ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Feature email server (#14)

Browse Source 
* formatting

* update

* add mailserver

* flake update
This commit is contained in:
Dennis 2024-01-02 16:30:08 +01:00 committed by GitHub
parent 477b4cf466
commit db67a9d7e5
7 changed files with 113 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
flake.lock generated
View File

@ -1,5 +1,37 @@
{ {
"nodes": { "nodes": {
"blobs": {
"flake": false,
"locked": {
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"type": "gitlab"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": [ "systems": [
@ -27,11 +59,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1703838268, "lastModified": 1704100519,
"narHash": "sha256-SRg5nXcdPnrsQR2MTAp7en0NyJnQ2wB1ivmsgEbvN+o=", "narHash": "sha256-SgZC3cxquvwTN07vrYYT9ZkfvuhS5Y1k1F4+AMsuflc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "2aff324cf65f5f98f89d878c056b779466b17db8", "rev": "6e91c5df192395753d8e6d55a0352109cb559790",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -40,6 +72,37 @@
"type": "github" "type": "github"
} }
}, },
"mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-22_11": [
"nixpkgs"
],
"nixpkgs-23_05": [
"nixpkgs"
],
"utils": [
"flake-utils"
]
},
"locked": {
"lastModified": 1703666786,
"narHash": "sha256-SLPNpM/rI8XPyVJAxMYAe+n6NiYSpuXvdwPILHP4yZI=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "b5023b36a1f6628865cb42b4353bd2ddde0ea9f4",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"type": "gitlab"
}
},
"nix-pre-commit": { "nix-pre-commit": {
"inputs": { "inputs": {
"flake-utils": [ "flake-utils": [
@ -65,11 +128,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1703879120, "lastModified": 1704124233,
"narHash": "sha256-oMJ5xtDswlBWxs0DT/aYKEUIhjEpGZJ9GbIxOclYP8I=", "narHash": "sha256-lBHs/yUtkcGgapHRS31oOb5NqvnVrikvktGOW8rK+sE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "22ae59fec26591ef72ce4ccb5538c42c5f090fe3", "rev": "f752581d6723a10da7dfe843e917a3b5e4d8115a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -86,11 +149,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1703993012, "lastModified": 1704145058,
"narHash": "sha256-7sv9Rhgp+qJgYiuYGkqdgGwHUDoBWyVg+c1WQRMzYqw=", "narHash": "sha256-kWLGj+pGYXuVCJGqWiDOJfTLEXyTdSO01L1Sb+bTksw=",
"owner": "SuperSandro2000", "owner": "SuperSandro2000",
"repo": "nixos-modules", "repo": "nixos-modules",
"rev": "f7528ff523c545975df483b18a188e83102a44ae", "rev": "38c5ee92ba80129c31055d903438e2697e41322c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -101,11 +164,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1703637592, "lastModified": 1703961334,
"narHash": "sha256-8MXjxU0RfFfzl57Zy3OfXCITS0qWDNLzlBAdwxGZwfY=", "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "cfc3698c31b1fb9cdcf10f36c9643460264d0ca8", "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -135,6 +198,7 @@
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"home-manager": "home-manager", "home-manager": "home-manager",
"mailserver": "mailserver",
"nix-pre-commit": "nix-pre-commit", "nix-pre-commit": "nix-pre-commit",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixos-modules": "nixos-modules", "nixos-modules": "nixos-modules",

