diff --git a/hosts/hetzner-vm/modules/mailserver/default.nix b/hosts/hetzner-vm/modules/mailserver/default.nix index efbe74c..850ce2e 100644 --- a/hosts/hetzner-vm/modules/mailserver/default.nix +++ b/hosts/hetzner-vm/modules/mailserver/default.nix @@ -28,11 +28,22 @@ in { }); default = { }; }; + debug_mode = mkOption { type = types.bool; default = false; }; + enable_roundcube = mkOption { + type = types.bool; + default = true; + }; + + roundcube_url = mkOption { + type = types.str; + default = "${cfg.fqdn}"; + }; + accounts = mkOption { # where name = email for login type = types.attrsOf (types.submodule ({ config, name, ... }: { @@ -62,6 +73,11 @@ in { default = ""; }; + extra_roundcube_config = mkOption { + type = types.lines; + default = ""; + }; + vmail_config = mkOption { type = (types.submodule { options = { diff --git a/hosts/hetzner-vm/modules/mailserver/webmail.nix b/hosts/hetzner-vm/modules/mailserver/webmail.nix index 0ea52b8..9a58129 100644 --- a/hosts/hetzner-vm/modules/mailserver/webmail.nix +++ b/hosts/hetzner-vm/modules/mailserver/webmail.nix @@ -1,18 +1,17 @@ { config, lib, ... }: let mail_config = config.mailserver; in { - config = (lib.mkIf (mail_config.enable) { + config = (lib.mkIf (mail_config.enable && mail_config.enable_roundcube) { services.roundcube = { enable = true; - hostName = "mail.owo.monster"; + hostName = "${mail_config.roundcube_url}"; extraConfig = '' $config['smtp_server'] = "tls://${mail_config.fqdn}"; $config['smtp_user'] = "%u"; $config['smtp_pass'] = "%p"; $config['plugins'] = ["managesieve"]; $config['managesieve_host'] = 'tls://${mail_config.fqdn}'; - $config['session_lifetime'] = 168; - $config['product_name'] = 'Chaos Mail'; + ${mail_config.extra_roundcube_config} ''; }; }); diff --git a/hosts/hetzner-vm/profiles/mailserver.nix b/hosts/hetzner-vm/profiles/mailserver.nix index 11b4223..b5fe182 100644 --- a/hosts/hetzner-vm/profiles/mailserver.nix +++ b/hosts/hetzner-vm/profiles/mailserver.nix @@ -6,16 +6,21 @@ in { fqdn = "mail.owo.monster"; domains = [ "owo.monster" "kitteh.pw" ]; - debug_mode = false; + debug_mode = true; + extra_roundcube_config = '' + $config['session_lifetime'] = (60 * 24 * 7 * 2); # 2 Weeks + $config['product_name'] = 'Chaos Mail'; + $config['username_domain'] = "owo.monster"; + $config['username_domain_forced'] = true; + ''; accounts = { - "chaoticryptidz@owo.monster" = { - name = "chaoticryptidz@owo.monster"; + "chaos@owo.monster" = { + name = "chaos@owo.monster"; passwordFile = "${secrets.chaos_mail_passwd.path}"; aliases = [ "all@owo.monster" - # for sending from - "chaos@owo.monster" + "chaoticryptidz@owo.monster" # TODO: legacy - to be deprecated by 2023-01-01 "kitteh@owo.monster" @@ -26,13 +31,13 @@ in { "misskey@owo.monster" = { name = "misskey@owo.monster"; passwordFile = "${secrets.misskey_mail_passwd.path}"; - aliases = []; + aliases = [ ]; sieveScript = null; }; "system@owo.monster" = { name = "system@owo.monster"; passwordFile = "${secrets.system_mail_passwd.path}"; - aliases = []; + aliases = [ ]; sieveScript = null; }; }; diff --git a/hosts/hetzner-vm/profiles/restic.nix b/hosts/hetzner-vm/profiles/restic.nix index 6efb5fb..6a8d085 100644 --- a/hosts/hetzner-vm/profiles/restic.nix +++ b/hosts/hetzner-vm/profiles/restic.nix @@ -5,7 +5,11 @@ let backupPrepareCommand = "${ (pkgs.writeShellScriptBin "backupPrepareCommand" '' - systemctl start postgresqlBackup --wait + systemctl start ${ + lib.concatStringsSep " " + (lib.forEach config.services.postgresqlBackup.databases + (db: "postgresqlBackup-${db}")) + } --wait '') }/bin/backupPrepareCommand"; in { @@ -54,6 +58,7 @@ in { services.postgresqlBackup = { enable = true; backupAll = false; + databases = [ "postgres" "invidious" "misskey" "quassel" "roundcube" ]; compression = "zstd"; }; } diff --git a/hosts/tablet/tablet.nix b/hosts/tablet/tablet.nix index 088aa20..04c7625 100644 --- a/hosts/tablet/tablet.nix +++ b/hosts/tablet/tablet.nix @@ -44,7 +44,8 @@ # systems = ["x86_64-linux" "aarch64-linux"]; sshUser = "root"; sshKey = "/usb/ssh-keys/chaos.priv"; - publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUpXZGI5SVl3dFBSRm9rK2JTWUpmSnlRTlJSSithVEtIT3VOTkNLY2FMUHggcm9vdEBuaXhvcwo="; + publicHostKey = + "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUpXZGI5SVl3dFBSRm9rK2JTWUpmSnlRTlJSSithVEtIT3VOTkNLY2FMUHggcm9vdEBuaXhvcwo="; maxJobs = 16; speedFactor = 4; supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; @@ -53,6 +54,41 @@ nix.distributedBuilds = true; nix.extraOptions = "builders-use-substitutes = true"; + services.telegraf = { + enable = true; + extraConfig = { + inputs.mem = { }; + inputs.systemd_units = { pattern = ""; }; + outputs.websocket = { + url = "ws://127.0.0.1:9002/test"; + use_text_frames = true; + data_format = "json"; + }; + outputs.file = { + files = [ "/tmp/telegraf-output" ]; + data_format = "json"; + flush_interval = "1s"; + flush_jitter = "1s"; + metric_batch_size = 10; + }; + }; + }; + + services.datadog-agent = { + enable = true; + apiKeyFile = "/tmp/key"; + site = "datadoghq.eu"; + checks = { + systemd = { + init_config = null; + instances = [{ unit_names = [ "postgresql.service" "none.service" ]; }]; + }; + }; + }; + systemd.services.datadog-agent.environment = { + ASSUME_NO_MOVING_GC_UNSAFE_RISK_IT_WITH = "go1.19"; + }; + networking.hostName = "tablet"; time.timeZone = "Europe/London";