diff --git a/config/default.nix b/config/default.nix index 5a5abf4..911e682 100644 --- a/config/default.nix +++ b/config/default.nix @@ -10,6 +10,7 @@ inputs.disko.nixosModules.disko inputs.elewrap.nixosModules.default inputs.home-manager.nixosModules.default + inputs.idmail.nixosModules.default inputs.impermanence.nixosModules.impermanence inputs.nix-topology.nixosModules.default inputs.nixos-extra-modules.nixosModules.default diff --git a/config/users.nix b/config/users.nix index 3fe82f2..eca8b61 100644 --- a/config/users.nix +++ b/config/users.nix @@ -34,5 +34,6 @@ minecraft = uidGid 975; stalwart-mail = uidGid 974; netbird-home = uidGid 973; + idmail = uidGid 972; }; } diff --git a/flake.lock b/flake.lock index 1c90ffe..99cccf1 100644 --- a/flake.lock +++ b/flake.lock @@ -202,6 +202,23 @@ "type": "github" } }, + "crane_2": { + "flake": false, + "locked": { + "lastModified": 1699217310, + "narHash": "sha256-xpW3VFUG7yE6UE6Wl0dhqencuENSkV7qpnpe9I8VbPw=", + "owner": "ipetkov", + "repo": "crane", + "rev": "d535642bbe6f377077f7c23f0febb78b1463f449", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "ref": "v0.15.0", + "repo": "crane", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -290,7 +307,29 @@ }, "devshell_3": { "inputs": { - "flake-utils": "flake-utils_6", + "flake-utils": "flake-utils_5", + "nixpkgs": [ + "idmail", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717408969, + "narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=", + "owner": "numtide", + "repo": "devshell", + "rev": "1ebbe68d57457c8cae98145410b164b5477761f4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "devshell_4": { + "inputs": { + "flake-utils": "flake-utils_7", "nixpkgs": [ "nix-topology", "nixpkgs" @@ -310,13 +349,13 @@ "type": "github" } }, - "devshell_4": { + "devshell_5": { "inputs": { "nixpkgs": [ "nixos-extra-modules", "nixpkgs" ], - "systems": "systems_10" + "systems": "systems_11" }, "locked": { "lastModified": 1701787589, @@ -332,9 +371,9 @@ "type": "github" } }, - "devshell_5": { + "devshell_6": { "inputs": { - "flake-utils": "flake-utils_9", + "flake-utils": "flake-utils_10", "nixpkgs": [ "nixvim", "nixpkgs" @@ -354,9 +393,9 @@ "type": "github" } }, - "devshell_6": { + "devshell_7": { "inputs": { - "flake-utils": "flake-utils_10", + "flake-utils": "flake-utils_11", "nixpkgs": [ "whisper-overlay", "nixpkgs" @@ -396,6 +435,30 @@ "type": "github" } }, + "dream2nix": { + "inputs": { + "nixpkgs": [ + "idmail", + "nci", + "nixpkgs" + ], + "purescript-overlay": "purescript-overlay", + "pyproject-nix": "pyproject-nix" + }, + "locked": { + "lastModified": 1721316623, + "narHash": "sha256-WmPX3r0YtUxvcQmTgvNld2xJooWr4f/+5dURiw7/3zc=", + "owner": "nix-community", + "repo": "dream2nix", + "rev": "4e9fd61a1201f4b3800d6946810a6b4c2ecdcde8", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "dream2nix", + "type": "github" + } + }, "elewrap": { "inputs": { "advisory-db": "advisory-db", @@ -436,6 +499,22 @@ "type": "github" } }, + "flake-compat_10": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-compat_2": { "flake": false, "locked": { @@ -485,6 +564,22 @@ } }, "flake-compat_5": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_6": { "flake": false, "locked": { "lastModified": 1673956053, @@ -500,7 +595,7 @@ "type": "github" } }, - "flake-compat_6": { + "flake-compat_7": { "locked": { "lastModified": 1696426674, "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", @@ -514,7 +609,7 @@ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" } }, - "flake-compat_7": { + "flake-compat_8": { "flake": false, "locked": { "lastModified": 