diff options
| author | Azat Bahawi <azat@bahawi.net> | 2024-05-01 03:36:55 +0300 |
|---|---|---|
| committer | Azat Bahawi <azat@bahawi.net> | 2024-05-01 03:36:55 +0300 |
| commit | 9a20404924fda2587ce4f9769f75369799f34643 (patch) | |
| tree | a953941a22d6c031e67b267e35a11db72bdd25e3 /nixosConfigurations/manwe | |
| parent | c1353bb04b594a8b11fa7e28dbf29d0a6cb08275 (diff) | |
2024-05-01
Diffstat (limited to 'nixosConfigurations/manwe')
| -rw-r--r-- | nixosConfigurations/manwe/default.nix | 76 | ||||
| -rw-r--r-- | nixosConfigurations/manwe/mailserver/default.nix | 113 | ||||
| -rw-r--r-- | nixosConfigurations/manwe/webserver.nix | 109 |
3 files changed, 0 insertions, 298 deletions
diff --git a/nixosConfigurations/manwe/default.nix b/nixosConfigurations/manwe/default.nix deleted file mode 100644 index 3707440..0000000 --- a/nixosConfigurations/manwe/default.nix +++ /dev/null @@ -1,76 +0,0 @@ -{ config, lib, ... }: -with lib; -{ - imports = attrValues (modulesIn ./.); - - nixfiles.modules = { - nsd = { - enable = true; - fqdn = "ns1.${config.networking.domain}"; - }; - unbound.enable = true; - - wireguard.server.enable = true; - - acme.enable = true; - - monitoring.enable = true; - - postgresql.enable = true; - clickhouse.enable = true; - - git.server = { - enable = true; - domain = "git.${my.domain.azahi}"; - }; - - matrix.dendrite = { - enable = true; - domain = my.domain.azahi; - }; - murmur.enable = true; - radicale.enable = true; - rss-bridge.enable = true; - shadowsocks.enable = true; - soju = { - enable = true; - domain = my.domain.azahi; - }; - vaultwarden.enable = true; - ntfy.enable = true; - plausible.enable = true; - }; - - boot = { - loader.grub = { - enable = true; - device = "/dev/sda"; - }; - - initrd.availableKernelModules = [ - "virtio_pci" - "virtio_scsi" - ]; - }; - - fileSystems = { - "/" = { - device = "/dev/sda2"; - fsType = "xfs"; - options = [ "noatime" ]; - }; - - "/boot" = { - device = "/dev/sda1"; - fsType = "xfs"; - options = [ "noatime" ]; - }; - }; - - swapDevices = [ { device = "/dev/sda3"; } ]; - - zramSwap = { - enable = true; - memoryPercent = 25; - }; -} diff --git a/nixosConfigurations/manwe/mailserver/default.nix b/nixosConfigurations/manwe/mailserver/default.nix deleted file mode 100644 index cc8b41d..0000000 --- a/nixosConfigurations/manwe/mailserver/default.nix +++ /dev/null @@ -1,113 +0,0 @@ -{ - config, - inputs, - lib, - ... -}: -with lib; -{ - imports = [ inputs.mailserver.nixosModule ] ++ attrValues (modulesIn ./.); - - ark.directories = with config.mailserver; [ - "/var/lib/dovecot" - "/var/lib/postfix" - config.security.dhparams.params.dovecot2.path - dkimKeyDirectory - mailDirectory - sieveDirectory - ]; - - secrets = with config.mailserver; { - dkim-key-azahi-cc = { - file = "${inputs.self}/secrets/dkim-key-azahi-cc"; - path = "${dkimKeyDirectory}/${my.domain.azahi}.${dkimSelector}.key"; - owner = config.services.opendkim.user; - inherit (config.services.opendkim) group; - }; - dkim-key-rohan-net = { - file = "${inputs.self}/secrets/dkim-key-rohan-net"; - path = "${dkimKeyDirectory}/${my.domain.rohan}.${dkimSelector}.key"; - owner = config.services.opendkim.user; - inherit (config.services.opendkim) group; - }; - dkim-key-gondor-net = { - file = "${inputs.self}/secrets/dkim-key-gondor-net"; - path = "${dkimKeyDirectory}/${my.domain.gondor}.${dkimSelector}.key"; - owner = config.services.opendkim.user; - inherit (config.services.opendkim) group; - }; - dkim-key-shire-net = { - file = "${inputs.self}/secrets/dkim-key-shire-net"; - path = "${dkimKeyDirectory}/${my.domain.shire}.