Add suppport for multiple Domains.
This commit is contained in:
parent
a4fde6972f
commit
bc22db3e1b
5 changed files with 79 additions and 32 deletions
|
@ -1,36 +1,51 @@
|
||||||
{ lib, ... }:
|
{ config, lib, ... }:
|
||||||
|
|
||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
{
|
let
|
||||||
|
cfg = config.machine;
|
||||||
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
../../options/machine.nix
|
../../options/machine.nix
|
||||||
|
../../options/mailman3/options.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
config.machine = {
|
config.machine = rec {
|
||||||
hostName = "CDServer";
|
hostName = "CDServer";
|
||||||
administrators = [ { name = "derped"; id = 1337; } ];
|
domain = "countdown-dresden.de";
|
||||||
allowUnfree = true;
|
extraDomains = [ "iz-ev.de" "clubduererstrasse.de" ];
|
||||||
|
administrators = [
|
||||||
|
{ name = "kevin"; id = 1337; }
|
||||||
|
{ name = "reinhold"; id= 1000; }
|
||||||
|
];
|
||||||
|
mailAccounts = import "${cfg.secretPath}/mailAccounts.nix";
|
||||||
|
allowUnfree = false;
|
||||||
conffiles = [
|
conffiles = [
|
||||||
"etcvars"
|
"etcvars"
|
||||||
# "security"
|
"security"
|
||||||
"zsh"
|
"zsh"
|
||||||
];
|
];
|
||||||
pkgs = [
|
pkgs = [
|
||||||
"base"
|
"base"
|
||||||
"emacs"
|
|
||||||
"server"
|
"server"
|
||||||
];
|
];
|
||||||
services = [
|
services = [
|
||||||
"docker"
|
"fail2ban"
|
||||||
# "fail2ban"
|
"gitea"
|
||||||
# "gitea"
|
"mailserver"
|
||||||
# "mailserver"
|
|
||||||
"cd-internes"
|
|
||||||
"mariaDB"
|
"mariaDB"
|
||||||
|
"nextcloud"
|
||||||
"nginx"
|
"nginx"
|
||||||
"openssh"
|
"openssh"
|
||||||
|
# "cd-internes"
|
||||||
|
# "docker"
|
||||||
];
|
];
|
||||||
|
vHosts = (flatten (map (base: [
|
||||||
|
{ domain = base; service = "simple"; }
|
||||||
|
{ domain = "storage.${base}"; service = "nextcloud"; }
|
||||||
|
{ domain = "mail.${base}"; service = "mail"; }
|
||||||
|
{ domain = "git.${base}"; service = "gitea"; }
|
||||||
|
]) ([ domain ] ++ extraDomains)));
|
||||||
firewall = {
|
firewall = {
|
||||||
enable = true;
|
enable = true;
|
||||||
allowPing = false;
|
allowPing = false;
|
||||||
|
@ -38,4 +53,22 @@ with lib;
|
||||||
allowedTCPPorts = [ 80 443 ];
|
allowedTCPPorts = [ 80 443 ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
config.services.mailman3 = {
|
||||||
|
enable = true;
|
||||||
|
site_owner = "derped@ophanim.de";
|
||||||
|
database = {
|
||||||
|
type = "mysql";
|
||||||
|
name = "mailman3";
|
||||||
|
user = "mailman3";
|
||||||
|
host = "localhost";
|
||||||
|
port = 3306;
|
||||||
|
passwordFile = "${cfg.secretPath}/mailman3_db";
|
||||||
|
};
|
||||||
|
mta = {
|
||||||
|
lmtp_host = "mail.ophanim.de";
|
||||||
|
smtp_host = "mail.ophanim.de";
|
||||||
|
smtp_user = "mailman3";
|
||||||
|
smtp_passFile = "${cfg.secretPath}/mailman3_mail";
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,8 +1,10 @@
|
||||||
{ lib, ... }:
|
{ config, lib, ... }:
|
||||||
|
|
||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
{
|
let
|
||||||
|
cfg = config.machine;
|
||||||
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
../../options/machine.nix
|
../../options/machine.nix
|
||||||
../../options/mailman3/options.nix
|
../../options/mailman3/options.nix
|
||||||
|
@ -10,9 +12,9 @@ with lib;
|
||||||
|
|
||||||
config.machine = rec {
|
config.machine = rec {
|
||||||
