From db67a9d7e59c9ced93331733805e016a8f117a21 Mon Sep 17 00:00:00 2001
From: Dennis <52411861+DerDennisOP@users.noreply.github.com>
Date: Tue, 2 Jan 2024 16:30:08 +0100
Subject: [PATCH] Feature email server (#14)

* formatting

* update

* add mailserver

* flake update
---
 flake.lock                     | 88 +++++++++++++++++++++++++++++-----
 flake.nix                      | 14 +++++-
 modules/boot.nix               |  8 ++--
 modules/fail2ban.nix           |  5 +-
 modules/security.nix           | 11 ++---
 systems/configuration.nix      |  8 ++--
 systems/jeeves-jr/hardware.nix | 12 +++--
 7 files changed, 113 insertions(+), 33 deletions(-)

diff --git a/flake.lock b/flake.lock
index af24457..d477660 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,37 @@
 {
   "nodes": {
+    "blobs": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1604995301,
+        "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
+        "owner": "simple-nixos-mailserver",
+        "repo": "blobs",
+        "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "simple-nixos-mailserver",
+        "repo": "blobs",
+        "type": "gitlab"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1668681692,
+        "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "009399224d5e398d03b22badca40a37ac85412a1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
     "flake-utils": {
       "inputs": {
         "systems": [
@@ -27,11 +59,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1703838268,
-        "narHash": "sha256-SRg5nXcdPnrsQR2MTAp7en0NyJnQ2wB1ivmsgEbvN+o=",
+        "lastModified": 1704100519,
+        "narHash": "sha256-SgZC3cxquvwTN07vrYYT9ZkfvuhS5Y1k1F4+AMsuflc=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "2aff324cf65f5f98f89d878c056b779466b17db8",
+        "rev": "6e91c5df192395753d8e6d55a0352109cb559790",
         "type": "github"
       },
       "original": {
@@ -40,6 +72,37 @@
         "type": "github"
       }
     },
+    "mailserver": {
+      "inputs": {
+        "blobs": "blobs",
+        "flake-compat": "flake-compat",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-22_11": [
+          "nixpkgs"
+        ],
+        "nixpkgs-23_05": [
+          "nixpkgs"
+        ],
+        "utils": [
+          "flake-utils"
+        ]
+      },
+      "locked": {
+        "lastModified": 1703666786,
+        "narHash": "sha256-SLPNpM/rI8XPyVJAxMYAe+n6NiYSpuXvdwPILHP4yZI=",
+        "owner": "simple-nixos-mailserver",
+        "repo": "nixos-mailserver",
+        "rev": "b5023b36a1f6628865cb42b4353bd2ddde0ea9f4",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "simple-nixos-mailserver",
+        "repo": "nixos-mailserver",
+        "type": "gitlab"
+      }
+    },
     "nix-pre-commit": {
       "inputs": {
         "flake-utils": [
@@ -65,11 +128,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1703879120,
-        "narHash": "sha256-oMJ5xtDswlBWxs0DT/aYKEUIhjEpGZJ9GbIxOclYP8I=",
+        "lastModified": 1704124233,
+        "narHash": "sha256-lBHs/yUtkcGgapHRS31oOb5NqvnVrikvktGOW8rK+sE=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "22ae59fec26591ef72ce4ccb5538c42c5f090fe3",
+        "rev": "f752581d6723a10da7dfe843e917a3b5e4d8115a",
         "type": "github"
       },
       "original": {
@@ -86,11 +149,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1703993012,
-        "narHash": "sha256-7sv9Rhgp+qJgYiuYGkqdgGwHUDoBWyVg+c1WQRMzYqw=",
+        "lastModified": 1704145058,
+        "narHash": "sha256-kWLGj+pGYXuVCJGqWiDOJfTLEXyTdSO01L1Sb+bTksw=",
         "owner": "SuperSandro2000",
         "repo": "nixos-modules",
-        "rev": "f7528ff523c545975df483b18a188e83102a44ae",
+        "rev": "38c5ee92ba80129c31055d903438e2697e41322c",
         "type": "github"
       },
       "original": {
@@ -101,11 +164,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1703637592,
-        "narHash": "sha256-8MXjxU0RfFfzl57Zy3OfXCITS0qWDNLzlBAdwxGZwfY=",
+        "lastModified": 1703961334,
+        "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "cfc3698c31b1fb9cdcf10f36c9643460264d0ca8",
+        "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
         "type": "github"
       },
       "original": {
@@ -135,6 +198,7 @@
       "inputs": {
         "flake-utils": "flake-utils",
         "home-manager": "home-manager",
+        "mailserver": "mailserver",
         "nix-pre-commit": "nix-pre-commit",
         "nixos-hardware": "nixos-hardware",
         "nixos-modules": "nixos-modules",
diff --git a/flake.nix b/flake.nix
index f76264d..3065098 100644
--- a/flake.nix
+++ b/flake.nix
@@ -22,6 +22,16 @@
       inputs.nixpkgs-lib.follows = "nixpkgs";
     };
 
