fricloud/server-configs
2
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: fricloud:d95717941d38dbb557e384ba27494125951a7758
Branches Tags
fricloud:main
fricloud:rememberme
fricloud:proxy_images
fricloud:element
..
compare: fricloud:eb034b35d9d28c576f367f1d0ef62f707f8d26b9
Branches Tags
fricloud:main
fricloud:rememberme
fricloud:proxy_images
fricloud:element

No commits in common. "d95717941d38dbb557e384ba27494125951a7758" and "eb034b35d9d28c576f367f1d0ef62f707f8d26b9" have entirely different histories.
d95717941d ... eb034b35d9

5 changed files with 22 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

1
machines/gerd/services/lldap/default.nix
View file

@ -204,7 +204,6 @@ in {
in lib.concatStrings (cap parts);
in {
uid = "uid";
creationdate = "creationdate";
firstname = "givenName";
lastname = "sn";
email = "mail";

8
machines/gerd/services/stalwart/default.nix
View file

@ -7,13 +7,7 @@
mine.shared.meta.stalwart = {
name = "Stalwart Mail";
description = ''
We host our own mailserver, which can be reached on ${config.mine.shared.settings.mail.domain} with your LDAP username and password.
From here encryption-at-rest can be setup with either OpenPGP or S/MIME. Keep in mind, Change Password, Two-factor Auth and App Passwords
do not work, as we are using LDAP for authentication instead.
'';
url = "https://${config.mine.shared.settings.mail.domain}";
description = "We host our own mailserver, which can be reached on ${config.mine.shared.settings.mail.domain} with your LDAP username and password.";
package = let
pkg = config.services.stalwart-mail.package;

28
machines/gerd/services/stalwart/stalwart.nix
View file

@ -1,10 +1,7 @@
{ config, lib, pkgs, ... }:
let
svc_domain = "stalwart.${config.mine.shared.settings.domain}";
svc_domain_mail = "mail.${config.mine.shared.settings.domain}";
# TODO(eyJhb): in theory these domains are not used, they're just
# nice to have.. maybe.
svc_domain = "mail.${config.mine.shared.settings.domain}";
svc_domain_smtp = "smtp.${config.mine.shared.settings.domain}";
svc_domain_imap = "imap.${config.mine.shared.settings.domain}";
@ -30,7 +27,7 @@ in {
openFirewall = true;
settings = {
lookup.default.hostname = svc_domain_mail;
lookup.default.hostname = svc_domain;
store.db.path = "${stateDir}/db";
@ -75,15 +72,11 @@ in {
quota = lconfig.attr.membermaildiskquota;
class = "objectClass";
groups = "memberOf";
# we dont have access to this in lldap, and
# therefore we use secret-changed instead
# we dont have access to this in lldap
# secret = lconfig.attr.stalwart_secret;
# TODO(eyJhb): remove once LLDAP gets
# plugin support, so we can make a plugin
# that updates a attribute on password updates
# https://github.com/lldap/lldap/pull/1119
secret-changed = lconfig.attr.creationdate;
});
};
storage.directory = "ldap";
@ -94,7 +87,7 @@ in {
submissions = { bind = [ "[::]:${builtins.toString ports.submissions}"]; protocol = "smtp"; tls.implicit = true; };
imaptls = { bind = [ "[::]:${builtins.toString ports.imaptls}"]; protocol = "imap"; tls.implicit = true; };
management = { bind = [ "[::]:${builtins.toString ports.http_management}" ]; protocol = "http"; };
management = { bind = [ "127.0.0.1:${builtins.toString ports.http_management}" ]; protocol = "http"; };
};
certificate.domain = {
@ -146,19 +139,13 @@ in {
];
# setup certs
services.nginx.virtualHosts."${svc_domain_mail}" = {
services.nginx.virtualHosts."${svc_domain}" = {
forceSSL = true;
enableACME = true;
serverAliases = [ svc_domain_smtp svc_domain_imap ];
root = pkgs.writeTextDir "index.html" "Nothing.";
};
services.nginx.virtualHosts."${svc_domain}" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:${builtins.toString ports.http_management}";
};
# need to change group to stalwart-mail for cert + add nginx to stalwart-mail group to do HTTP ACME
users.users.nginx.extraGroups = [ stalwart_group ];
security.acme.certs."${svc_domain}" = {
@ -173,7 +160,6 @@ in {
mine.shared.settings.mail = {
domain = svc_domain;
domain_mail = svc_domain_mail;
domain_smtp = svc_domain_smtp;
domain_imap = svc_domain_imap;

22
shared/sources/default.nix
View file

@ -8,21 +8,19 @@ in sources // {
src = sources.nixpkgs;
name = "nixpkgs-patched";
patches = [
# stalwart-mail: 0.11.8 -> 0.12.0
(pkgs.fetchpatch {
url = "https://github.com/NixOS/nixpkgs/pull/409178.patch";
sha256 = "sha256-06J8pTjqeWTL6MJqVq17r3eelL5p/AfvUsPye5icVUg=";
})
# nixos/stalwart-mail: fix incorrect config for webadmin and spam-filter
(pkgs.fetchpatch {
url = "https://github.com/NixOS/nixpkgs/pull/412054.patch";
sha256 = "sha256-OExslGsrGGPWSJJFPkZgYV8DaPKq9YDlmozPf/bV6dE=";
})
# # tmp - lldap: 0.5.1-unstable-2024-10-30 -> 0.6.1
# (pkgs.fetchpatch {
# url = "https://github.com/NixOS/nixpkgs/pull/359835.patch";
# sha256 = "sha256-2C9l4v9MaUJyiaB+kslTsSjsqTZ7RlcfMNlRzZblMik=";
# })
# tmp - stalwart-mail.webadmin: pin wasm-bindgen-cli version
# (pkgs.fetchpatch {
# url = "https://github.com/NixOS/nixpkgs/pull/353360.patch";
# sha256 = "sha256-WPNnvVmtySyEk58kVIYWVx3VN8MhX4v2ITLLnUGhpz4=";
# })
];
};
# nixpkgs = pkgs.lib.cleanSource /state/home/projects/nixos/nixpkgs;
drasl = pkgs.applyPatches {
src = sources.drasl;
name = "drasl-patched";

8
shared/sources/sources.json
View file

@ -67,15 +67,15 @@
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"nixpkgs": {
"branch": "nixos-unstable",
"branch": "nixos-25.05",
"description": "Nix Packages collection",
"homepage": null,
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102",
"sha256": "064q32jmj54iwgh4lcdg2aii75cr5lvb683ym5pmj2kkj340pnpd",
"rev": "7282cb574e0607e65224d33be8241eae7cfe0979",
"sha256": "0klkpy7ah033y3cwj51a0l96lwmkqqvwgfv3kid4z9x5g2rqr0l5",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/96ec055edbe5ee227f28cdbc3f1ddf1df5965102.tar.gz",
"url": "https://github.com/NixOS/nixpkgs/archive/7282cb574e0607e65224d33be8241eae7cfe0979.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}
}