Add suppport for multiple Domains.

This commit is contained in:
Kevin Baensch 2019-10-08 13:15:38 +02:00
parent a4fde6972f
commit bc22db3e1b
5 changed files with 79 additions and 32 deletions

View file

@ -1,36 +1,51 @@
{ lib, ... }: { config, lib, ... }:
with lib; with lib;
{ let
cfg = config.machine;
in {
imports = [ imports = [
../../options/machine.nix ../../options/machine.nix
../../options/mailman3/options.nix
]; ];
config.machine = { config.machine = rec {
hostName = "CDServer"; hostName = "CDServer";
administrators = [ { name = "derped"; id = 1337; } ]; domain = "countdown-dresden.de";
allowUnfree = true; extraDomains = [ "iz-ev.de" "clubduererstrasse.de" ];
administrators = [
{ name = "kevin"; id = 1337; }
{ name = "reinhold"; id= 1000; }
];
mailAccounts = import "${cfg.secretPath}/mailAccounts.nix";
allowUnfree = false;
conffiles = [ conffiles = [
"etcvars" "etcvars"
# "security" "security"
"zsh" "zsh"
]; ];
pkgs = [ pkgs = [
"base" "base"
"emacs"
"server" "server"
]; ];
services = [ services = [
"docker" "fail2ban"
# "fail2ban" "gitea"
# "gitea" "mailserver"
# "mailserver"
"cd-internes"
"mariaDB" "mariaDB"
"nextcloud"
"nginx" "nginx"
"openssh" "openssh"
# "cd-internes"
# "docker"
]; ];
vHosts = (flatten (map (base: [
{ domain = base; service = "simple"; }
{ domain = "storage.${base}"; service = "nextcloud"; }
{ domain = "mail.${base}"; service = "mail"; }
{ domain = "git.${base}"; service = "gitea"; }
]) ([ domain ] ++ extraDomains)));
firewall = { firewall = {
enable = true; enable = true;
allowPing = false; allowPing = false;
@ -38,4 +53,22 @@ with lib;
allowedTCPPorts = [ 80 443 ]; allowedTCPPorts = [ 80 443 ];
}; };
}; };
config.services.mailman3 = {
enable = true;
site_owner = "derped@ophanim.de";
database = {
type = "mysql";
name = "mailman3";
user = "mailman3";
host = "localhost";
port = 3306;
passwordFile = "${cfg.secretPath}/mailman3_db";
};
mta = {
lmtp_host = "mail.ophanim.de";
smtp_host = "mail.ophanim.de";
smtp_user = "mailman3";
smtp_passFile = "${cfg.secretPath}/mailman3_mail";
};
};
} }

View file

@ -1,8 +1,10 @@
{ lib, ... }: { config, lib, ... }:
with lib; with lib;
{ let
cfg = config.machine;
in {
imports = [ imports = [
../../options/machine.nix ../../options/machine.nix
../../options/mailman3/options.nix ../../options/mailman3/options.nix
@ -10,9 +12,9 @@ with lib;
config.machine = rec { config.machine = rec {
hostName = "Ophanim"; hostName = "Ophanim";
domain = "ophanim.de";
administrators = [ { name = "derped"; id = 1337; } ]; administrators = [ { name = "derped"; id = 1337; } ];
mailAccounts = [ { name = "derped"; aliases = [ "postmaster" ]; } { name = "mailman3"; aliases = []; } ]; mailAccounts = [ { name = "derped"; aliases = [ "postmaster" ]; } { name = "mailman3"; aliases = []; } ];
domain = "ophanim.de";
allowUnfree = true; allowUnfree = true;
conffiles = [ conffiles = [
"etcvars" "etcvars"
@ -32,7 +34,6 @@ with lib;
"nextcloud" "nextcloud"
"nginx" "nginx"
"openssh" "openssh"
"webblog"
]; ];
vHosts = (let base = domain; in [ vHosts = (let base = domain; in [
{ domain = base; service = "simple"; } { domain = base; service = "simple"; }
@ -58,13 +59,13 @@ with lib;
user = "mailman3"; user = "mailman3";
host = "localhost"; host = "localhost";
port = 3306; port = 3306;
passwordFile = "/secret/mailman3_db"; passwordFile = "${cfg.secretPath}/mailman3_db";
}; };
mta = { mta = {
lmtp_host = "mail.ophanim.de"; lmtp_host = "mail.ophanim.de";
smtp_host = "mail.ophanim.de"; smtp_host = "mail.ophanim.de";
smtp_user = "mailman3"; smtp_user = "mailman3";
smtp_passFile = "/secret/mailman3_mail"; smtp_passFile = "${cfg.secretPath}/mailman3_mail";
}; };
}; };
} }

