flake,h: enable mail server
This commit is contained in:
parent
adc08ad0fe
commit
f3df7fc7a6
8
flake.lock
generated
8
flake.lock
generated
@ -515,11 +515,11 @@
|
||||
"unstable": "unstable_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1701143488,
|
||||
"narHash": "sha256-Ah8aaFZ9WQcCxcVnuZfmRc1xOM6NNzrnR92HxtzlYxU=",
|
||||
"lastModified": 1701180733,
|
||||
"narHash": "sha256-ylLJ4TL+XCK5OrZ3zY9/CG6fTMjl8P5AhDp/c1SL5mc=",
|
||||
"ref": "main",
|
||||
"rev": "c0b7fe45f505d4779a855774b7b9480a246db017",
|
||||
"revCount": 117,
|
||||
"rev": "92feef6f4d94e0b4239b111cfd76541b44a6af6c",
|
||||
"revCount": 118,
|
||||
"type": "git",
|
||||
"url": "ssh://xin-secrets-ro/qbit/xin-secrets.git"
|
||||
},
|
||||
|
@ -29,6 +29,8 @@
|
||||
inputs.nixpkgs.follows = "unstableSmall";
|
||||
};
|
||||
|
||||
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05";
|
||||
|
||||
microca = {
|
||||
url = "github:qbit/microca";
|
||||
inputs.nixpkgs.follows = "unstable";
|
||||
@ -97,6 +99,7 @@
|
||||
, unstableSmall
|
||||
, xin-secrets
|
||||
, xintray
|
||||
, simple-nixos-mailserver
|
||||
, ...
|
||||
} @ inputs:
|
||||
let
|
||||
@ -218,6 +221,7 @@
|
||||
gostart.nixosModule
|
||||
pots.nixosModule
|
||||
pr-status.nixosModule
|
||||
simple-nixos-mailserver.nixosModule
|
||||
] "h";
|
||||
#router =
|
||||
# buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "router";
|
||||
|
@ -144,9 +144,9 @@ in
|
||||
owner = config.services.tsrevprox.user;
|
||||
sopsFile = config.xin-secrets.h.services;
|
||||
};
|
||||
writefreely = {
|
||||
qbit_at_suah_pass_file = {
|
||||
mode = "400";
|
||||
owner = config.services.writefreely.user;
|
||||
owner = "root";
|
||||
sopsFile = config.xin-secrets.h.services;
|
||||
};
|
||||
};
|
||||
@ -270,6 +270,28 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
mailserver = {
|
||||
enable = true;
|
||||
fqdn = "mail.suah.dev";
|
||||
domains = [ "suah.dev" ];
|
||||
|
||||
certificateScheme = "acme-nginx";
|
||||
|
||||
loginAccounts = {
|
||||
"qbit@suah.dev" = {
|
||||
hashedPasswordFile = "${config.sops.secrets.qbit_at_suah_pass_file.path}";
|
||||
aliases = [ "postmaster@suah.dev" "aaron@suah.dev" ];
|
||||
};
|
||||
};
|
||||
|
||||
fullTextSearch = {
|
||||
enable = true;
|
||||
autoIndex = true;
|
||||
indexAttachments = true;
|
||||
enforced = "body";
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
shiori = {
|
||||
enable = true;
|
||||
@ -431,7 +453,8 @@ in
|
||||
"/var/lib/mcchunkie"
|
||||
"/var/lib/taskserver"
|
||||
"/var/lib/heisenbridge"
|
||||
"/var/lib/writefreely"
|
||||
"/var/vmail"
|
||||
"/var/dkim"
|
||||
];
|
||||
|
||||
timerConfig = { OnCalendar = "00:05"; };
|
||||
@ -441,26 +464,6 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
writefreely = {
|
||||
enable = true;
|
||||
host = "arst.lol";
|
||||
settings = {
|
||||
server.port = 3287;
|
||||
app = {
|
||||
single_user = true;
|
||||
min_username_len = 4;
|
||||
federation = true;
|
||||
monetization = false;
|
||||
wf_modesty = true;
|
||||
};
|
||||
};
|
||||
database.migrate = true;
|
||||
admin = {
|
||||
name = "qbit";
|
||||
initialPasswordFile = "${config.sops.secrets.writefreely.path}";
|
||||
};
|
||||
};
|
||||
|
||||
nginx = {
|
||||
enable = true;
|
||||
|
||||
@ -526,31 +529,6 @@ in
|
||||
root = "/var/www/bolddaemon.com";
|
||||
|
||||
};
|
||||
"relay.bolddaemon.com" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
root = "/var/www/bolddaemon.com";
|
||||
locations."/weechat" = {
|
||||
proxyWebsockets = true;
|
||||
proxyPass = "http://localhost:9009/weechat";
|
||||
};
|
||||
};
|
||||
"arst.lol" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
root = "/var/www/arst.lol";
|
||||
locations."/" = {
|
||||
proxyWebsockets = true;
|
||||
proxyPass = "http://127.0.0.1:${
|
||||
toString config.services.writefreely.settings.server.port
|
||||
}";
|
||||
};
|
||||
};
|
||||
#"embracethe.lol" = {
|
||||
# forceSSL = true;
|
||||
# enableACME = true;
|
||||
# root = "/var/www/embracethe.lol";
|
||||
#};
|
||||
"notes.suah.dev" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
@ -566,13 +544,6 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
"bear.tapenet.org" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
|
||||
locations."/" = { root = "${pkgs.glowing-bear}"; };
|
||||
};
|
||||
|
||||
"git.tapenet.org" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
@ -722,14 +693,14 @@ in
|
||||
else "";
|
||||
locations."/" = {
|
||||
extraConfig = ''
|
||||
proxy_pass http://127.0.0.1:${
|
||||
toString config.services.gotosocial.configuration.port
|
||||
proxy_pass http://127.0.0.1:${
|
||||
toString config.services.gotosocial.configuration.port
|
||||
};
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
'';
|
||||
};
|
||||
};
|
||||
@ -745,8 +716,8 @@ in
|
||||
locations."/" = {
|
||||
proxyWebsockets = true;
|
||||
proxyPass = "http://${config.services.yarr.address}:${
|
||||
toString config.services.yarr.port
|
||||
}";
|
||||
toString config.services.yarr.port
|
||||
}";
|
||||
};
|
||||
};
|
||||
"tapenet.org" = {
|
||||
|
Loading…
Reference in New Issue
Block a user