about summary refs log tree commit diff
path: root/nixosConfigurations/manwe
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2024-05-01 03:36:55 +0300
committerAzat Bahawi <azat@bahawi.net>2024-05-01 03:36:55 +0300
commit9a20404924fda2587ce4f9769f75369799f34643 (patch)
treea953941a22d6c031e67b267e35a11db72bdd25e3 /nixosConfigurations/manwe
parent2024-04-29 (diff)
2024-05-01
Diffstat (limited to 'nixosConfigurations/manwe')
-rw-r--r--nixosConfigurations/manwe/default.nix76
-rw-r--r--nixosConfigurations/manwe/mailserver/default.nix113
-rw-r--r--nixosConfigurations/manwe/webserver.nix109
3 files changed, 0 insertions, 298 deletions
diff --git a/nixosConfigurations/manwe/default.nix b/nixosConfigurations/manwe/default.nix
deleted file mode 100644
index 3707440..0000000
--- a/nixosConfigurations/manwe/default.nix
+++ /dev/null
@@ -1,76 +0,0 @@
-{ config, lib, ... }:
-with lib;
-{
-  imports = attrValues (modulesIn ./.);
-
-  nixfiles.modules = {
-    nsd = {
-      enable = true;
-      fqdn = "ns1.${config.networking.domain}";
-    };
-    unbound.enable = true;
-
-    wireguard.server.enable = true;
-
-    acme.enable = true;
-
-    monitoring.enable = true;
-
-    postgresql.enable = true;
-    clickhouse.enable = true;
-
-    git.server = {
-      enable = true;
-      domain = "git.${my.domain.azahi}";
-    };
-
-    matrix.dendrite = {
-      enable = true;
-      domain = my.domain.azahi;
-    };
-    murmur.enable = true;
-    radicale.enable = true;
-    rss-bridge.enable = true;
-    shadowsocks.enable = true;
-    soju = {
-      enable = true;
-      domain = my.domain.azahi;
-    };
-    vaultwarden.enable = true;
-    ntfy.enable = true;
-    plausible.enable = true;
-  };
-
-  boot = {
-    loader.grub = {
-      enable = true;
-      device = "/dev/sda";
-    };
-
-    initrd.availableKernelModules = [
-      "virtio_pci"
-      "virtio_scsi"
-    ];
-  };
-
-  fileSystems = {
-    "/" = {
-      device = "/dev/sda2";
-      fsType = "xfs";
-      options = [ "noatime" ];
-    };
-
-    "/boot" = {
-      device = "/dev/sda1";
-      fsType = "xfs";
-      options = [ "noatime" ];
-    };
-  };
-
-  swapDevices = [ { device = "/dev/sda3"; } ];
-
-  zramSwap = {
-    enable = true;
-    memoryPercent = 25;
-  };
-}
diff --git a/nixosConfigurations/manwe/mailserver/default.nix b/nixosConfigurations/manwe/mailserver/default.nix
deleted file mode 100644
index cc8b41d..0000000
--- a/nixosConfigurations/manwe/mailserver/default.nix
+++ /dev/null
@@ -1,113 +0,0 @@
-{
-  config,
-  inputs,
-  lib,
-  ...
-}:
-with lib;
-{
-  imports = [ inputs.mailserver.nixosModule ] ++ attrValues (modulesIn ./.);
-
-  ark.directories = with config.mailserver; [
-    "/var/lib/dovecot"
-    "/var/lib/postfix"
-    config.security.dhparams.params.dovecot2.path
-    dkimKeyDirectory
-    mailDirectory
-    sieveDirectory
-  ];
-
-  secrets = with config.mailserver; {
-    dkim-key-azahi-cc = {
-      file = "${inputs.self}/secrets/dkim-key-azahi-cc";
-      path = "${dkimKeyDirectory}/${my.domain.azahi}.${dkimSelector}.key";
-      owner = config.services.opendkim.user;
-      inherit (config.services.opendkim) group;
-    };
-    dkim-key-rohan-net = {
-      file = "${inputs.self}/secrets/dkim-key-rohan-net";
-      path = "${dkimKeyDirectory}/${my.domain.rohan}.${dkimSelector}.key";
-      owner = config.services.opendkim.user;
-      inherit (config.services.opendkim) group;
-    };
-    dkim-key-gondor-net = {
-      file = "${inputs.self}/secrets/dkim-key-gondor-net";
-      path = "${dkimKeyDirectory}/${my.domain.gondor}.${dkimSelector}.key";
-      owner = config.services.opendkim.user;
-      inherit (config.services.opendkim) group;
-    };
-    dkim-key-shire-net = {
-      file = "${inputs.self}/secrets/dkim-key-shire-net";
-      path = "${dkimKeyDirectory}/${my.domain.shire}.${dkimSelector}.key";
-      owner = config.services.opendkim.user;
-      inherit (config.services.opendkim) group;
-    };
-  };
-
-  nixfiles.modules = {
-    acme.enable = true;
-    redis.enable = true;
-  };
-
-  mailserver =
-    let
-      cert = config.certs.${my.domain.shire};
-    in
-    {
-      enable = true;
-
-      # Disable potentially insecure[1] STARTTLS connections. SSL-only connections
-      # are still enabled by default.
