lukas/puter
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

remove mail

Browse source
This commit is contained in:
Lukas Wurzinger 2024-04-20 21:49:50 +02:00
parent b77f3edc41
commit d975f43b3e
17 changed files with 25 additions and 321 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
class/desktop/clipboard.nix
View file

@ -1,3 +0,0 @@
{pkgs, ...}: {
environment.systemPackages = [pkgs.wl-clipboard];
}

3
class/desktop/default.nix
View file

@ -1,7 +1,5 @@
{
imports = [
./clipboard.nix
./docker.nix
./flatpak.nix
./fonts.nix
./fs.nix
@ -15,7 +13,6 @@
./plasma.nix
./printing.nix
./syncthing.nix
./users.nix
./vm.nix
./wine.nix
];

3
class/desktop/docker.nix
View file

@ -1,3 +0,0 @@
{
virtualisation.docker.enable = true;
}

22
class/desktop/flatpak.nix
View file

@ -1,25 +1,3 @@
{
config,
pkgs,
...
}: {
# FIXME: This is unnecessary when https://github.com/NixOS/nixpkgs/pull/262462 is merged
system.fsPackages = [pkgs.bindfs];
fileSystems = let
mkRoSymBind = path: {
device = path;
fsType = "fuse.bindfs";
options = ["ro" "resolve-symlinks" "x-gvfs-hide"];
};
aggregatedFonts = pkgs.buildEnv {
name = "system-fonts";
paths = config.fonts.packages;
pathsToLink = ["/share/fonts"];
};
in {
"/usr/share/icons" = mkRoSymBind "/run/current-system/sw/share/icons";
"/usr/share/fonts" = mkRoSymBind (aggregatedFonts + "/share/fonts");
};
services.flatpak.enable = true;
}

2
class/desktop/neovide.nix
View file

@ -1,5 +1,5 @@
{pkgs, ...}: let
package = pkgs.neovide;
in {
environment.systemPackages = [package];
environment.systemPackages = [package pkgs.wl-clipboard];
}

15
class/desktop/users.nix
View file

@ -1,15 +0,0 @@
{config, ...}: {
age.secrets.user-guest.file = ../../secrets/user-guest.age;
users = {
groups.guest = {};
users.guest = {
isNormalUser = true;
hashedPasswordFile = config.age.secrets.user-guest.path;
extraGroups = ["wheel" "networkmanager" "gamemode"];
};
};
services.displayManager.hiddenUsers = ["guest"];
}

142
flake.lock
View file

@ -21,22 +21,6 @@
"type": "github"
}
},
"blobs": {
"flake": false,
"locked": {
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"type": "gitlab"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@ -83,22 +67,6 @@
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
@ -112,7 +80,7 @@
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_3": {
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
@ -188,7 +156,7 @@
},
"flake-utils": {
"inputs": {
"systems": "systems_3"
"systems": "systems_2"
},
"locked": {
"lastModified": 1701680307,
@ -206,7 +174,7 @@
},
"flake-utils_2": {
"inputs": {
"systems": "systems_4"
"systems": "systems_3"
},
"locked": {
"lastModified": 1710146030,
@ -247,11 +215,11 @@
},
"hardware": {
"locked": {
"lastModified": 1712909959,
"narHash": "sha256-7/5ubuwdEbQ7Z+Vqd4u0mM5L2VMNDsBh54visp27CtQ=",
"lastModified": 1713521961,
"narHash": "sha256-EwR8wW9AqJhSIY+0oxWRybUZ32BVKuZ9bjlRh8SJvQ8=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "f58b25254be441cd2a9b4b444ed83f1e51244f1f",
"rev": "5d48925b815fd202781bfae8fb6f45c07112fdb2",
"type": "github"
},
"original": {
@ -318,31 +286,10 @@
"type": "github"
}
},
"mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_2",
"utils": "utils"
},
"locked": {
"lastModified": 1710449465,
"narHash": "sha256-2orO8nfplp6uQJBFqKkj1iyNMC6TysmwbWwbb4osTag=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "79c8cfcd5873a85559da6201b116fb38b490d030",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"type": "gitlab"
}
},
"myvim": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_2",
"nixvim": "nixvim"
},
"locked": {
@ -435,17 +382,18 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1709703039,
"narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=",
"lastModified": 1712791164,
"narHash": "sha256-3sbWO1mbpWsLepZGbWaMovSO7ndZeFqDSdX0hZ9nVyw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d",
"rev": "1042fd8b148a9105f3c0aca3a6177fd1d9360ba5",
"type": "github"
},
"original": {
"id": "nixpkgs",
"owner": "NixOS",
"ref": "nixos-unstable",
"type": "indirect"
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
@ -466,27 +414,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1712791164,
"narHash": "sha256-3sbWO1mbpWsLepZGbWaMovSO7ndZeFqDSdX0hZ9nVyw=",
"lastModified": 1713537308,
"narHash": "sha256-XtTSSIB2DA6tOv+l0FhvfDMiyCmhoRbNB+0SeInZkbk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1042fd8b148a9105f3c0aca3a6177fd1d9360ba5",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1712791164,
"narHash": "sha256-3sbWO1mbpWsLepZGbWaMovSO7ndZeFqDSdX0hZ9nVyw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1042fd8b148a9105f3c0aca3a6177fd1d9360ba5",
"rev": "5c24cf2f0a12ad855f444c30b2421d044120c66f",
"type": "github"
},
"original": {
@ -499,11 +431,11 @@
"nixvim": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts_3",
"home-manager": "home-manager_2",
"nix-darwin": "nix-darwin",
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_3",
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
@ -522,7 +454,7 @@
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_2",
"gitignore": "gitignore",
"nixpkgs": [
@ -556,9 +488,8 @@
"flake-parts": "flake-parts",
"hardware": "hardware",
"impermanence": "impermanence",
"mailserver": "mailserver",
"myvim": "myvim",
"nixpkgs": "nixpkgs_5"
"nixpkgs": "nixpkgs_4"
}
},
"systems": {
@ -605,39 +536,6 @@
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1709126324,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",

