hashedPassword = "@HASHED_PASSWORD@";
-        aliases = ["chad@${shire}"];
-        quota = "1G";
-      };
-      "pippin@${shire}" = {
-        hashedPassword = "@HASHED_PASSWORD@";
-        quota = "1G";
-      };
-      "meriadoc@${shire}" = {
-        hashedPassword = "@HASHED_PASSWORD@";
-        quota = "1G";
-      };
-    };
-  };
-
-  services.fail2ban.jails = {
-    dovecot = ''
-      enabled = true
-      mode = aggressive
-    '';
-    postfix = ''
-      enabled = true
-      mode = aggressive
-    '';
-  };
-
-  system.extraDependencies = [inputs.simple-nixos-mailserver];
-}
diff --git a/configurations/manwe/webserver.nix b/configurations/manwe/webserver.nix
deleted file mode 100644
index e1ee425..0000000
--- a/configurations/manwe/webserver.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{
-  inputs,
-  lib,
-  ...
-}:
-with lib; {
-  nixfiles.modules.nginx.virtualHosts = with my.domain;
-    {
-      ${shire}.locations."/".return = "301 https://www.youtube.com/watch?v=dQw4w9WgXcQ";
-      "git.${shire}".locations."/".return = "301 https://git.${azahi}";
-      "bitwarden.${shire}".locations."/".return = "301 https://vaultwarden.${shire}";
-      ${azahi} = {
-        serverAliases = ["frodo.${gondor}" "frodo.${rohan}"];
-        locations."/".root = inputs.azahi-cc;
-      };
-    }
-    // (let
-      frodo = "301 https://frodo.";
-    in {
-      ${gondor}.locations."/".return = concatStrings [frodo gondor];
-      ${rohan}.locations."/".return = concatStrings [frodo rohan];
-    });
-
-  system.extraDependencies = [inputs.azahi-cc];
-}

Consider giving Nix/NixOS a try! <3