fix restic, change emails, change roundcube settings

2022-12-02 16:07:06 +00:00 · 2022-12-02 16:07:06 +00:00 · 0787c1e546
parent 26a9d17854
commit 0787c1e546
5 changed files with 74 additions and 13 deletions
--- a/hosts/hetzner-vm/modules/mailserver/default.nix
+++ b/hosts/hetzner-vm/modules/mailserver/default.nix
@ -28,11 +28,22 @@ in {
      });
      default = { };
    };
+
    debug_mode = mkOption {
      type = types.bool;
      default = false;
    };

+    enable_roundcube = mkOption {
+      type = types.bool;
+      default = true;
+    };
+
+    roundcube_url = mkOption {
+      type = types.str;
+      default = "${cfg.fqdn}";
+    };
+
    accounts = mkOption {
      # where name = email for login
      type = types.attrsOf (types.submodule ({ config, name, ... }: {
@ -62,6 +73,11 @@ in {
      default = "";
    };

+    extra_roundcube_config = mkOption {
+      type = types.lines;
+      default = "";
+    };
+
    vmail_config = mkOption {
      type = (types.submodule {
        options = {
--- a/hosts/hetzner-vm/modules/mailserver/webmail.nix
+++ b/hosts/hetzner-vm/modules/mailserver/webmail.nix
@ -1,18 +1,17 @@
 { config, lib, ... }:
 let mail_config = config.mailserver;
 in {
-  config = (lib.mkIf (mail_config.enable) {
+  config = (lib.mkIf (mail_config.enable && mail_config.enable_roundcube) {
    services.roundcube = {
      enable = true;
-      hostName = "mail.owo.monster";
+      hostName = "${mail_config.roundcube_url}";
      extraConfig = ''
        $config['smtp_server'] = "tls://${mail_config.fqdn}";
        $config['smtp_user'] = "%u";
        $config['smtp_pass'] = "%p";
        $config['plugins'] = ["managesieve"];
        $config['managesieve_host'] = 'tls://${mail_config.fqdn}';
-        $config['session_lifetime'] = 168;
-        $config['product_name'] = 'Chaos Mail';
+        ${mail_config.extra_roundcube_config}
      '';
    };
  });
--- a/hosts/hetzner-vm/profiles/mailserver.nix
+++ b/hosts/hetzner-vm/profiles/mailserver.nix
@ -6,16 +6,21 @@ in {
    fqdn = "mail.owo.monster";
    domains = [ "owo.monster" "kitteh.pw" ];

-    debug_mode = false;
+    debug_mode = true;
+    extra_roundcube_config = ''
+      $config['session_lifetime'] = (60 * 24 * 7 * 2); # 2 Weeks
+      $config['product_name'] = 'Chaos Mail';
+      $config['username_domain'] = "owo.monster";
+      $config['username_domain_forced'] = true;
+    '';

    accounts = {
-      "chaoticryptidz@owo.monster" = {
-        name = "chaoticryptidz@owo.monster";
+      "chaos@owo.monster" = {
+        name = "chaos@owo.monster";
        passwordFile = "${secrets.chaos_mail_passwd.path}";
        aliases = [
          "all@owo.monster"
-          # for sending from
-          "chaos@owo.monster"
+          "chaoticryptidz@owo.monster"

          # TODO: legacy - to be deprecated by 2023-01-01 
          "kitteh@owo.monster"
@ -26,13 +31,13 @@ in {
      "misskey@owo.monster" = {
        name = "misskey@owo.monster";
        passwordFile = "${secrets.misskey_mail_passwd.path}";
-        aliases = [];
+        aliases = [ ];
        sieveScript = null;
      };
      "system@owo.monster" = {
        name = "system@owo.monster";
        passwordFile = "${secrets.system_mail_passwd.path}";
-        aliases = [];
+        aliases = [ ];
        sieveScript = null;
      };
    };
--- a/hosts/hetzner-vm/profiles/restic.nix
+++ b/hosts/hetzner-vm/profiles/restic.nix
@ -5,7 +5,11 @@ let

  backupPrepareCommand = "${
      (pkgs.writeShellScriptBin "backupPrepareCommand" ''
-        systemctl start postgresqlBackup --wait
+        systemctl start ${
+          lib.concatStringsSep " "
+          (lib.forEach config.services.postgresqlBackup.databases
+            (db: "postgresqlBackup-${db}"))
+        } --wait
      '')
    }/bin/backupPrepareCommand";
 in {
@ -54,6 +58,7 @@ in {
  services.postgresqlBackup = {
    enable = true;
    backupAll = false;
+    databases = [ "postgres" "invidious" "misskey" "quassel" "roundcube" ];
    compression = "zstd";
  };
 }
--- a/hosts/tablet/tablet.nix
+++ b/hosts/tablet/tablet.nix
@ -44,7 +44,8 @@
    # systems = ["x86_64-linux" "aarch64-linux"];
    sshUser = "root";
    sshKey = "/usb/ssh-keys/chaos.priv";
-    publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUpXZGI5SVl3dFBSRm9rK2JTWUpmSnlRTlJSSithVEtIT3VOTkNLY2FMUHggcm9vdEBuaXhvcwo=";
+    publicHostKey =
+      "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUpXZGI5SVl3dFBSRm9rK2JTWUpmSnlRTlJSSithVEtIT3VOTkNLY2FMUHggcm9vdEBuaXhvcwo=";
    maxJobs = 16;
    speedFactor = 4;
    supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
@ -53,6 +54,41 @@
  nix.distributedBuilds = true;
  nix.extraOptions = "builders-use-substitutes = true";

+  services.telegraf = {
+    enable = true;
+    extraConfig = {
+      inputs.mem = { };
+      inputs.systemd_units = { pattern = ""; };
+      outputs.websocket = {
+        url = "ws://127.0.0.1:9002/test";
+        use_text_frames = true;
+        data_format = "json";
+      };
+      outputs.file = {
+        files = [ "/tmp/telegraf-output" ];
+        data_format = "json";
+        flush_interval = "1s";
+        flush_jitter = "1s";
+        metric_batch_size = 10;
+      };
+    };
+  };
+
+  services.datadog-agent = {
+    enable = true;
+    apiKeyFile = "/tmp/key";
+    site = "datadoghq.eu";
+    checks = {
+      systemd = {
+        init_config = null;
+        instances = [{ unit_names = [ "postgresql.service" "none.service" ]; }];
+      };
+    };
+  };
+  systemd.services.datadog-agent.environment = {
+    ASSUME_NO_MOVING_GC_UNSAFE_RISK_IT_WITH = "go1.19";
+  };
+
  networking.hostName = "tablet";
  time.timeZone = "Europe/London";