2
flake.nix
View file

@ -7,7 +7,6 @@
hardware.url = "github:NixOS/nixos-hardware";
impermanence.url = "github:nix-community/impermanence";
agenix.url = "github:ryantm/agenix";
mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
myvim.url = "github:lukaswrz/myvim";
};
@ -29,7 +28,6 @@
modules = [
inputs.impermanence.nixosModules.impermanence
inputs.agenix.nixosModules.default
inputs.mailserver.nixosModule
./common
./class/${class}

4
hosts/abacus/default.nix
View file

@ -5,9 +5,7 @@
./atuin.nix
./conduit.nix
./forgejo.nix
./mailserver.nix
./navidrome.nix
./nextcloud.nix
./nginx.nix
./vaultwarden.nix
];
@ -38,7 +36,7 @@
};
security.acme = {
defaults.email = "lukasatwrzdotone@gmail.com";
defaults.email = "lukas@wrz.one";
acceptTerms = true;
};
}

59
hosts/abacus/mailserver.nix
View file

@ -1,59 +0,0 @@
{
config,
pkgs,
...
}: let
inherit (config.networking) domain fqdn;
wellKnownMtaSts = pkgs.writeText "" ''
version: STSv1
mode: enforce
mx: ${fqdn}
max_age: 86400
'';
in {
age.secrets.mail-lukas.file = ../../secrets/mail-lukas.age;
environment.persistence."/persist".directories = [
config.mailserver.dkimKeyDirectory
config.mailserver.mailDirectory
config.mailserver.sieveDirectory
];
mailserver = {
enable = true;
openFirewall = true;
inherit fqdn;
domains = [domain];
loginAccounts = {
"lukas@${domain}" = {
hashedPasswordFile = config.age.secrets.mail-lukas.path;
aliases = ["postmaster@${domain}" "vault@${domain}"];
};
};
certificateScheme = "acme-nginx";
};
# FIXME: This is unnecessary when https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/275 is closed
services.dovecot2.sieve.extensions = ["fileinto"];
services.nginx.virtualHosts."mta-sts.${domain}" = {
enableACME = true;
forceSSL = true;
quic = true;
locations = {
"/".return = "404";
"=/.well-known/mta-sts.txt" = {
alias = wellKnownMtaSts;
extraConfig = ''
default_type text/plain;
'';
};
};
};
}

53
hosts/abacus/nextcloud.nix
View file

@ -1,53 +0,0 @@
{
config,
pkgs,
...
}: {
age.secrets.nextcloud-lukas = {
file = ../../secrets/nextcloud-lukas.age;
owner = "nextcloud";
group = "nextcloud";
};
services.nextcloud = {
enable = true;
package = pkgs.nextcloud28;
hostName = "cloud.${config.networking.domain}";
https = true;
configureRedis = true;
# TODO: news
extraApps = {
inherit
(config.services.nextcloud.package.packages.apps)
bookmarks
calendar
contacts
deck
forms
mail
maps
notes
phonetrack
tasks
;
};
extraAppsEnable = true;
database.createLocally = true;
config = {
dbtype = "pgsql";
adminuser = "lukas";
adminpassFile = config.age.secrets.nextcloud-lukas.path;
};
};
services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
enableACME = true;
forceSSL = true;
quic = true;
};
}

4
part
View file

@ -53,8 +53,8 @@ fi
blkdev=$1
sfdisk --label gpt --quiet -- "$blkdev" <<EOF
,512M,C12A7328-F81F-11D2-BA4B-00A0C93EC93B;
,,0FC63DAF-8483-4772-8E79-3D69D8477DE4;
,512M,U;
,,L;
EOF
parts=()

