chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity

fix restic, change emails, change roundcube settings

Browse source
This commit is contained in:
Chaos 2022-12-02 16:07:06 +00:00
parent 26a9d17854
commit 0787c1e546
No known key found for this signature in database
5 changed files with 74 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
hosts/hetzner-vm/modules/mailserver/default.nix
View file

@ -28,11 +28,22 @@ in {
}); });
default = { }; default = { };
}; };
debug_mode = mkOption { debug_mode = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
}; };
enable_roundcube = mkOption {
type = types.bool;
default = true;
};
roundcube_url = mkOption {
type = types.str;
default = "${cfg.fqdn}";
};
accounts = mkOption { accounts = mkOption {
# where name = email for login # where name = email for login
type = types.attrsOf (types.submodule ({ config, name, ... }: { type = types.attrsOf (types.submodule ({ config, name, ... }: {
@ -62,6 +73,11 @@ in {
default = ""; default = "";
}; };
extra_roundcube_config = mkOption {
type = types.lines;
default = "";
};
vmail_config = mkOption { vmail_config = mkOption {
type = (types.submodule { type = (types.submodule {
options = { options = {

7
hosts/hetzner-vm/modules/mailserver/webmail.nix
View file

@ -1,18 +1,17 @@
{ config, lib, ... }: { config, lib, ... }:
let mail_config = config.mailserver; let mail_config = config.mailserver;
in { in {
config = (lib.mkIf (mail_config.enable) { config = (lib.mkIf (mail_config.enable && mail_config.enable_roundcube) {
services.roundcube = { services.roundcube = {
enable = true; enable = true;
hostName = "mail.owo.monster"; hostName = "${mail_config.roundcube_url}";
extraConfig = '' extraConfig = ''
$config['smtp_server'] = "tls://${mail_config.fqdn}"; $config['smtp_server'] = "tls://${mail_config.fqdn}";
$config['smtp_user'] = "%u"; $config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p"; $config['smtp_pass'] = "%p";
$config['plugins'] = ["managesieve"]; $config['plugins'] = ["managesieve"];
$config['managesieve_host'] = 'tls://${mail_config.fqdn}'; $config['managesieve_host'] = 'tls://${mail_config.fqdn}';
$config['session_lifetime'] = 168; ${mail_config.extra_roundcube_config}
$config['product_name'] = 'Chaos Mail';
''; '';
}; };
}); });

15
hosts/hetzner-vm/profiles/mailserver.nix
View file

@ -6,16 +6,21 @@ in {
fqdn = "mail.owo.monster"; fqdn = "mail.owo.monster";
domains = [ "owo.monster" "kitteh.pw" ]; domains = [ "owo.monster" "kitteh.pw" ];
debug_mode = false; debug_mode = true;
extra_roundcube_config = ''
$config['session_lifetime'] = (60 * 24 * 7 * 2); # 2 Weeks
$config['product_name'] = 'Chaos Mail';
$config['username_domain'] = "owo.monster";
$config['username_domain_forced'] = true;
'';
accounts = { accounts = {
"chaoticryptidz@owo.monster" = { "chaos@owo.monster" = {
name = "chaoticryptidz@owo.monster"; name = "chaos@owo.monster";
passwordFile = "${secrets.chaos_mail_passwd.path}"; passwordFile = "${secrets.chaos_mail_passwd.path}";
aliases = [ aliases = [
"all@owo.monster" "all@owo.monster"
# for sending from "chaoticryptidz@owo.monster"
"chaos@owo.monster"
# TODO: legacy - to be deprecated by 2023-01-01 # TODO: legacy - to be deprecated by 2023-01-01
"kitteh@owo.monster" "kitteh@owo.monster"

7
hosts/hetzner-vm/profiles/restic.nix
View file

@ -5,7 +5,11 @@ let
backupPrepareCommand = "${ backupPrepareCommand = "${
(pkgs.writeShellScriptBin "backupPrepareCommand" '' (pkgs.writeShellScriptBin "backupPrepareCommand" ''
systemctl start postgresqlBackup --wait systemctl start ${
lib.concatStringsSep " "
(lib.forEach config.services.postgresqlBackup.databases
(db: "postgresqlBackup-${db}"))
} --wait
'') '')
}/bin/backupPrepareCommand"; }/bin/backupPrepareCommand";
in { in {
@ -54,6 +58,7 @@ in {
services.postgresqlBackup = { services.postgresqlBackup = {
enable = true; enable = true;
backupAll = false; backupAll = false;
databases = [ "postgres" "invidious" "misskey" "quassel" "roundcube" ];
compression = "zstd"; compression = "zstd";
}; };
} }

38
hosts/tablet/tablet.nix
View file

@ -44,7 +44,8 @@
# systems = ["x86_64-linux" "aarch64-linux"]; # systems = ["x86_64-linux" "aarch64-linux"];
sshUser = "root"; sshUser = "root";
sshKey = "/usb/ssh-keys/chaos.priv"; sshKey = "/usb/ssh-keys/chaos.priv";
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUpXZGI5SVl3dFBSRm9rK2JTWUpmSnlRTlJSSithVEtIT3VOTkNLY2FMUHggcm9vdEBuaXhvcwo="; publicHostKey =
"c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUpXZGI5SVl3dFBSRm9rK2JTWUpmSnlRTlJSSithVEtIT3VOTkNLY2FMUHggcm9vdEBuaXhvcwo=";
maxJobs = 16; maxJobs = 16;
speedFactor = 4; speedFactor = 4;
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
@ -53,6 +54,41 @@
nix.distributedBuilds = true; nix.distributedBuilds = true;
nix.extraOptions = "builders-use-substitutes = true"; nix.extraOptions = "builders-use-substitutes = true";
services.telegraf = {
enable = true;
extraConfig = {
inputs.mem = { };
inputs.systemd_units = { pattern = ""; };
outputs.websocket = {
url = "ws://127.0.0.1:9002/test";
use_text_frames = true;
data_format = "json";
};
outputs.file = {
files = [ "/tmp/telegraf-output" ];
data_format = "json";
flush_interval = "1s";
flush_jitter = "1s";
metric_batch_size = 10;
};
};
};
services.datadog-agent = {
enable = true;
apiKeyFile = "/tmp/key";
site = "datadoghq.eu";
checks = {
systemd = {
init_config = null;
instances = [{ unit_names = [ "postgresql.service" "none.service" ]; }];
};
};
};
systemd.services.datadog-agent.environment = {
ASSUME_NO_MOVING_GC_UNSAFE_RISK_IT_WITH = "go1.19";
};
networking.hostName = "tablet"; networking.hostName = "tablet";
time.timeZone = "Europe/London"; time.timeZone = "Europe/London";