-      #
-      # [1]: https://www.rfc-editor.org/rfc/rfc3207#section-6
-      enableImap = false;
-      enablePop3 = false;
-      enableSubmission = false;
-
-      fqdn = config.networking.domain;
-      domains = with my.domain; [
-        azahi
-        gondor
-        rohan
-        shire
-      ];
-
-      localDnsResolver = false;
-
-      certificateScheme = "manual";
-      certificateFile = "${cert.directory}/fullchain.pem";
-      keyFile = "${cert.directory}/key.pem";
-
-      lmtpSaveToDetailMailbox = "no";
-
-      redis = with config.services.redis.servers.default; {
-        address = bind;
-        inherit port;
-        password = requirePass;
-      };
-    };
-
-  services = {
-    fail2ban.jails = {
-      dovecot = {
-        enabled = true;
-        settings.mode = "aggressive";
-      };
-      postfix = {
-        enabled = true;
-        settings.mode = "aggressive";
-      };
-    };
-
-    # https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/275#note_1746383655
-    dovecot2.sieve.extensions = [ "fileinto" ];
-
-    # https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/241
-    redis.servers.rspamd.enable = mkForce false;
-  };
-
-  systemd.services.rspamd = {
-    requires = mkForce [ "redis-default.service" ];
-    after = mkForce [ "redis-default.service" ];
-  };
-}
diff --git a/nixosConfigurations/manwe/webserver.nix b/nixosConfigurations/manwe/webserver.nix
deleted file mode 100644
index 95a0b0b..0000000
--- a/nixosConfigurations/manwe/webserver.nix
+++ /dev/null
@@ -1,109 +0,0 @@
-{
-  inputs,
-  lib,
-  libNginx,
-  libPlausible,
-  ...
-}:
-with lib;
-{
-  nixfiles.modules.nginx = {
-    enable = true;
-    virtualHosts =
-      with my.domain;
-      {
-        # TODO Start using this.
-        # "start.local" = {
-        #   root = pkgs.hiccup;
-        #   locations = {
-        #     "/".tryFiles = "$uri $uri/ /index.html";
-        #     "~* ^.+config.json$".extraConfig = let
-        #       config = pkgs.writeText "config.json" (generators.toJSON {} {
-        #         version = "2.0";
-        #         id = "default";
-        #         title = "Demo Config";
-        #         url = "./configs/config.json";
-        #         featured = [
-        #           {
-        #             name = "GitHub";
-        #             background = "/assets/card.png";
-        #             link = "https://github.com/ashwin-pc/hiccup";
-        #           }
-        #         ];
-        #         categories = [
-        #           {
-        #             title = "Category 1";
-        #             links = [
-        #               {
-        #                 name = "Link 1";
-        #                 link = "https://example.com";
-        #               }
-        #             ];
-        #           }
-        #           {
-        #             title = "Category 2";
-        #             links = [
-        #               {
-        #                 name = "Link 1";
-        #                 link = "https://example.com";
-        #               }
-        #             ];
-        #           }
-        #           {
-        #             title = "Category 3";
-        #             links = [
-        #               {
-        #                 name = "Link 1";
-        #                 link = "https://example.com";
-        #               }
-        #             ];
-        #           }
-        #           {
-        #             title = "Category 4";
-        #             links = [
-        #               {
-        #                 name = "Link 1";
-        #                 link = "https://example.com";
-        #               }
-        #             ];
-        #           }
-        #         ];
-        #       });
-        #     in ''
-        #       alias ${config};
-        #     '';
-        #   };
-        #   enableACME = false;
-        #   forceSSL = false;
-        # };
-        ${shire}.locations."/".return = "301 https://www.youtube.com/watch?v=dQw4w9WgXcQ";
-        "git.${shire}".locations."/".return = "301 https://git.${azahi}";
-        "bitwarden.${shire}".locations."/".return = "301 https://vaultwarden.${shire}";
-        ${azahi} = {
-          serverAliases = [
-            "frodo.${gondor}"
-            "frodo.${rohan}"
-          ];
-          locations."/" = {
-            root = inputs.azahi-cc;
-            extraConfig = libNginx.config.appendHead [ (libPlausible.htmlPlausibleScript { domain = azahi; }) ];
-          };
-        };
-      }
-      // (
-        let
-          frodo = "301 https://frodo.";
-        in
-        {
-          ${gondor}.locations."/".return = concatStrings [
-            frodo
-            gondor
-          ];
-          ${rohan}.locations."/".return = concatStrings [
-            frodo
-            rohan
-          ];
-        }
-      );
-  };
-}

Consider giving Nix/NixOS a try! <3