${dkimSelector}.key"; - owner = config.services.opendkim.user; - inherit (config.services.opendkim) group; - }; - }; - - nixfiles.modules = { - acme.enable = true; - redis.enable = true; - }; - - mailserver = - let - cert = config.certs.${my.domain.shire}; - in - { - enable = true; - - # Disable potentially insecure[1] STARTTLS connections. SSL-only connections - # are still enabled by default. - # - # [1]: https://www.rfc-editor.org/rfc/rfc3207#section-6 - enableImap = false; - enablePop3 = false; - enableSubmission = false; - - fqdn = config.networking.domain; - domains = with my.domain; [ - azahi - gondor - rohan - shire - ]; - - localDnsResolver = false; - - certificateScheme = "manual"; - certificateFile = "${cert.directory}/fullchain.pem"; - keyFile = "${cert.directory}/key.pem"; - - lmtpSaveToDetailMailbox = "no"; - - redis = with config.services.redis.servers.default; { - address = bind; - inherit port; - password = requirePass; - }; - }; - - services = { - fail2ban.jails = { - dovecot = { - enabled = true; - settings.mode = "aggressive"; - }; - postfix = { - enabled = true; - settings.mode = "aggressive"; - }; - }; - - # https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/275#note_1746383655 - dovecot2.sieve.extensions = [ "fileinto" ]; - - # https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/241 - redis.servers.rspamd.enable = mkForce false; - }; - - systemd.services.rspamd = { - requires = mkForce [ "redis-default.service" ]; - after = mkForce [ "redis-default.service" ]; - }; -} diff --git a/nixosConfigurations/manwe/webserver.nix b/nixosConfigurations/manwe/webserver.nix deleted file mode 100644 index 95a0b0b..0000000 --- a/nixosConfigurations/manwe/webserver.nix +++ /dev/null @@ -1,109 +0,0 @@ -{ - inputs, - lib, - libNginx, - libPlausible, - ... -}: -with lib; -{ - nixfiles.modules.nginx = { - enable = true; - virtualHosts = - with my.domain; - { - # TODO Start using this. - # "start.local" = { - # root = pkgs.hiccup; - # locations = { - # "/".tryFiles = "$uri $uri/ /index.html"; - # "~* ^.+config.json$".extraConfig = let - # config = pkgs.writeText "config.json" (generators.toJSON {} { - # version = "2.0"; - # id = "default"; - # title = "Demo Config"; - # url = "./configs/config.json"; - # featured = [ - # { - # name = "GitHub"; - # background = "/assets/card.png"; - # link = "https://github.com/ashwin-pc/hiccup"; - # } - # ]; - # categories = [ - # { - # title = "Category 1"; - # links = [ - # { - # name = "Link 1"; - # link = "https://example.com"; - # } - # ]; - # } - # { - # title = "Category 2"; - # links = [ - # { - # name = "Link 1"; - # link = "https://example.com"; - # } - # ]; - # } - # { - # title = "Category 3"; - # links = [ - # { - # name = "Link 1"; - # link = "https://example.com"; - # } - # ]; - # } - # { - # title = "Category 4"; - # links = [ - # { - # name = "Link 1"; - # link = "https://example.com"; - # } - # ]; - # } - # ]; - # }); - # in '' - # alias ${config}; - # ''; - # }; - # enableACME = false; - # forceSSL = false; - # }; - ${shire}.locations."/".return = "301 https://www.youtube.com/watch?v=dQw4w9WgXcQ"; - "git.${shire}".locations."/".return = "301 https://git.${azahi}"; - "bitwarden.${shire}".locations."/".return = "301 https://vaultwarden.${shire}"; - ${azahi} = { - serverAliases = [ - "frodo.${gondor}" - "frodo.${rohan}" - ]; - locations."/" = { - root = inputs.azahi-cc; - extraConfig = libNginx.config.appendHead [ (libPlausible.htmlPlausibleScript { domain = azahi; }) ]; - }; - }; - } - // ( - let - frodo = "301 https://frodo."; - in - { - ${gondor}.locations."/".return = concatStrings [ - frodo - gondor - ]; - ${rohan}.locations."/".return = concatStrings [ - frodo - rohan - ]; - } - ); - }; -} |