about summary refs log tree commit diff
path: root/nixosConfigurations/manwe
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2024-03-31 21:29:27 +0300
committerAzat Bahawi <azat@bahawi.net>2024-03-31 21:29:27 +0300
commit9a5427e3a0c0ccf2a82dc503149a26b23fbd6004 (patch)
treef28beec29deeea36038615a8fb98a810891940b5 /nixosConfigurations/manwe
parent2024-03-19 (diff)
2024-03-31
Diffstat (limited to 'nixosConfigurations/manwe')
-rw-r--r--nixosConfigurations/manwe/default.nix17
-rw-r--r--nixosConfigurations/manwe/mailserver/default.nix72
-rw-r--r--nixosConfigurations/manwe/webserver.nix36
3 files changed, 69 insertions, 56 deletions
diff --git a/nixosConfigurations/manwe/default.nix b/nixosConfigurations/manwe/default.nix
index 5a2fffd..e7edbf9 100644
--- a/nixosConfigurations/manwe/default.nix
+++ b/nixosConfigurations/manwe/default.nix
@@ -1,9 +1,6 @@
+{ config, lib, ... }:
+with lib;
 {
-  config,
-  lib,
-  ...
-}:
-with lib; {
   imports = [
     ./mailserver
     ./webserver.nix
@@ -64,21 +61,17 @@ with lib; {
     "/" = {
       device = "/dev/sda2";
       fsType = "xfs";
-      options = ["noatime"];
+      options = [ "noatime" ];
     };
 
     "/boot" = {
       device = "/dev/sda1";
       fsType = "xfs";
-      options = ["noatime"];
+      options = [ "noatime" ];
     };
   };
 
-  swapDevices = [
-    {
-      device = "/dev/sda3";
-    }
-  ];
+  swapDevices = [ { device = "/dev/sda3"; } ];
 
   zramSwap = {
     enable = true;
diff --git a/nixosConfigurations/manwe/mailserver/default.nix b/nixosConfigurations/manwe/mailserver/default.nix
index 56dabce..822de6f 100644
--- a/nixosConfigurations/manwe/mailserver/default.nix
+++ b/nixosConfigurations/manwe/mailserver/default.nix
@@ -4,8 +4,9 @@
   lib,
   ...
 }:
-with lib; {
-  imports = [inputs.mailserver.nixosModule];
+with lib;
+{
+  imports = [ inputs.mailserver.nixosModule ];
 
   ark.directories = with config.mailserver; [
     "/var/lib/dovecot"
@@ -48,40 +49,47 @@ with lib; {
     redis.enable = true;
   };
 
-  mailserver = let
-    cert = config.certs.${my.domain.shire};
-  in {
-    enable = true;
+  mailserver =
+    let
+      cert = config.certs.${my.domain.shire};
+    in
+    {
+      enable = true;
 
-    # Disable potentially insecure[1] STARTTLS connections. SSL-only connections
-    # are still enabled by default.
-    #
-    # [1]: https://www.rfc-editor.org/rfc/rfc3207#section-6
-    enableImap = false;
-    enablePop3 = false;
-    enableSubmission = false;
+      # Disable potentially insecure[1] STARTTLS connections. SSL-only connections
+      # are still enabled by default.
+      #
+      # [1]: https://www.rfc-editor.org/rfc/rfc3207#section-6
+      enableImap = false;
+      enablePop3 = false;
+      enableSubmission = false;
 
-    fqdn = config.networking.domain;
-    domains = with my.domain; [azahi gondor rohan shire];
+      fqdn = config.networking.domain;
+      domains = with my.domain; [
+        azahi
+        gondor
+        rohan
+        shire
+      ];
 
-    localDnsResolver = false;
+      localDnsResolver = false;
 
-    certificateScheme = "manual";
-    certificateFile = "${cert.directory}/fullchain.pem";
-    keyFile = "${cert.directory}/key.pem";
+      certificateScheme = "manual";
+      certificateFile = "${cert.directory}/fullchain.pem";
+      keyFile = "${cert.directory}/key.pem";
 
-    lmtpSaveToDetailMailbox = "no";
+      lmtpSaveToDetailMailbox = "no";
 
-    redis = with config.services.redis.servers.default; {
-      address = bind;
-      inherit port;
-      password = requirePass;
-    };
+      redis = with config.services.redis.servers.default; {
+        address = bind;
+        inherit port;
+        password = requirePass;
+      };
 
-    # Just a list of accounts with aliases and hasedPasswords. Not necessarily
-    # secret, but kept from prying eyes.
-    loginAccounts = import ./hidden.nix lib;
-  };
+      # Just a list of accounts with aliases and hasedPasswords. Not necessarily
+      # secret, but kept from prying eyes.
+      loginAccounts = import ./hidden.nix lib;
+    };
 
   services = {
     fail2ban.jails = {
@@ -96,14 +104,14 @@ with lib; {
     };
 
     # https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/275#note_1746383655
-    dovecot2.sieve.extensions = ["fileinto"];
+    dovecot2.sieve.extensions = [ "fileinto" ];
 
     # https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/241
     redis.servers.rspamd.enable = mkForce false;
   };
 
   systemd.services.rspamd = {
-    requires = mkForce ["redis-default.service"];
-    after = mkForce ["redis-default.service"];
+    requires = mkForce [ "redis-default.service" ];
+    after = mkForce [ "redis-default.service" ];
   };
 }
diff --git a/nixosConfigurations/manwe/webserver.nix b/nixosConfigurations/manwe/webserver.nix
index d0784e8..95a0b0b 100644
--- a/nixosConfigurations/manwe/webserver.nix
+++ b/nixosConfigurations/manwe/webserver.nix
@@ -5,10 +5,12 @@
   libPlausible,
   ...
 }:
-with lib; {
+with lib;
+{
   nixfiles.modules.nginx = {
     enable = true;
-    virtualHosts = with my.domain;
+    virtualHosts =
+      with my.domain;
       {
         # TODO Start using this.
         # "start.local" = {
@@ -78,20 +80,30 @@ with lib; {
         "git.${shire}".locations."/".return = "301 https://git.${azahi}";
         "bitwarden.${shire}".locations."/".return = "301 https://vaultwarden.${shire}";
         ${azahi} = {
-          serverAliases = ["frodo.${gondor}" "frodo.${rohan}"];
+          serverAliases = [
+            "frodo.${gondor}"
+            "frodo.${rohan}"
+          ];
           locations."/" = {
             root = inputs.azahi-cc;
-            extraConfig = libNginx.config.appendHead [
-              (libPlausible.htmlPlausibleScript {domain = azahi;})
-            ];
+            extraConfig = libNginx.config.appendHead [ (libPlausible.htmlPlausibleScript { domain = azahi; }) ];
           };
         };
       }
-      // (let
-        frodo = "301 https://frodo.";
-      in {
-        ${gondor}.locations."/".return = concatStrings [frodo gondor];
-        ${rohan}.locations."/".return = concatStrings [frodo rohan];
-      });
+      // (
+        let
+          frodo = "301 https://frodo.";
+        in
+        {
+          ${gondor}.locations."/".return = concatStrings [
+            frodo
+            gondor
+          ];
+          ${rohan}.locations."/".return = concatStrings [
+            frodo
+            rohan
+          ];
+        }
+      );
   };
 }

Consider giving Nix/NixOS a try! <3