flake,h: enable mail server

This commit is contained in:
Aaron Bieber 2023-11-28 14:27:18 -07:00
parent adc08ad0fe
commit f3df7fc7a6
No known key found for this signature in database
3 changed files with 43 additions and 68 deletions

8
flake.lock generated
View File

@ -515,11 +515,11 @@
"unstable": "unstable_2"
},
"locked": {
"lastModified": 1701143488,
"narHash": "sha256-Ah8aaFZ9WQcCxcVnuZfmRc1xOM6NNzrnR92HxtzlYxU=",
"lastModified": 1701180733,
"narHash": "sha256-ylLJ4TL+XCK5OrZ3zY9/CG6fTMjl8P5AhDp/c1SL5mc=",
"ref": "main",
"rev": "c0b7fe45f505d4779a855774b7b9480a246db017",
"revCount": 117,
"rev": "92feef6f4d94e0b4239b111cfd76541b44a6af6c",
"revCount": 118,
"type": "git",
"url": "ssh://xin-secrets-ro/qbit/xin-secrets.git"
},

View File

@ -29,6 +29,8 @@
inputs.nixpkgs.follows = "unstableSmall";
};
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05";
microca = {
url = "github:qbit/microca";
inputs.nixpkgs.follows = "unstable";
@ -97,6 +99,7 @@
, unstableSmall
, xin-secrets
, xintray
, simple-nixos-mailserver
, ...
} @ inputs:
let
@ -218,6 +221,7 @@
gostart.nixosModule
pots.nixosModule
pr-status.nixosModule
simple-nixos-mailserver.nixosModule
] "h";
#router =
# buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "router";

View File

@ -144,9 +144,9 @@ in
owner = config.services.tsrevprox.user;
sopsFile = config.xin-secrets.h.services;
};
writefreely = {
qbit_at_suah_pass_file = {
mode = "400";
owner = config.services.writefreely.user;
owner = "root";
sopsFile = config.xin-secrets.h.services;
};
};
@ -270,6 +270,28 @@ in
};
};
mailserver = {
enable = true;
fqdn = "mail.suah.dev";
domains = [ "suah.dev" ];
certificateScheme = "acme-nginx";
loginAccounts = {
"qbit@suah.dev" = {
hashedPasswordFile = "${config.sops.secrets.qbit_at_suah_pass_file.path}";
aliases = [ "postmaster@suah.dev" "aaron@suah.dev" ];
};
};
fullTextSearch = {
enable = true;
autoIndex = true;
indexAttachments = true;
enforced = "body";
};
};
services = {
shiori = {
enable = true;
@ -431,7 +453,8 @@ in
"/var/lib/mcchunkie"
"/var/lib/taskserver"
"/var/lib/heisenbridge"
"/var/lib/writefreely"
"/var/vmail"
"/var/dkim"
];
timerConfig = { OnCalendar = "00:05"; };
@ -441,26 +464,6 @@ in
};
};
writefreely = {
enable = true;
host = "arst.lol";
settings = {
server.port = 3287;
app = {
single_user = true;
min_username_len = 4;
federation = true;
monetization = false;
wf_modesty = true;
};
};
database.migrate = true;
admin = {
name = "qbit";
initialPasswordFile = "${config.sops.secrets.writefreely.path}";
};
};
nginx = {
enable = true;
@ -526,31 +529,6 @@ in
root = "/var/www/bolddaemon.com";
};
"relay.bolddaemon.com" = {
forceSSL = true;
enableACME = true;
root = "/var/www/bolddaemon.com";
locations."/weechat" = {
proxyWebsockets = true;
proxyPass = "http://localhost:9009/weechat";
};
};
"arst.lol" = {
forceSSL = true;
enableACME = true;
root = "/var/www/arst.lol";
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://127.0.0.1:${
toString config.services.writefreely.settings.server.port
}";
};
};
#"embracethe.lol" = {
# forceSSL = true;
# enableACME = true;
# root = "/var/www/embracethe.lol";
#};
"notes.suah.dev" = {
forceSSL = true;
enableACME = true;
@ -566,13 +544,6 @@ in
'';
};
"bear.tapenet.org" = {
forceSSL = true;
enableACME = true;
locations."/" = { root = "${pkgs.glowing-bear}"; };
};
"git.tapenet.org" = {
forceSSL = true;
enableACME = true;