106 lines
2.9 KiB
Nix
106 lines
2.9 KiB
Nix
{
|
|
config,
|
|
modulesPath,
|
|
machine,
|
|
...
|
|
}: {
|
|
# zulip config
|
|
services.zulip = {
|
|
enable = true;
|
|
host = "chat.${config.networking.domain}";
|
|
camoKeyFile = builtins.toFile "camoKeyFile" "key";
|
|
rabbitmqPasswordFile = builtins.toFile "rabbitmqPasswordFile" "password";
|
|
secretKeyFile = builtins.toFile "secretKeyFile" "secret key";
|
|
sharedSecretKeyFile = builtins.toFile "sharedSecretKeyFile" "shared secret key";
|
|
avatarSaltKeyFile = builtins.toFile "avatarSaltKeyFile" "avatar salt key";
|
|
zulipSettings = {
|
|
EXTERNAL_HOST = "EXTERNAL_HOST";
|
|
ZULIP_ADMINISTRATOR = "ZULIP_ADMINISTRATOR";
|
|
};
|
|
};
|
|
|
|
# roundcube config
|
|
services.roundcube = {
|
|
enable = true;
|
|
hostName = "webmail.${config.networking.domain}";
|
|
extraConfig = ''
|
|
$config['imap_host'] = "ssl://${config.mailserver.fqdn}";
|
|
$config['smtp_host'] = "ssl://${config.mailserver.fqdn}";
|
|
$config['smtp_user'] = "%u";
|
|
$config['smtp_pass'] = "%p";
|
|
'';
|
|
};
|
|
|
|
# mailserver config
|
|
mailserver = {
|
|
enable = true;
|
|
stateVersion = 3;
|
|
fqdn = "mail.${config.networking.domain}";
|
|
domains = ["${config.networking.domain}"];
|
|
x509.useACMEHost = config.mailserver.fqdn;
|
|
loginAccounts = {
|
|
"test@${config.networking.domain}" = {
|
|
hashedPasswordFile = builtins.toString config.age.secrets.secret3.path;
|
|
};
|
|
};
|
|
};
|
|
|
|
# cert config
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "mtgmonket@gmail.com";
|
|
};
|
|
services.nginx = {
|
|
enable = true;
|
|
virtualHosts."mail.${config.networking.domain}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
};
|
|
};
|
|
|
|
# system config
|
|
system.stateVersion = "25.11";
|
|
nix.settings.experimental-features = ["flakes" "nix-command"];
|
|
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
|
|
fileSystems."/" = {
|
|
device = "/dev/sda1";
|
|
fsType = "ext4";
|
|
};
|
|
boot.loader.grub.device = "/dev/sda";
|
|
boot.loader.timeout = 30;
|
|
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
|
|
boot.initrd.kernelModules = ["nvme"];
|
|
boot.tmp.cleanOnBoot = true;
|
|
zramSwap.enable = true;
|
|
networking = {
|
|
useNetworkd = true;
|
|
usePredictableInterfaceNames = true;
|
|
hostName = machine.hostname;
|
|
domain = "galaxious.de";
|
|
firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [80 443];
|
|
allowedUDPPorts = [80 443];
|
|
};
|
|
};
|
|
systemd.network = {
|
|
enable = true;
|
|
networks."40-wan" = {
|
|
matchConfig.Name = "enx0050565f4fff";
|
|
address = ["2a02:c207:2299:8419::1/64" "109.199.104.83/20"];
|
|
routes = [
|
|
{
|
|
Gateway = "109.199.96.1";
|
|
GatewayOnLink = true;
|
|
}
|
|
{Gateway = "fe80::1";}
|
|
];
|
|
dns = ["2620:fe::fe" "9.9.9.9"];
|
|
};
|
|
};
|
|
services.openssh.enable = true;
|
|
users.mutableUsers = false;
|
|
users.users.root.openssh.authorizedKeys.keys = [config.pub-keys.ssh.andromeda];
|
|
programs.noshell.enable = true;
|
|
}
|