ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Feature email server (#14)

Browse Source 
* formatting

* update

* add mailserver

* flake update
This commit is contained in:
Dennis 2024-01-02 16:30:08 +01:00 committed by GitHub
parent 477b4cf466
commit db67a9d7e5
7 changed files with 113 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
flake.lock generated
View File

@ -1,5 +1,37 @@
{
"nodes": {
"blobs": {
"flake": false,
"locked": {
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"type": "gitlab"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": [
@ -27,11 +59,11 @@
]
},
"locked": {
"lastModified": 1703838268,
"narHash": "sha256-SRg5nXcdPnrsQR2MTAp7en0NyJnQ2wB1ivmsgEbvN+o=",
"lastModified": 1704100519,
"narHash": "sha256-SgZC3cxquvwTN07vrYYT9ZkfvuhS5Y1k1F4+AMsuflc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2aff324cf65f5f98f89d878c056b779466b17db8",
"rev": "6e91c5df192395753d8e6d55a0352109cb559790",
"type": "github"
},
"original": {
@ -40,6 +72,37 @@
"type": "github"
}
},
"mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-22_11": [
"nixpkgs"
],
"nixpkgs-23_05": [
"nixpkgs"
],
"utils": [
"flake-utils"
]
},
"locked": {
"lastModified": 1703666786,
"narHash": "sha256-SLPNpM/rI8XPyVJAxMYAe+n6NiYSpuXvdwPILHP4yZI=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "b5023b36a1f6628865cb42b4353bd2ddde0ea9f4",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"type": "gitlab"
}
},
"nix-pre-commit": {
"inputs": {
"flake-utils": [
@ -65,11 +128,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1703879120,
"narHash": "sha256-oMJ5xtDswlBWxs0DT/aYKEUIhjEpGZJ9GbIxOclYP8I=",
"lastModified": 1704124233,
"narHash": "sha256-lBHs/yUtkcGgapHRS31oOb5NqvnVrikvktGOW8rK+sE=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "22ae59fec26591ef72ce4ccb5538c42c5f090fe3",
"rev": "f752581d6723a10da7dfe843e917a3b5e4d8115a",
"type": "github"
},
"original": {
@ -86,11 +149,11 @@
]
},
"locked": {
"lastModified": 1703993012,
"narHash": "sha256-7sv9Rhgp+qJgYiuYGkqdgGwHUDoBWyVg+c1WQRMzYqw=",
"lastModified": 1704145058,
"narHash": "sha256-kWLGj+pGYXuVCJGqWiDOJfTLEXyTdSO01L1Sb+bTksw=",
"owner": "SuperSandro2000",
"repo": "nixos-modules",
"rev": "f7528ff523c545975df483b18a188e83102a44ae",
"rev": "38c5ee92ba80129c31055d903438e2697e41322c",
"type": "github"
},
"original": {
@ -101,11 +164,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1703637592,
"narHash": "sha256-8MXjxU0RfFfzl57Zy3OfXCITS0qWDNLzlBAdwxGZwfY=",
"lastModified": 1703961334,
"narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "cfc3698c31b1fb9cdcf10f36c9643460264d0ca8",
"rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
"type": "github"
},
"original": {
@ -135,6 +198,7 @@
"inputs": {
"flake-utils": "flake-utils",
"home-manager": "home-manager",
"mailserver": "mailserver",
"nix-pre-commit": "nix-pre-commit",
"nixos-hardware": "nixos-hardware",
"nixos-modules": "nixos-modules",

14
flake.nix
View File

@ -22,6 +22,16 @@
inputs.nixpkgs-lib.follows = "nixpkgs";
};
mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
inputs = {
nixpkgs.follows = "nixpkgs";
nixpkgs-22_11.follows = "nixpkgs";
nixpkgs-23_05.follows = "nixpkgs";
utils.follows = "flake-utils";
};
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
@ -34,6 +44,7 @@
nixpkgs-stable.follows = "nixpkgs";
};
};
nix-pre-commit = {
url = "github:jmgilman/nix-pre-commit";
inputs = {
@ -43,7 +54,7 @@
};
};
outputs = { nixpkgs, nixos-modules, home-manager, sops-nix, nix-pre-commit, ... }@inputs:
outputs = { nixpkgs, nixos-modules, home-manager, sops-nix, mailserver, nix-pre-commit, ... }@inputs:
let
inherit (nixpkgs) lib;
src = builtins.filterSource (path: type: type == "directory" || lib.hasSuffix ".nix" (baseNameOf path)) ./.;
@ -95,6 +106,7 @@
})
];
}
mailserver.nixosModules.mailserver
nixos-modules.nixosModule
home-manager.nixosModules.home-manager
sops-nix.nixosModules.sops

8
modules/boot.nix
View File

@ -1,12 +1,12 @@
{ config, lib, libS, ... }:
let
cfg = config.boot;
cfg = config.boot;
in
{
options = {
boot = {
default = libS.mkOpinionatedOption "enable the boot builder";
options = {
boot = {
default = libS.mkOpinionatedOption "enable the boot builder";
cpuType = lib.mkOption {
type = lib.types.str;
example = "amd";

3
modules/fail2ban.nix
View File

@ -30,9 +30,10 @@ in
logpath = "/var/log/httpd/error_log*";
backend = "systemd";
findtime = 600;
bantime = 600;
bantime = 600;
maxretry = 5;
};
dovecot = {
settings = {
filter = "dovecot[mode=aggressive]";

9
modules/security.nix
View File

@ -3,11 +3,6 @@
{
config = {
services = lib.mkIf config.services.gitea.enable {
fail2ban = {
enable = true;
};
openssh = {
extraConfig = ''
Match User gitea
@ -23,5 +18,9 @@
RSA = 4095;
};
};
networking.firewall = lib.mkIf config.services.openssh.enable {
allowedTCPPorts = config.services.openssh.ports;
};
};
}

8
systems/configuration.nix
View File

@ -1,4 +1,4 @@
{ lib, pkgs, ... }:
{ lib, pkgs, config, ... }:
{
i18n = {
defaultLocale = "en_US.utf8";
@ -17,16 +17,18 @@
useUserPackages = true;
};
users.defaultUserShell = pkgs.zsh;
networking = {
firewall = {
enable = lib.mkDefault true;
allowedTCPPorts = [ 22 ];
allowedTCPPorts = [ ];
};
};
services = {
fail2ban = {
enable = lib.mkDefault true;
enable = lib.mkIf config.networking.firewall.enable (lib.mkDefault true);
recommendedDefaults = true;
};

12
systems/jeeves-jr/hardware.nix
View File

@ -5,7 +5,8 @@
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
@ -14,18 +15,19 @@
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/c59f7261-ebab-4cc9-8f1d-3f4c2e4b1971";
{
device = "/dev/disk/by-uuid/c59f7261-ebab-4cc9-8f1d-3f4c2e4b1971";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/7295-A442";
{
device = "/dev/disk/by-uuid/7295-A442";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/9d4ef549-d426-489d-8332-0a49589c6aed"; }
];
[{ device = "/dev/disk/by-uuid/9d4ef549-d426-489d-8332-0a49589c6aed"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's