2
pubkeys.nix
View file

@ -10,7 +10,7 @@ let
vessel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKkYcOb1JPNLTJtob1TcuC08cH9P2APAhLR26RYd573d";
flamingo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIInV+UpCZhoTwgkgnCzCPEu3TD5b5mu6tagRslljrFJ/";
};
in {
in {
inherit users hosts;
desktops = {

9
secrets/mail-lukas.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 SFHVrw 9+APWz/u61v8zE6auzspntqrKNdCFb7fZPFMIdOBx0E
KMMD8n0klfeMN41AHX7sgXOdjI4eCgODKpkaFBkiesQ
-> ssh-ed25519 S+dwQQ nPqPcy5Ksk6W14xacleMie+mNKInhdlOcjtb3iEaSDU
IB7VAISMPvD8goodgcahuCab5r59zD/O3fKAePLBKAc
-> ssh-ed25519 ffmsLw Rf4/ibog+At3JqyvQkkXKAsmhkK6/8wWeMSrwsJzGSs
To4HRcE12BiFQZp1z+dT9DiE24LxJdFVxYZUalstfgo
--- dnS4XgHvGt9ZROAl+daSLO4VDj8ihnJenDNvfG43zFA
Ä•hƒqêËA #!ÞVÖ9T5Ó±KÓr¤uk¶t¬Ušªq<C2AA>\/W¶%ßFXó®R¶DYZx—ù+7SïwAQÛhÄrTz+8B>*üÑâ¬,»$+Efa…Al

9
secrets/nextcloud-lukas.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 SFHVrw 6oAZL86Esb8hewQ6ylGb7k0RsQlJoQbwyHDB8cEiVH0
TvD14WLXzxCvDb1/iWljWNgR+qF0yjwlSLZ06HoNh9I
-> ssh-ed25519 S+dwQQ KoANzMyOZKHMFBg+nqblxAP+bWKGXceexVYUbExu80s
kUIcinUKIvPuBlFgnPKIomq+yk9P8GnjsujM63+Hm68
-> ssh-ed25519 ffmsLw Ad9EVWmpxhiAaREltE2J7APUn/NeNg9tw8vG8yeC3HU
R26AmfZEq1Q0qKJ4npuQV5Yc/aIKJMiP68/Rd8l7lDg
--- Y3yFHxXo16Z9hQVFdDut04ioZ0H4x4YUy/SBGn8+MWw
[Œ@<40>ƒ/õ1᢬Û[7RM,Bµ7A˜„_ÒiQ<69>õ'µ@ø<x“ØMø2Ò*

3
secrets/secrets.nix
View file

@ -1,8 +1,5 @@
with import ../pubkeys.nix; {
"user-lukas.age".publicKeys = (builtins.attrValues users) ++ (builtins.attrValues hosts);
"user-guest.age".publicKeys = (builtins.attrValues users) ++ (builtins.attrValues desktops);
"mail-lukas.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
"vaultwarden.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
"nextcloud-lukas.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
"restic-vessel.age".publicKeys = (builtins.attrValues users) ++ [hosts.vessel];
}

11
secrets/user-guest.age
View file

@ -1,11 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 SFHVrw DCt2GZWNEMSghE2UN3bXoILlWnuJcwyC/NZeMq02CAc
+QUTcHu/7xuzWjwveWAlGvsI2cO47uGwR4BSvOLtjjs
-> ssh-ed25519 S+dwQQ 6rAan8TWKoUaAhBHpNsMkVo2p+Lgz0ZoQmxFEaNTSHU
PdiHcuv08y1iOlaLFVpSwd3Hhf2eVkhmAk+ERUgQcck
-> ssh-ed25519 d2fKsw JVyjUdSyNjZwm+YT6ADU9NdtdB/b4BRXvNeY1Rf3j2E
vMSNQGFCbIsK+QvurnxSk+bOhGAT0auQGUGi61Xu718
-> ssh-ed25519 US6ATA 1P9NLhIOtAfIDoPkFhvcXKmABtKeT/DwcnpAKnZOFm8
E4JXWldgwLJpVHObEL8x5WILVyXCwCzM3KUwtkitG6w
--- b838whGkA7DIZ58mqtWg/LYmXwSNNDBTLuRcsSwXQWg
ð<EFBFBD>GQßÿhÜtà‰YP6xŸ ¿[ôõ)YUgêáy¾ŒgÒ´¹WÄ¥ºÿÏi<E280B9>î¢LiákÏŸÀ;”<>Œâý¼‡V¥<56>/EU²ÑDKU®meų¡™¾„ïcÀ„o[öàìêCOí¾ë