diff options
author | Azat Bahawi <azat@bahawi.net> | 2022-12-17 16:39:09 +0300 |
---|---|---|
committer | Azat Bahawi <azat@bahawi.net> | 2022-12-17 16:39:09 +0300 |
commit | 8f137c28230623259a964484adcf31fe00756594 (patch) | |
tree | 82bce6a13fda125087cf6d9dc80aa91d9230d6c4 /configurations/manwe | |
parent | 2022-11-20 (diff) |
2022-12-17
Diffstat (limited to 'configurations/manwe')
-rw-r--r-- | configurations/manwe/default.nix | 88 | ||||
-rw-r--r-- | configurations/manwe/mailserver.nix | 96 | ||||
-rw-r--r-- | configurations/manwe/webserver.nix | 25 |
3 files changed, 0 insertions, 209 deletions
diff --git a/configurations/manwe/default.nix b/configurations/manwe/default.nix deleted file mode 100644 index b8dd324..0000000 --- a/configurations/manwe/default.nix +++ /dev/null @@ -1,88 +0,0 @@ -{ - config, - lib, - this, - ... -}: -with lib; { - imports = [ - ./mailserver.nix - ./webserver.nix - ]; - - nixfiles.modules = { - nsd = { - enable = true; - fqdn = "ns1.${config.networking.domain}"; - }; - unbound.enable = true; - - wireguard.server.enable = true; - - acme.enable = true; - - monitoring.enable = true; - - postgresql.enable = true; - - git.server = { - enable = true; - domain = "git.${my.domain.azahi}"; - }; - - gotify.enable = true; - matrix.dendrite = { - enable = true; - domain = my.domain.azahi; - }; - radicale.enable = true; - rss-bridge.enable = true; - shadowsocks.enable = true; - soju = { - enable = true; - domain = my.domain.azahi; - }; - vaultwarden.enable = true; - }; - - boot = { - loader.grub = { - enable = true; - device = "/dev/sda"; - }; - - initrd.availableKernelModules = [ - "ata_piix" - "sd_mod" - "sr_mod" - "uhci_hcd" - "virtio_pci" - "virtio_scsi" - ]; - }; - - fileSystems = { - "/boot" = { - device = "/dev/sda1"; - fsType = "xfs"; - options = ["noatime"]; - }; - - "/" = { - device = "/dev/sda2"; - fsType = "xfs"; - options = ["noatime"]; - }; - }; - - swapDevices = [ - { - device = "/dev/sda3"; - } - ]; - - zramSwap = { - enable = true; - memoryPercent = 25; - }; -} diff --git a/configurations/manwe/mailserver.nix b/configurations/manwe/mailserver.nix deleted file mode 100644 index 966c21c..0000000 --- a/configurations/manwe/mailserver.nix +++ /dev/null @@ -1,96 +0,0 @@ -{ - config, - inputs, - lib, - ... -}: -with lib; { - imports = [inputs.simple-nixos-mailserver.nixosModule]; - - secrets = { - dkim-key-azahi-cc = { - file = "${inputs.self}/secrets/dkim-key-azahi-cc"; - path = "/var/dkim/${my.domain.azahi}.${config.mailserver.dkimSelector}.key"; - owner = "opendkim"; - group = "opendkim"; - }; - dkim-key-rohan-net = { - file = "${inputs.self}/secrets/dkim-key-rohan-net"; - path = "/var/dkim/${my.domain.rohan}.${config.mailserver.dkimSelector}.key"; - owner = "opendkim"; - group = "opendkim"; - }; - dkim-key-gondor-net = { - file = "${inputs.self}/secrets/dkim-key-gondor-net"; - path = "/var/dkim/${my.domain.gondor}.${config.mailserver.dkimSelector}.key"; - owner = "opendkim"; - group = "opendkim"; - }; - dkim-key-shire-me = { - file = "${inputs.self}/secrets/dkim-key-shire-me"; - path = "/var/dkim/${my.domain.shire}.${config.mailserver.dkimSelector}.key"; - owner = "opendkim"; - group = "opendkim"; - }; - }; - - nixfiles.modules.acme.enable = true; - - mailserver = let - cert = config.certs.${my.domain.shire}; - in { - enable = true; - - fqdn = config.networking.domain; - domains = with my.domain; [azahi gondor rohan shire]; - - localDnsResolver = false; - - certificateScheme = 1; - certificateFile = "${cert.directory}/fullchain.pem"; - keyFile = "${cert.directory}/key.pem"; - - lmtpSaveToDetailMailbox = "no"; - - loginAccounts = with my.domain; { - "azahi@${shire}" = { - hashedPassword = "@HASHED_PASSWORD@"; - aliases = [ - "@${azahi}" - "@${rohan}" - "@${gondor}" - "abuse@${shire}" - "admin@${shire}" - "ceo@${shire}" - "postmaster@${shire}" - ]; - }; - "samwise@${shire}" = { - hashedPassword = "@HASHED_PASSWORD@"; - aliases = ["chad@${shire}"]; - quota = "1G"; - }; - "pippin@${shire}" = { - hashedPassword = "@HASHED_PASSWORD@"; - quota = "1G"; - }; - "meriadoc@${shire}" = { - hashedPassword = "@HASHED_PASSWORD@"; - quota = "1G"; - }; - }; - }; - - services.fail2ban.jails = { - dovecot = '' - enabled = true - mode = aggressive - ''; - postfix = '' - enabled = true - mode = aggressive - ''; - }; - - system.extraDependencies = [inputs.simple-nixos-mailserver]; -} diff --git a/configurations/manwe/webserver.nix b/configurations/manwe/webserver.nix deleted file mode 100644 index e1ee425..0000000 --- a/configurations/manwe/webserver.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - inputs, - lib, - ... -}: -with lib; { - nixfiles.modules.nginx.virtualHosts = with my.domain; - { - ${shire}.locations."/".return = "301 https://www.youtube.com/watch?v=dQw4w9WgXcQ"; - "git.${shire}".locations."/".return = "301 https://git.${azahi}"; - "bitwarden.${shire}".locations."/".return = "301 https://vaultwarden.${shire}"; - ${azahi} = { - serverAliases = ["frodo.${gondor}" "frodo.${rohan}"]; - locations."/".root = inputs.azahi-cc; - }; - } - // (let - frodo = "301 https://frodo."; - in { - ${gondor}.locations."/".return = concatStrings [frodo gondor]; - ${rohan}.locations."/".return = concatStrings [frodo rohan]; - }); - - system.extraDependencies = [inputs.azahi-cc]; -} |