14
flake.nix
View File

@ -22,6 +22,16 @@
inputs.nixpkgs-lib.follows = "nixpkgs"; inputs.nixpkgs-lib.follows = "nixpkgs";
}; };
mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
inputs = {
nixpkgs.follows = "nixpkgs";
nixpkgs-22_11.follows = "nixpkgs";
nixpkgs-23_05.follows = "nixpkgs";
utils.follows = "flake-utils";
};
};
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -34,6 +44,7 @@
nixpkgs-stable.follows = "nixpkgs"; nixpkgs-stable.follows = "nixpkgs";
}; };
}; };
nix-pre-commit = { nix-pre-commit = {
url = "github:jmgilman/nix-pre-commit"; url = "github:jmgilman/nix-pre-commit";
inputs = { inputs = {
@ -43,7 +54,7 @@
}; };
}; };
outputs = { nixpkgs, nixos-modules, home-manager, sops-nix, nix-pre-commit, ... }@inputs: outputs = { nixpkgs, nixos-modules, home-manager, sops-nix, mailserver, nix-pre-commit, ... }@inputs:
let let
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
src = builtins.filterSource (path: type: type == "directory" || lib.hasSuffix ".nix" (baseNameOf path)) ./.; src = builtins.filterSource (path: type: type == "directory" || lib.hasSuffix ".nix" (baseNameOf path)) ./.;
@ -95,6 +106,7 @@
}) })
]; ];
} }
mailserver.nixosModules.mailserver
nixos-modules.nixosModule nixos-modules.nixosModule
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
sops-nix.nixosModules.sops sops-nix.nixosModules.sops

8
modules/boot.nix
View File

@ -1,12 +1,12 @@
{ config, lib, libS, ... }: { config, lib, libS, ... }:
let let
cfg = config.boot; cfg = config.boot;
in in
{ {
options = { options = {
boot = { boot = {
default = libS.mkOpinionatedOption "enable the boot builder"; default = libS.mkOpinionatedOption "enable the boot builder";
cpuType = lib.mkOption { cpuType = lib.mkOption {
type = lib.types.str; type = lib.types.str;
example = "amd"; example = "amd";

3
modules/fail2ban.nix
View File

@ -30,9 +30,10 @@ in
logpath = "/var/log/httpd/error_log*"; logpath = "/var/log/httpd/error_log*";
backend = "systemd"; backend = "systemd";
findtime = 600; findtime = 600;
bantime = 600; bantime = 600;
maxretry = 5; maxretry = 5;
}; };
dovecot = { dovecot = {
settings = { settings = {
filter = "dovecot[mode=aggressive]"; filter = "dovecot[mode=aggressive]";

9
modules/security.nix
View File

@ -3,11 +3,6 @@
{ {
config = { config = {
services = lib.mkIf config.services.gitea.enable { services = lib.mkIf config.services.gitea.enable {
fail2ban = {
enable = true;
};
openssh = { openssh = {
extraConfig = '' extraConfig = ''
Match User gitea Match User gitea
@ -23,5 +18,9 @@
RSA = 4095; RSA = 4095;
}; };
}; };
networking.firewall = lib.mkIf config.services.openssh.enable {
allowedTCPPorts = config.services.openssh.ports;
};
}; };
} }

8
systems/configuration.nix
View File

@ -1,4 +1,4 @@
{ lib, pkgs, ... }: { lib, pkgs, config, ... }:
{ {
i18n = { i18n = {
defaultLocale = "en_US.utf8"; defaultLocale = "en_US.utf8";
@ -17,16 +17,18 @@
useUserPackages = true; useUserPackages = true;
}; };
users.defaultUserShell = pkgs.zsh;
networking = { networking = {
firewall = { firewall = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
allowedTCPPorts = [ 22 ]; allowedTCPPorts = [ ];
}; };
}; };
services = { services = {
fail2ban = { fail2ban = {
enable = lib.mkDefault true; enable = lib.mkIf config.networking.firewall.enable (lib.mkDefault true);
recommendedDefaults = true; recommendedDefaults = true;
}; };

12
systems/jeeves-jr/hardware.nix
View File

@ -5,7 +5,8 @@
{ {
imports = imports =
[ (modulesPath + "/installer/scan/not-detected.nix") [
(modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
@ -14,18 +15,19 @@
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/c59f7261-ebab-4cc9-8f1d-3f4c2e4b1971"; {
device = "/dev/disk/by-uuid/c59f7261-ebab-4cc9-8f1d-3f4c2e4b1971";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/7295-A442"; {
device = "/dev/disk/by-uuid/7295-A442";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/9d4ef549-d426-489d-8332-0a49589c6aed"; } [{ device = "/dev/disk/by-uuid/9d4ef549-d426-489d-8332-0a49589c6aed"; }];
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's