1696426674, @@ -530,30 +625,14 @@ "type": "github" } }, - "flake-compat_8": { - "flake": false, - "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-compat_9": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", "type": "github" }, "original": { @@ -581,6 +660,24 @@ } }, "flake-parts_2": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_2" + }, + "locked": { + "lastModified": 1719994518, + "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "nixvim", @@ -601,9 +698,9 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_4": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_2" + "nixpkgs-lib": "nixpkgs-lib_3" }, "locked": { "lastModified": 1717285511, @@ -619,9 +716,9 @@ "type": "github" } }, - "flake-parts_4": { + "flake-parts_5": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_3" + "nixpkgs-lib": "nixpkgs-lib_4" }, "locked": { "lastModified": 1714641030, @@ -677,6 +774,24 @@ "inputs": { "systems": "systems_14" }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_12": { + "inputs": { + "systems": "systems_15" + }, "locked": { "lastModified": 1705309234, "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", @@ -750,11 +865,11 @@ "systems": "systems_7" }, "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "type": "github" }, "original": { @@ -768,11 +883,11 @@ "systems": "systems_8" }, "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "owner": "numtide", "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "type": "github" }, "original": { @@ -786,11 +901,11 @@ "systems": "systems_9" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "type": "github" }, "original": { @@ -801,14 +916,14 @@ }, "flake-utils_8": { "inputs": { - "systems": "systems_11" + "systems": "systems_10" }, "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -857,7 +972,7 @@ "nixvim", "flake-compat" ], - "gitignore": "gitignore_5", + "gitignore": "gitignore_6", "nixpkgs": [ "nixvim", "nixpkgs" @@ -928,7 +1043,7 @@ "gitignore_3": { "inputs": { "nixpkgs": [ - "nix-topology", + "idmail", "pre-commit-hooks", "nixpkgs" ] @@ -948,6 +1063,28 @@ } }, "gitignore_4": { + "inputs": { + "nixpkgs": [ + "nix-topology", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_5": { "inputs": { "nixpkgs": [ "nixos-extra-modules", @@ -969,7 +1106,7 @@ "type": "github" } }, - "gitignore_5": { + "gitignore_6": { "inputs": { "nixpkgs": [ "nixvim", @@ -991,7 +1128,7 @@ "type": "github" } }, - "gitignore_6": { + "gitignore_7": { "inputs": { "nixpkgs": [ "pre-commit-hooks", @@ -1012,7 +1149,7 @@ "type": "github" } }, - "gitignore_7": { + "gitignore_8": { "inputs": { "nixpkgs": [ "whisper-overlay", @@ -1092,6 +1229,30 @@ "type": "github" } }, + "idmail": { + "inputs": { + "devshell": "devshell_3", + "flake-parts": "flake-parts_2", + "nci": "nci", + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit-hooks": "pre-commit-hooks_3" + }, + "locked": { + "lastModified": 1721997987, + "narHash": "sha256-Ck9CSO05AMNFI6e0QH0NnOC02cb8fSZ1r60XVSBBs10=", + "owner": "oddlama", + "repo": "idmail", + "rev": "a6516dbdabd7b1473936c9bf79a31ee5515095e6", + "type": "github" + }, + "original": { + "owner": "oddlama", + "repo": "idmail", + "type": "github" + } + }, "impermanence": { "locked": { "lastModified": 1719091691, @@ -1122,7 +1283,7 @@ }, "microvm": { "inputs": { - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_6", "nixpkgs": [ "nixpkgs" ], @@ -1142,6 +1303,46 @@ "type": "github" } }, + "mk-naked-shell": { + "flake": false, + "locked": { + "lastModified": 