+    mailserver = {
+      url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        nixpkgs-22_11.follows = "nixpkgs";
+        nixpkgs-23_05.follows = "nixpkgs";
+        utils.follows = "flake-utils";
+      };
+    };
+
     home-manager = {
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -34,6 +44,7 @@
         nixpkgs-stable.follows = "nixpkgs";
       };
     };
+
     nix-pre-commit = {
       url = "github:jmgilman/nix-pre-commit";
       inputs = {
@@ -43,7 +54,7 @@
     };
   };
 
-  outputs = { nixpkgs, nixos-modules, home-manager, sops-nix, nix-pre-commit, ... }@inputs:
+  outputs = { nixpkgs, nixos-modules, home-manager, sops-nix, mailserver, nix-pre-commit, ... }@inputs:
     let
       inherit (nixpkgs) lib;
       src = builtins.filterSource (path: type: type == "directory" || lib.hasSuffix ".nix" (baseNameOf path)) ./.;
@@ -95,6 +106,7 @@
                     })
                   ];
                 }
+                mailserver.nixosModules.mailserver
                 nixos-modules.nixosModule
                 home-manager.nixosModules.home-manager
                 sops-nix.nixosModules.sops
diff --git a/modules/boot.nix b/modules/boot.nix
index ab84933..09f2284 100644
--- a/modules/boot.nix
+++ b/modules/boot.nix
@@ -1,12 +1,12 @@
 { config, lib, libS, ... }:
 
 let
-cfg = config.boot;
+  cfg = config.boot;
 in
 {
-options = {
-  boot = {
-    default = libS.mkOpinionatedOption "enable the boot builder";
+  options = {
+    boot = {
+      default = libS.mkOpinionatedOption "enable the boot builder";
       cpuType = lib.mkOption {
         type = lib.types.str;
         example = "amd";
diff --git a/modules/fail2ban.nix b/modules/fail2ban.nix
index afe79cd..3f7ce53 100644
--- a/modules/fail2ban.nix
+++ b/modules/fail2ban.nix
@@ -30,9 +30,10 @@ in
         logpath = "/var/log/httpd/error_log*";
         backend = "systemd";
         findtime = 600;
-        bantime  = 600;
+        bantime = 600;
         maxretry = 5;
       };
+
       dovecot = {
         settings = {
           filter = "dovecot[mode=aggressive]";
@@ -41,4 +42,4 @@ in
       };
     };
   };
-}
\ No newline at end of file
+}
diff --git a/modules/security.nix b/modules/security.nix
index 1da8dcb..fd5801b 100644
--- a/modules/security.nix
+++ b/modules/security.nix
@@ -3,11 +3,6 @@
 {
   config = {
     services = lib.mkIf config.services.gitea.enable {
-      fail2ban = {
-        enable = true;
-        
-      };
-
       openssh = {
         extraConfig = ''
           Match User gitea
@@ -23,5 +18,9 @@
         RSA = 4095;
       };
     };
+
+    networking.firewall = lib.mkIf config.services.openssh.enable {
+      allowedTCPPorts = config.services.openssh.ports;
+    };
   };
-}
\ No newline at end of file
+}
diff --git a/systems/configuration.nix b/systems/configuration.nix
index 2561d8d..0815e35 100644
--- a/systems/configuration.nix
+++ b/systems/configuration.nix
@@ -1,4 +1,4 @@
-{ lib, pkgs, ... }:
+{ lib, pkgs, config, ... }:
 {
   i18n = {
     defaultLocale = "en_US.utf8";
@@ -17,16 +17,18 @@
     useUserPackages = true;
   };
 
+  users.defaultUserShell = pkgs.zsh;
+
   networking = {
     firewall = {
       enable = lib.mkDefault true;
-      allowedTCPPorts = [ 22 ];
+      allowedTCPPorts = [ ];
     };
   };
 
   services = {
     fail2ban = {
-      enable = lib.mkDefault true;
+      enable = lib.mkIf config.networking.firewall.enable (lib.mkDefault true);
       recommendedDefaults = true;
     };
 
diff --git a/systems/jeeves-jr/hardware.nix b/systems/jeeves-jr/hardware.nix
index 5e39098..e3f4a72 100644
--- a/systems/jeeves-jr/hardware.nix
+++ b/systems/jeeves-jr/hardware.nix
@@ -5,7 +5,8 @@
 
 {
   imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
     ];
 
   boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
@@ -14,18 +15,19 @@
   boot.extraModulePackages = [ ];
 
   fileSystems."/" =
-    { device = "/dev/disk/by-uuid/c59f7261-ebab-4cc9-8f1d-3f4c2e4b1971";
+    {
+      device = "/dev/disk/by-uuid/c59f7261-ebab-4cc9-8f1d-3f4c2e4b1971";
       fsType = "ext4";
     };
 
   fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/7295-A442";
+    {
+      device = "/dev/disk/by-uuid/7295-A442";
       fsType = "vfat";
     };
 
   swapDevices =
-    [ { device = "/dev/disk/by-uuid/9d4ef549-d426-489d-8332-0a49589c6aed"; }
-    ];
+    [{ device = "/dev/disk/by-uuid/9d4ef549-d426-489d-8332-0a49589c6aed"; }];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's