Andromeda/conf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

stash

Browse Source
This commit is contained in:
andromeda
2026-01-06 14:52:34 +01:00
parent 0a7e0c699e
commit c9a5c521db
18 changed files with 228 additions and 155 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
modules/nixos/boot/109-199-104-83.nix Normal file
View File

@@ -0,0 +1,3 @@
{
boot.loader.grub.device = "/dev/sda";
}

16
modules/nixos/common.nix Normal file
View File

@@ -0,0 +1,16 @@
{config, ...}: {
# flakes usage
nix.settings.experimental-features = [
"flakes"
"nix-command"
];
# allows users to customize shell in `$XDG_CONFIG_HOME/shell` rather than
# needing /etc/shells. Useful for home-manager. Falls back.
programs.noshell.enable = true;
# cleans /tmp to maintain a tidy system
boot.tmp.cleanOnBoot = true;
networking.domain = config.networking.hostname;
}

30
modules/nixos/mailserver.nix Normal file
View File

@@ -0,0 +1,30 @@
{config, ...}: {
mailserver = {
enable = true;
stateVersion = 3;
fqdn = "mail.${config.networking.domain}";
domains = ["${config.networking.domain}"];
x509.useACMEHost = config.mailserver.fqdn;
loginAccounts = {
"test@${config.networking.domain}" = {
hashedPasswordFile = builtins.toString config.age.secrets.mailserver-acc-test-pw.path;
};
"admin@${config.networking.domain}" = {
hashedPasswordFile = builtins.toString config.age.secrets.mailserver-acc-admin-pw.path;
};
};
};
services.nginx = {
enable = true;
virtualHosts = {
"mail.${config.networking.domain}" = {
forceSSL = true;
enableACME = true;
};
};
};
security.acme = {
acceptTerms = true;
defaults.email = "mtgmonket@gmail.com";
};
}

3
modules/nixos/networking/domains/galaxious.de.nix Normal file
View File

@@ -0,0 +1,3 @@
{
networking.domain = "galaxious.de";
}

19
modules/nixos/networking/hard-ssh.nix Normal file
View File

@@ -0,0 +1,19 @@
{
services.openssh = {
enable = true;
allowSFTP = false;
ports = [5522];
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = true;
};
extraConfig = ''
AllowTcpForwarding no
AllowAgentForwarding no
MaxAuthTries 3
MaxSessions 4
TCPKeepAlive no
'';
};
}

27
modules/nixos/networking/networks/109-199-104-83.nix Normal file
View File

@@ -0,0 +1,27 @@
{
networking = {
useNetworkd = true;
usePredictableInterfaceNames = true;
hostName = "109-199-104-83";
firewall = {
enable = true;
allowedTCPPorts = [80 443];
allowedUDPPorts = [80 443];
};
};
systemd.network = {
enable = true;
networks."40-wan" = {
matchConfig.Name = "enx0050565f4fff";
address = ["2a02:c207:2299:8419::1/64" "109.199.104.83/20"];
routes = [
{
Gateway = "109.199.96.1";
GatewayOnLink = true;
}
{Gateway = "fe80::1";}
];
dns = ["2620:fe::fe" "9.9.9.9"];
};
};
}

3
modules/nixos/networking/ssh-as-root.nix Normal file
View File

@@ -0,0 +1,3 @@
{
services.openssh.settings.PermitRootLogin = "yes";
}

12
modules/nixos/roundcube.nix Normal file
View File

@@ -0,0 +1,12 @@
{config, ...}: {
services.roundcube = {
enable = true;
hostName = "webmail.${config.networking.domain}";
extraConfig = ''
$config['imap_host'] = "ssl://${config.mailserver.fqdn}";
$config['smtp_host'] = "ssl://${config.mailserver.fqdn}";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
};
}

67
modules/nixos/zulip.nix
View File

@@ -1,52 +1,23 @@
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [];
options.x = {
zulip = {
enable = true;
admin_email = lib.mkOption {
type = lib.types.str;
default = "admin+zulip@${config.networking.domain}";
};
integration = {
persistance.enable = lib.mkOption {
type = lib.types.bool;
description = "whether persistance is enabled";
default = lib.mkDefault false;
};
mailserver.enable = lib.mkOption {
type = lib.types.bool;
description = "creates simple-nixos-mailserver login automatically for admin user";
};
};
{config, ...}: {
imports = [
./mailserver.nix
];
services.zulip = {
enable = true;
host = "zulip.${config.networking.domain}";
camoKeyFile = builtins.toString config.age.secrets.zulip-camoKey.path;
rabbitmqPasswordFile = builtins.toString config.age.secrets.zulip-rabbitmqPassword.path;
secretKeyFile = builtins.toString config.age.secrets.zulip-secretKey.path;
sharedSecretKeyFile = builtins.toString config.age.secrets.zulip-sharedSecretKey.path;
avatarSaltKeyFile = builtins.toString config.age.secrets.zulip-avatarSaltKey.path;
zulipSettings = {
ZULIP_ADMINISTRATOR = "admin+zulip@${config.networking.domain}";
EXTERNAL_HOST = "chat.${config.networking.domain}";
};
};
config = let
cfg = config.x.zulip;
in
lib.mkIf cfg.enable {
services.zulip = {
enable = true;
host = "zulip.${config.networking.domain}";
camoKeyFile = builtins.toString config.age.secrets.zulip-camoKey.path;
rabbitmqPasswordFile = builtins.toString config.age.secrets.zulip-rabbitmqPassword.path;
secretKeyFile = builtins.toString config.age.secrets.zulip-secretKey.path;
sharedSecretKeyFile = builtins.toString config.age.secrets.zulip-sharedSecretKey.path;
avatarSaltKeyFile = builtins.toString config.age.secrets.zulip-avatarSaltKey.path;
zulipSettings = {
ZULIP_ADMINISTRATOR = cfg.admin_email;
EXTERNAL_HOST = "chat.${config.networking.domain}";
};
};
services.mailserver.loginAccounts = lib.mkIf cfg.integration.mailserver.enable {
"admin+zulip@${config.networking.domain}" = {
hashedPasswordFile = builtins.toString config.age.secrets.secret3.path;
};
};
mailserver.loginAccounts = {
"zulip+admin@${config.networking.domain}" = {
hashedPasswordFile = builtins.toString config.age.secrets."mailserver-acc-zulip+admin-pw".path;
};
};
}