mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00
Code Activity

feat: add idmail for aliases

Browse source
This commit is contained in:
oddlama 2024-07-26 14:58:32 +02:00
parent cb4f4f251f
commit 7f7b053e0a
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
9 changed files with 607 additions and 136 deletions
Download patch file Download diff file Expand all files Collapse all files

1
config/default.nix
View file

@ -10,6 +10,7 @@
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
inputs.elewrap.nixosModules.default inputs.elewrap.nixosModules.default
inputs.home-manager.nixosModules.default inputs.home-manager.nixosModules.default
inputs.idmail.nixosModules.default
inputs.impermanence.nixosModules.impermanence inputs.impermanence.nixosModules.impermanence
inputs.nix-topology.nixosModules.default inputs.nix-topology.nixosModules.default
inputs.nixos-extra-modules.nixosModules.default inputs.nixos-extra-modules.nixosModules.default

1
config/users.nix
View file

@ -34,5 +34,6 @@
minecraft = uidGid 975; minecraft = uidGid 975;
stalwart-mail = uidGid 974; stalwart-mail = uidGid 974;
netbird-home = uidGid 973; netbird-home = uidGid 973;
idmail = uidGid 972;
}; };
} }

680
flake.lock generated
View file

File diff suppressed because it is too large Load diff

5
flake.nix
View file

@ -33,6 +33,11 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
idmail = {
url = "github:oddlama/idmail";
inputs.nixpkgs.follows = "nixpkgs";
};
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
microvm = { microvm = {

2
hosts/envoy/default.nix
View file

@ -12,7 +12,7 @@
./acme.nix ./acme.nix
./fs.nix ./fs.nix
./net.nix ./net.nix
#./maddy.nix ./idmail.nix
./stalwart-mail.nix ./stalwart-mail.nix
]; ];

42
hosts/envoy/idmail.nix Normal file
View file

@ -0,0 +1,42 @@
{config, ...}: let
mailDomains = config.repo.secrets.global.domains.mail;
primaryDomain = mailDomains.primary;
idmailDomain = "alias.${primaryDomain}";
in {
environment.persistence."/persist".directories = [
{
directory = "/var/lib/idmail";
user = "idmail";
group = "idmail";
mode = "0700";
}
];
globals.services.idmail.domain = idmailDomain;
globals.monitoring.http.idmail = {
url = "https://${idmailDomain}";
expectedBodyRegex = "idmail";
network = "internet";
};
services.idmail.enable = true;
systemd.services.idmail.serviceConfig.RestartSec = "60"; # Retry every minute
services.nginx = {
upstreams.idmail = {
servers."127.0.0.1:3000" = {};
extraConfig = ''
zone idmail 64k;
keepalive 2;
'';
};
virtualHosts.${idmailDomain} = {
forceSSL = true;
useACMEWildcardHost = true;
locations."/" = {
proxyPass = "http://idmail";
proxyWebsockets = true;
};
};
};
}

11
hosts/envoy/secrets/stalwart-admin-hash.age Normal file
View file

@ -0,0 +1,11 @@
age-encryption.org/v1
-> X25519 4dtyNzQ1aoj+se7IxhCnN9A8bOmhPxm3bibijfCNjVw
PoRE6VrM+shoneZJAS+Fh/kIjn9tX6mw9Kr2vD3xOSE
-> piv-p256 xqSe8Q AwvKCfsTHQh3Z05VZ3kRtaa90pqyR3tY+wKwwibfdvzF
dFjn+siQjWdhMVCGsiZyFNBykTrCIrHr9zt3aRxtSQc
-> A'xo-grease KM'D
4D/ij+JrWVbUTv75EljIaE8L9JhFP3Dz
--- inyuu2A3QIBGnRj8WyQKX8+XdVDBCmANdyaHkQ0ZS7s
”_hð”u‘㳊ÏPÖ?I'ó°Fi�ñÙÞ¶3»ÓÊý¸e‰t)ÚÃàEñ‡›à,�¯ ·÷ê«3ŸrQ”X?mo¬ÃÕ—YuÒHi90öÆ7€áé*•§ßÕZH—]z¨:XzÖ
oóT™3(DšØþ7¨à�ð®÷á
×ô@¯�fšû³UúÝZ„<ñη(©E‘ï–TG:¹sÇÑ‚—Æ‘“4€<â5UÞšÖª²·½‘R*_`BoŒ˜æ

1
nix/hosts.nix
View file

@ -32,6 +32,7 @@
nixpkgs.overlays = nixpkgs.overlays =
(import ../pkgs/default.nix inputs) (import ../pkgs/default.nix inputs)
++ [ ++ [
inputs.idmail.overlays.default
inputs.nix-topology.overlays.default inputs.nix-topology.overlays.default
inputs.nixos-extra-modules.overlays.default inputs.nixos-extra-modules.overlays.default
inputs.nixvim.overlays.default inputs.nixvim.overlays.default

BIN
secrets/rekeyed/envoy/48b9b9d8780a065399e9dae22f1491b0-stalwart-admin-hash.age Normal file
View file

Binary file not shown.