hostName = "Ophanim";
|
hostName = "Ophanim";
|
||||||
|
domain = "ophanim.de";
|
||||||
administrators = [ { name = "derped"; id = 1337; } ];
|
administrators = [ { name = "derped"; id = 1337; } ];
|
||||||
mailAccounts = [ { name = "derped"; aliases = [ "postmaster" ]; } { name = "mailman3"; aliases = []; } ];
|
mailAccounts = [ { name = "derped"; aliases = [ "postmaster" ]; } { name = "mailman3"; aliases = []; } ];
|
||||||
domain = "ophanim.de";
|
|
||||||
allowUnfree = true;
|
allowUnfree = true;
|
||||||
conffiles = [
|
conffiles = [
|
||||||
"etcvars"
|
"etcvars"
|
||||||
|
@ -32,7 +34,6 @@ with lib;
|
||||||
"nextcloud"
|
"nextcloud"
|
||||||
"nginx"
|
"nginx"
|
||||||
"openssh"
|
"openssh"
|
||||||
"webblog"
|
|
||||||
];
|
];
|
||||||
vHosts = (let base = domain; in [
|
vHosts = (let base = domain; in [
|
||||||
{ domain = base; service = "simple"; }
|
{ domain = base; service = "simple"; }
|
||||||
|
@ -58,13 +59,13 @@ with lib;
|
||||||
user = "mailman3";
|
user = "mailman3";
|
||||||
host = "localhost";
|
host = "localhost";
|
||||||
port = 3306;
|
port = 3306;
|
||||||
passwordFile = "/secret/mailman3_db";
|
passwordFile = "${cfg.secretPath}/mailman3_db";
|
||||||
};
|
};
|
||||||
mta = {
|
mta = {
|
||||||
lmtp_host = "mail.ophanim.de";
|
lmtp_host = "mail.ophanim.de";
|
||||||
smtp_host = "mail.ophanim.de";
|
smtp_host = "mail.ophanim.de";
|
||||||
smtp_user = "mailman3";
|
smtp_user = "mailman3";
|
||||||
smtp_passFile = "/secret/mailman3_mail";
|
smtp_passFile = "${cfg.secretPath}/mailman3_mail";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,26 +4,23 @@ with lib;
|
||||||
|
|
||||||
{
|
{
|
||||||
options.machine = {
|
options.machine = {
|
||||||
allowUnfree = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
description = ''
|
|
||||||
Wether to allow the installation of unfree packages.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
pkgs = mkOption {
|
pkgs = mkOption {
|
||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
|
default = [ "base" ];
|
||||||
description = ''
|
description = ''
|
||||||
The list of metapackages to be installed.
|
The list of metapackages to be installed.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
services = mkOption {
|
services = mkOption {
|
||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
|
default = [];
|
||||||
description = ''
|
description = ''
|
||||||
List of services to be enabled.
|
List of services to be enabled.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
conffiles = mkOption {
|
conffiles = mkOption {
|
||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
|
default = [ "zsh" ];
|
||||||
description = ''
|
description = ''
|
||||||
List of configuration files to be enabled.
|
List of configuration files to be enabled.
|
||||||
'';
|
'';
|
||||||
|
@ -54,14 +51,23 @@ with lib;
|
||||||
The Machines domain name.
|
The Machines domain name.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
extraDomains = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = [];
|
||||||
|
description = ''
|
||||||
|
Extra domains used in various services.
|
||||||
|
'';
|
||||||
|
};
|
||||||
mailAccounts = mkOption {
|
mailAccounts = mkOption {
|
||||||
type = types.listOf types.attrs;
|
type = types.listOf types.attrs;
|
||||||
|
default = [];
|
||||||
description = ''
|
description = ''
|
||||||
List of mail account user names.