1681286841, + "narHash": "sha256-3XlJrwlR0nBiREnuogoa5i1b4+w/XPe0z8bbrJASw0g=", + "owner": "yusdacra", + "repo": "mk-naked-shell", + "rev": "7612f828dd6f22b7fb332cc69440e839d7ffe6bd", + "type": "github" + }, + "original": { + "owner": "yusdacra", + "repo": "mk-naked-shell", + "type": "github" + } + }, + "nci": { + "inputs": { + "crane": "crane_2", + "dream2nix": "dream2nix", + "mk-naked-shell": "mk-naked-shell", + "nixpkgs": "nixpkgs", + "parts": "parts", + "rust-overlay": "rust-overlay_2", + "treefmt": "treefmt" + }, + "locked": { + "lastModified": 1721628845, + "narHash": "sha256-bk3pvu9fkE7kueTRZXSY2SbZugjfaLscm3ealKzcV8E=", + "owner": "yusdacra", + "repo": "nix-cargo-integration", + "rev": "3aec989d85322ab28b5d8f742227f1bb97986f99", + "type": "github" + }, + "original": { + "owner": "yusdacra", + "repo": "nix-cargo-integration", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -1185,12 +1386,12 @@ }, "nix-topology": { "inputs": { - "devshell": "devshell_3", - "flake-utils": "flake-utils_7", + "devshell": "devshell_4", + "flake-utils": "flake-utils_8", "nixpkgs": [ "nixpkgs" ], - "pre-commit-hooks": "pre-commit-hooks_3" + "pre-commit-hooks": "pre-commit-hooks_4" }, "locked": { "lastModified": 1720814919, @@ -1223,13 +1424,13 @@ }, "nixos-extra-modules": { "inputs": { - "devshell": "devshell_4", - "flake-utils": "flake-utils_8", + "devshell": "devshell_5", + "flake-utils": "flake-utils_9", "lib-net": "lib-net", "nixpkgs": [ "nixpkgs" ], - "pre-commit-hooks": "pre-commit-hooks_4" + "pre-commit-hooks": "pre-commit-hooks_5" }, "locked": { "lastModified": 1720823772, @@ -1304,11 +1505,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1720957393, - "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", + "lastModified": 1721379653, + "narHash": "sha256-8MUgifkJ7lkZs3u99UDZMB4kbOxvMEXQZ31FO3SopZ0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", + "rev": "1d9c2c9b3e71b9ee663d11c5d298727dace8d374", "type": "github" }, "original": { @@ -1331,6 +1532,18 @@ } }, "nixpkgs-lib_2": { + "locked": { + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + } + }, + "nixpkgs-lib_3": { "locked": { "lastModified": 1717284937, "narHash": "sha256-lIbdfCsf8LMFloheeE6N31+BMIeixqyQWbSr2vk79EQ=", @@ -1342,7 +1555,7 @@ "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz" } }, - "nixpkgs-lib_3": { + "nixpkgs-lib_4": { "locked": { "lastModified": 1714640452, "narHash": "sha256-QBx10+k6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94=", @@ -1387,6 +1600,22 @@ } }, "nixpkgs-stable_3": { + "locked": { + "lastModified": 1720386169, + "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "194846768975b7ad2c4988bdb82572c00222c0d7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_4": { "locked": { "lastModified": 1710695816, "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", @@ -1402,7 +1631,7 @@ "type": "github" } }, - "nixpkgs-stable_4": { + "nixpkgs-stable_5": { "locked": { "lastModified": 1685801374, "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=", @@ -1418,7 +1647,7 @@ "type": "github" } }, - "nixpkgs-stable_5": { + "nixpkgs-stable_6": { "locked": { "lastModified": 1720386169, "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=", @@ -1434,7 +1663,7 @@ "type": "github" } }, - "nixpkgs-stable_6": { + "nixpkgs-stable_7": { "locked": { "lastModified": 1718447546, "narHash": "sha256-JHuXsrC9pr4kA4n7LuuPfWFJUVlDBVJ1TXDVpHEuUgM=", @@ -1451,6 +1680,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1720957393, + "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1706487304, "narHash": "sha256-LE8lVX28MV2jWJsidW13D2qrHU/RUUONendL2Q/WlJg=", @@ -1468,9 +1713,9 @@ }, "nixvim": { "inputs": { - "devshell": "devshell_5", - "flake-compat": "flake-compat_6", - "flake-parts": "flake-parts_2", + "devshell": "devshell_6", + "flake-compat": "flake-compat_7", + "flake-parts": "flake-parts_3", "git-hooks": "git-hooks", "home-manager": "home-manager_2", "nix-darwin": "nix-darwin", @@ -1493,6 +1738,28 @@ "type": "github" } }, + "parts": { + "inputs": { + "nixpkgs-lib": [ + "idmail", + "nci", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1719994518, + "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "pre-commit-hooks": { "inputs": { "flake-compat": "flake-compat", @@ -1552,68 +1819,13 @@ "pre-commit-hooks_3": { "inputs": { "flake-compat": "flake-compat_4", - "flake-utils": [ - "nix-topology", - "flake-utils" - ], "gitignore": "gitignore_3", "nixpkgs": [ - "nix-topology", + "idmail", "nixpkgs" ], "nixpkgs-stable": "nixpkgs-stable_3" }, - "locked": { - "lastModified": 1714478972, - "narHash": "sha256-q//cgb52vv81uOuwz1LaXElp3XAe1TqrABXODAEF6Sk=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "2849da033884f54822af194400f8dff435ada242", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, - "pre-commit-hooks_4": { - "inputs": { - "flake-compat": "flake-compat_5", - "flake-utils": [ - "nixos-extra-modules", - "flake-utils" - ], - "gitignore": "gitignore_4", - "nixpkgs": [ - "nixos-extra-modules", - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable_4" - }, - "locked": { - "lastModified": 1702456155, - "narHash": "sha256-I2XhXGAecdGlqi6hPWYT83AQtMgL+aa3ulA85RAEgOk=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "007a45d064c1c32d04e1b8a0de5ef00984c419bc", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, - "pre-commit-hooks_5": { - "inputs": { - "flake-compat": "flake-compat_7", - "gitignore": "gitignore_6", - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable_5" - }, "locked": { "lastModified": 1721042469, "narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=", @@ -1628,15 +1840,94 @@ "type": "github" } }, + "pre-commit-hooks_4": { + "inputs": { + "flake-compat": "flake-compat_5", + "flake-utils": [ + "nix-topology", + "flake-utils" + ], + "gitignore": "gitignore_4", + "nixpkgs": [ + "nix-topology", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_4" + }, + "locked": { + "lastModified": 1714478972, + "narHash": "sha256-q//cgb52vv81uOuwz1LaXElp3XAe1TqrABXODAEF6Sk=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "2849da033884f54822af194400f8dff435ada242", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_5": { + "inputs": { + "flake-compat": "flake-compat_6", + "flake-utils": [ + "nixos-extra-modules", + "flake-utils" + ], + "gitignore": "gitignore_5", + "nixpkgs": [ + "nixos-extra-modules", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_5" + }, + "locked": { + "lastModified": 1702456155, + "narHash": "sha256-I2XhXGAecdGlqi6hPWYT83AQtMgL+aa3ulA85RAEgOk=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "007a45d064c1c32d04e1b8a0de5ef00984c419bc", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "pre-commit-hooks_6": { "inputs": { - "flake-compat": "flake-compat_9", + "flake-compat": "flake-compat_8", "gitignore": "gitignore_7", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_6" + }, + "locked": { + "lastModified": 1721042469, + "narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "f451c19376071a90d8c58ab1a953c6e9840527fd", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks_7": { + "inputs": { + "flake-compat": "flake-compat_10", + "gitignore": "gitignore_8", "nixpkgs": [ "whisper-overlay", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_6" + "nixpkgs-stable": "nixpkgs-stable_7" }, "locked": { "lastModified": 1718879355, @@ -1652,6 +1943,47 @@ "type": "github" } }, + "purescript-overlay": { + "inputs": { + "nixpkgs": [ + "idmail", + "nci", + "dream2nix", + "nixpkgs" + ], + "slimlock": "slimlock" + }, + "locked": { + "lastModified": 1696022621, + "narHash": "sha256-eMjFmsj2G1E0Q5XiibUNgFjTiSz0GxIeSSzzVdoN730=", + "owner": "thomashoneyman", + "repo": "purescript-overlay", + "rev": "047c7933abd6da8aa239904422e22d190ce55ead", + "type": "github" + }, + "original": { + "owner": "thomashoneyman", + "repo": "purescript-overlay", + "type": "github" + } + }, + "pyproject-nix": { + "flake": false, + "locked": { + "lastModified": 1702448246, + "narHash": "sha256-hFg5s/hoJFv7tDpiGvEvXP0UfFvFEDgTdyHIjDVHu1I=", + "owner": "davhau", + "repo": "pyproject.nix", + "rev": "5a06a2697b228c04dd2f35659b4b659ca74f7aeb", + "type": "github" + }, + "original": { + "owner": "davhau", + "ref": "dream2nix", + "repo": "pyproject.nix", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -1661,6 +1993,7 @@ "elewrap": "elewrap", "flake-parts": "flake-parts", "home-manager": "home-manager", + "idmail": "idmail", "impermanence": "impermanence", "microvm": "microvm", "nix-index-database": "nix-index-database", @@ -1669,9 +2002,9 @@ "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixos-nftables-firewall": "nixos-nftables-firewall", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "nixvim": "nixvim", - "pre-commit-hooks": "pre-commit-hooks_5", + "pre-commit-hooks": "pre-commit-hooks_6", "stylix": "stylix", "whisper-overlay": "whisper-overlay", "wired-notify": "wired-notify" @@ -1705,9 +2038,25 @@ } }, "rust-overlay_2": { + "flake": false, + "locked": { + "lastModified": 1721614891, + "narHash": "sha256-1yGOh8w/yhWAZ2NJR9N/shQ1tx2n9fmGe0XrDE00i9U=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "424a759557ed4c01cf9dbbf79a714150d64a90ad", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_3": { "inputs": { - "flake-utils": "flake-utils_11", - "nixpkgs": "nixpkgs_2" + "flake-utils": "flake-utils_12", + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1715393623, @@ -1723,6 +2072,30 @@ "type": "github" } }, + "slimlock": { + "inputs": { + "nixpkgs": [ + "idmail", + "nci", + "dream2nix", + "purescript-overlay", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1688610262, + "narHash": "sha256-Wg0ViDotFWGWqKIQzyYCgayeH8s4U1OZcTiWTQYdAp4=", + "owner": "thomashoneyman", + "repo": "slimlock", + "rev": "b5c6cdcaf636ebbebd0a1f32520929394493f1a6", + "type": "github" + }, + "original": { + "owner": "thomashoneyman", + "repo": "slimlock", + "type": "github" + } + }, "spectrum": { "flake": false, "locked": { @@ -1748,7 +2121,7 @@ "base16-kitty": "base16-kitty", "base16-tmux": "base16-tmux", "base16-vim": "base16-vim", - "flake-compat": "flake-compat_8", + "flake-compat": "flake-compat_9", "gnome-shell": "gnome-shell", "home-manager": [ "home-manager" @@ -1861,6 +2234,21 @@ "type": "github" } }, + "systems_15": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -1981,6 +2369,28 @@ "type": "github" } }, + "treefmt": { + "inputs": { + "nixpkgs": [ + "idmail", + "nci", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1721458737, + "narHash": "sha256-wNXLQ/ATs1S4Opg1PmuNoJ+Wamqj93rgZYV3Di7kxkg=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "888bfb10a9b091d9ed2f5f8064de8d488f7b7c97", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -2004,12 +2414,12 @@ }, "whisper-overlay": { "inputs": { - "devshell": "devshell_6", - "flake-parts": "flake-parts_3", + "devshell": "devshell_7", + "flake-parts": "flake-parts_4", "nixpkgs": [ "nixpkgs" ], - "pre-commit-hooks": "pre-commit-hooks_6" + "pre-commit-hooks": "pre-commit-hooks_7" }, "locked": { "lastModified": 1719174892, @@ -2027,11 +2437,11 @@ }, "wired-notify": { "inputs": { - "flake-parts": "flake-parts_4", + "flake-parts": "flake-parts_5", "nixpkgs": [ "nixpkgs" ], - "rust-overlay": "rust-overlay_2" + "rust-overlay": "rust-overlay_3" }, "locked": { "lastModified": 1718525212, diff --git a/flake.nix b/flake.nix index adea651..673dae7 100644 --- a/flake.nix +++ b/flake.nix @@ -33,6 +33,11 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + idmail = { + url = "github:oddlama/idmail"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + impermanence.url = "github:nix-community/impermanence"; microvm = { diff --git a/hosts/envoy/default.nix b/hosts/envoy/default.nix index a37b1ff..f733639 100644 --- a/hosts/envoy/default.nix +++ b/hosts/envoy/default.nix @@ -12,7 +12,7 @@ ./acme.nix ./fs.nix ./net.nix - #./maddy.nix + ./idmail.nix ./stalwart-mail.nix ]; diff --git a/hosts/envoy/idmail.nix b/hosts/envoy/idmail.nix new file mode 100644 index 0000000..913c0d6 --- /dev/null +++ b/hosts/envoy/idmail.nix @@ -0,0 +1,42 @@ +{config, ...}: let + mailDomains = config.repo.secrets.global.domains.mail; + primaryDomain = mailDomains.primary; + idmailDomain = "alias.${primaryDomain}"; +in { + environment.persistence."/persist".directories = [ + { + directory = "/var/lib/idmail"; + user = "idmail"; + group = "idmail"; + mode = "0700"; + } + ]; + + globals.services.idmail.domain = idmailDomain; + globals.monitoring.http.idmail = { + url = "https://${idmailDomain}"; + expectedBodyRegex = "idmail"; + network = "internet"; + }; + + services.idmail.enable = true; + systemd.services.idmail.serviceConfig.RestartSec = "60"; # Retry every minute + + services.nginx = { + upstreams.idmail = { + servers."127.0.0.1:3000" = {}; + extraConfig = '' + zone idmail 64k; + keepalive 2; + ''; + }; + virtualHosts.${idmailDomain} = { + forceSSL = true; + useACMEWildcardHost = true; + locations."/" = { + proxyPass = "http://idmail"; + proxyWebsockets = true; + }; + }; + }; +} diff --git a/hosts/envoy/secrets/stalwart-admin-hash.age b/hosts/envoy/secrets/stalwart-admin-hash.age new file mode 100644 index 0000000..115841d --- /dev/null +++ b/hosts/envoy/secrets/stalwart-admin-hash.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> X25519 4dtyNzQ1aoj+se7IxhCnN9A8bOmhPxm3bibijfCNjVw +PoRE6VrM+shoneZJAS+Fh/kIjn9tX6mw9Kr2vD3xOSE +-> piv-p256 xqSe8Q AwvKCfsTHQh3Z05VZ3kRtaa90pqyR3tY+wKwwibfdvzF +dFjn+siQjWdhMVCGsiZyFNBykTrCIrHr9zt3aRxtSQc +-> A'xo-grease KM'D +4D/ij+JrWVbUTv75EljIaE8L9JhFP3Dz +--- inyuu2A3QIBGnRj8WyQKX8+XdVDBCmANdyaHkQ0ZS7s +_hu㳊P?I'Fi޶3et)E, 3rQX?mo՗YuHi907*ZH]z:Xz +oT3(D7 +@fUZ<η(ETG:sтƑ4<5Uޚ֪R*_`Bo \ No newline at end of file diff --git a/nix/hosts.nix b/nix/hosts.nix index 8544745..e51ab3d 100644 --- a/nix/hosts.nix +++ b/nix/hosts.nix @@ -32,6 +32,7 @@ nixpkgs.overlays = (import ../pkgs/default.nix inputs) ++ [ + inputs.idmail.overlays.default inputs.nix-topology.overlays.default inputs.nixos-extra-modules.overlays.default inputs.nixvim.overlays.default diff --git a/secrets/rekeyed/envoy/48b9b9d8780a065399e9dae22f1491b0-stalwart-admin-hash.age b/secrets/rekeyed/envoy/48b9b9d8780a065399e9dae22f1491b0-stalwart-admin-hash.age new file mode 100644 index 0000000..32e16af Binary files /dev/null and b/secrets/rekeyed/envoy/48b9b9d8780a065399e9dae22f1491b0-stalwart-admin-hash.age differ