View file

@ -4,26 +4,23 @@ with lib;
{ {
options.machine = { options.machine = {
allowUnfree = mkOption {
type = types.bool;
description = ''
Wether to allow the installation of unfree packages.
'';
};
pkgs = mkOption { pkgs = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ "base" ];
description = '' description = ''
The list of metapackages to be installed. The list of metapackages to be installed.
''; '';
}; };
services = mkOption { services = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [];
description = '' description = ''
List of services to be enabled. List of services to be enabled.
''; '';
}; };
conffiles = mkOption { conffiles = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ "zsh" ];
description = '' description = ''
List of configuration files to be enabled. List of configuration files to be enabled.
''; '';
@ -54,14 +51,23 @@ with lib;
The Machines domain name. The Machines domain name.
''; '';
}; };
extraDomains = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Extra domains used in various services.
'';
};
mailAccounts = mkOption { mailAccounts = mkOption {
type = types.listOf types.attrs; type = types.listOf types.attrs;
default = [];
description = '' description = ''
List of mail account user names. List of mail account user names.
''; '';
}; };
vHosts = mkOption { vHosts = mkOption {
type = types.listOf types.attrs; type = types.listOf types.attrs;
default = [];
description = '' description = ''
Domain - Service mappings for nginx vHost config. Domain - Service mappings for nginx vHost config.
''; '';
@ -74,5 +80,8 @@ with lib;
''; '';
}; };
}; };
imports = [(mkAliasOptionModule [ "machine" "firewall" ] [ "networking" "firewall" ])]; imports = [
(mkAliasOptionModule [ "machine" "firewall" ] [ "networking" "firewall" ])
(mkAliasOptionModule [ "machine" "allowUnfree" ] [ "nixpkgs" "config" "allowUnfree" ])
];
} }

View file

@ -5,20 +5,23 @@ with lib;
mkIf (elem "mailserver" config.machine.services) { mkIf (elem "mailserver" config.machine.services) {
mailserver = let mailserver = let
cfg = config.machine; cfg = config.machine;
domain = config.machine.domain; domain = cfg.domain;
fdomain = (findFirst (s: s.service == "mail") cfg cfg.vHosts).domain; fdomain = (findFirst (s: s.service == "mail") cfg cfg.vHosts).domain;
mkFqdnAlias = name: [ "${name}@${domain}" "${name}@${fdomain}" ]; mkFqdnAlias = name: [ "${name}@${domain}" "${name}@${fdomain}" ];
mkExDomAlias = name: (map (exDom: "${name}@${exDom}") cfg.extraDomains);
mkUser = user: rec { mkUser = user: rec {
name = "${user.name}@${domain}"; name = "${user.name}@${domain}";
value = { value = {
hashedPassword = (fileContents "${cfg.secretPath}/${user.name}.mail"); hashedPassword = (fileContents "${cfg.secretPath}/${user.name}.mail");
aliases = [ "${user.name}@${fdomain}" ] ++ (flatten (map mkFqdnAlias user.aliases)); aliases = [ "${user.name}@${fdomain}" ]
++ (flatten (map mkFqdnAlias user.aliases))
++ (flatten (map mkExDomAlias ([ user.name ] ++ user.aliases)));
}; };
}; };
in rec { in rec {
enable = true; enable = true;
fqdn = fdomain; fqdn = fdomain;
domains = [ fdomain domain ]; domains = ([ fdomain domain ] ++ cfg.extraDomains);
loginAccounts = listToAttrs (map mkUser cfg.mailAccounts); loginAccounts = listToAttrs (map mkUser cfg.mailAccounts);
# Use Let's Encrypt certificates. Note that this needs to set up a stripped # Use Let's Encrypt certificates. Note that this needs to set up a stripped

View file

@ -23,6 +23,7 @@ mkIf (elem "nextcloud" config.machine.services) {
dbpassFile = "${cfg.secretPath}/nextcloud_db"; dbpassFile = "${cfg.secretPath}/nextcloud_db";
dbname = "nextcloud"; dbname = "nextcloud";
dbtableprefix = "oc_"; dbtableprefix = "oc_";
extraTrustedDomains = cfg.extraDomains;
}; };
caching = { caching = {
apcu = true; apcu = true;