|
List of mail account user names.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
vHosts = mkOption {
|
vHosts = mkOption {
|
||||||
type = types.listOf types.attrs;
|
type = types.listOf types.attrs;
|
||||||
|
default = [];
|
||||||
description = ''
|
description = ''
|
||||||
Domain - Service mappings for nginx vHost config.
|
Domain - Service mappings for nginx vHost config.
|
||||||
'';
|
'';
|
||||||
|
@ -74,5 +80,8 @@ with lib;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
imports = [(mkAliasOptionModule [ "machine" "firewall" ] [ "networking" "firewall" ])];
|
imports = [
|
||||||
|
(mkAliasOptionModule [ "machine" "firewall" ] [ "networking" "firewall" ])
|
||||||
|
(mkAliasOptionModule [ "machine" "allowUnfree" ] [ "nixpkgs" "config" "allowUnfree" ])
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,20 +5,23 @@ with lib;
|
||||||
mkIf (elem "mailserver" config.machine.services) {
|
mkIf (elem "mailserver" config.machine.services) {
|
||||||
mailserver = let
|
mailserver = let
|
||||||
cfg = config.machine;
|
cfg = config.machine;
|
||||||
domain = config.machine.domain;
|
domain = cfg.domain;
|
||||||
fdomain = (findFirst (s: s.service == "mail") cfg cfg.vHosts).domain;
|
fdomain = (findFirst (s: s.service == "mail") cfg cfg.vHosts).domain;
|
||||||
mkFqdnAlias = name: [ "${name}@${domain}" "${name}@${fdomain}" ];
|
mkFqdnAlias = name: [ "${name}@${domain}" "${name}@${fdomain}" ];
|
||||||
|
mkExDomAlias = name: (map (exDom: "${name}@${exDom}") cfg.extraDomains);
|
||||||
mkUser = user: rec {
|
mkUser = user: rec {
|
||||||
name = "${user.name}@${domain}";
|
name = "${user.name}@${domain}";
|
||||||
value = {
|
value = {
|
||||||
hashedPassword = (fileContents "${cfg.secretPath}/${user.name}.mail");
|
hashedPassword = (fileContents "${cfg.secretPath}/${user.name}.mail");
|
||||||
aliases = [ "${user.name}@${fdomain}" ] ++ (flatten (map mkFqdnAlias user.aliases));
|
aliases = [ "${user.name}@${fdomain}" ]
|
||||||
|
++ (flatten (map mkFqdnAlias user.aliases))
|
||||||
|
++ (flatten (map mkExDomAlias ([ user.name ] ++ user.aliases)));
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
in rec {
|
in rec {
|
||||||
enable = true;
|
enable = true;
|
||||||
fqdn = fdomain;
|
fqdn = fdomain;
|
||||||
domains = [ fdomain domain ];
|
domains = ([ fdomain domain ] ++ cfg.extraDomains);
|
||||||
loginAccounts = listToAttrs (map mkUser cfg.mailAccounts);
|
loginAccounts = listToAttrs (map mkUser cfg.mailAccounts);
|
||||||
|
|
||||||
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
||||||
|
|
|
@ -23,6 +23,7 @@ mkIf (elem "nextcloud" config.machine.services) {
|
||||||
dbpassFile = "${cfg.secretPath}/nextcloud_db";
|
dbpassFile = "${cfg.secretPath}/nextcloud_db";
|
||||||
dbname = "nextcloud";
|
dbname = "nextcloud";
|
||||||
dbtableprefix = "oc_";
|
dbtableprefix = "oc_";
|
||||||
|
extraTrustedDomains = cfg.extraDomains;
|
||||||
};
|
};
|
||||||
caching = {
|
caching = {
|
||||||
apcu = true;
|
apcu = true;
|
||||||
|
|
Loading…
Reference in a new issue