about summary refs log tree commit diff
path: root/nixosConfigurations/manwe
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2023-03-22 15:20:22 +0300
committerAzat Bahawi <azat@bahawi.net>2023-03-22 15:20:22 +0300
commiteb6eebde166112397e8711a16a8618a52ecbcaca (patch)
tree8650b606bf9c5f48d843fb99e2212c052825d79a /nixosConfigurations/manwe
parent2023-03-21 (diff)
2023-03-22
Diffstat (limited to 'nixosConfigurations/manwe')
-rw-r--r--nixosConfigurations/manwe/default.nix58
-rw-r--r--nixosConfigurations/manwe/mailserver.nix8
2 files changed, 37 insertions, 29 deletions
diff --git a/nixosConfigurations/manwe/default.nix b/nixosConfigurations/manwe/default.nix
index a47cd88..a3c16b0 100644
--- a/nixosConfigurations/manwe/default.nix
+++ b/nixosConfigurations/manwe/default.nix
@@ -1,6 +1,5 @@
 {
   config,
-  inputs,
   lib,
   ...
 }:
@@ -44,36 +43,37 @@ with lib; {
       domain = my.domain.azahi;
     };
     vaultwarden.enable = true;
+    ntfy.enable = true;
   };
 
-  # To play old LAN games with the boys.
-  secrets."wireguard-private-key-70".file = "${inputs.self}/secrets/wireguard-private-key-70";
-  networking = mkIf config.nixfiles.modules.wireguard.server.enable {
-    wireguard.interfaces.wg70 = {
-      ips = ["10.70.0.1/16"];
-      listenPort = 7070;
-      privateKeyFile = config.secrets."wireguard-private-key-70".path;
-      peers = [
-        {
-          publicKey = "@PUBLIC_KEY@";
-          allowedIPs = ["10.70.1.1/32"];
-        }
-        {
-          publicKey = "@PUBLIC_KEY@";
-          allowedIPs = ["10.70.1.2/32"];
-        }
-        {
-          publicKey = "@PUBLIC_KEY@";
-          allowedIPs = ["10.70.1.3/32"];
-        }
-        {
-          publicKey = "@PUBLIC_KEY@";
-          allowedIPs = ["10.70.1.4/32"];
-        }
-      ];
-    };
-    firewall.allowedUDPPorts = [7070];
-  };
+  # A VPN to play old LAN games with the boys.
+  # secrets."wireguard-private-key-70".file = "${inputs.self}/secrets/wireguard-private-key-70";
+  # networking = mkIf config.nixfiles.modules.wireguard.server.enable {
+  #   wireguard.interfaces.wg70 = {
+  #     ips = ["10.70.0.1/16"];
+  #     listenPort = 7070;
+  #     privateKeyFile = config.secrets."wireguard-private-key-70".path;
+  #     peers = [
+  #       {
+  #         publicKey = "@PUBLIC_KEY@";
+  #         allowedIPs = ["10.70.1.1/32"];
+  #       }
+  #       {
+  #         publicKey = "@PUBLIC_KEY@";
+  #         allowedIPs = ["10.70.1.2/32"];
+  #       }
+  #       {
+  #         publicKey = "@PUBLIC_KEY@";
+  #         allowedIPs = ["10.70.1.3/32"];
+  #       }
+  #       {
+  #         publicKey = "@PUBLIC_KEY@";
+  #         allowedIPs = ["10.70.1.4/32"];
+  #       }
+  #     ];
+  #   };
+  #   firewall.allowedUDPPorts = [7070];
+  # };
 
   boot = {
     loader.grub = {
diff --git a/nixosConfigurations/manwe/mailserver.nix b/nixosConfigurations/manwe/mailserver.nix
index e8d1781..b59f0a8 100644
--- a/nixosConfigurations/manwe/mailserver.nix
+++ b/nixosConfigurations/manwe/mailserver.nix
@@ -7,6 +7,8 @@
 with lib; {
   imports = [inputs.simple-nixos-mailserver.nixosModule];
 
+  nixfiles.modules.redis.enable = true;
+
   secrets = {
     dkim-key-azahi-cc = {
       file = "${inputs.self}/secrets/dkim-key-azahi-cc";
@@ -52,6 +54,12 @@ with lib; {
 
     lmtpSaveToDetailMailbox = "no";
 
+    redis = with config.services.redis.servers.default; {
+      address = bind;
+      inherit port;
+      password = requirePass;
+    };
+
     loginAccounts = with my.domain; {
       "azahi@${shire}" = {
         hashedPassword = "@HASHED_PASSWORD@";

Consider giving Nix/NixOS a try! <3