From 3457194cdde39d334d3d5ab9d9289a1ac94f136d Mon Sep 17 00:00:00 2001 From: Gene Liverman Date: Fri, 21 Jun 2024 23:29:49 -0400 Subject: [PATCH] Everything is migrated! Now to clean up... --- flake.lock | 119 ++++++++++++++++++ flake.nix | 9 +- modules/hosts/nixos/hetznix01/default.nix | 8 ++ modules/hosts/nixos/hetznix01/owntracks.nix | 61 --------- .../hosts/nixos/hetznix01/owntracks.nix-back | 75 ----------- .../nixos/hetznix01/post-install/default.nix | 33 +++++ .../hetznix01/post-install/matrix-synapse.nix | 4 +- .../nixos/hetznix01/post-install/nginx.nix | 4 - 8 files changed, 168 insertions(+), 145 deletions(-) delete mode 100644 modules/hosts/nixos/hetznix01/owntracks.nix delete mode 100644 modules/hosts/nixos/hetznix01/owntracks.nix-back diff --git a/flake.lock b/flake.lock index 30542d3..80bda6e 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,21 @@ { "nodes": { + "blobs": { + "flake": false, + "locked": { + "lastModified": 1604995301, + "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=", + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "type": "gitlab" + } + }, "brew-src": { "flake": false, "locked": { @@ -74,6 +90,22 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" @@ -250,6 +282,21 @@ "type": "indirect" } }, + "nixpkgs-24_05": { + "locked": { + "lastModified": 1717144377, + "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "805a384895c696f802a9bf5bf4720f37385df547", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-24.05", + "type": "indirect" + } + }, "nixpkgs-lib": { "locked": { "dir": "lib", @@ -358,6 +405,21 @@ "type": "github" } }, + "nixpkgs_4": { + "locked": { + "lastModified": 1717602782, + "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, "root": { "inputs": { "compose2nix": "compose2nix", @@ -371,9 +433,33 @@ "nixpkgs": "nixpkgs_3", "nixpkgs-terraform": "nixpkgs-terraform", "nixpkgs-unstable": "nixpkgs-unstable", + "simple-nixos-mailserver": "simple-nixos-mailserver", "sops-nix": "sops-nix" } }, + "simple-nixos-mailserver": { + "inputs": { + "blobs": "blobs", + "flake-compat": "flake-compat", + "nixpkgs": "nixpkgs_4", + "nixpkgs-24_05": "nixpkgs-24_05", + "utils": "utils" + }, + "locked": { + "lastModified": 1718084203, + "narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=", + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "rev": "29916981e7b3b5782dc5085ad18490113f8ff63b", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "ref": "nixos-24.05", + "repo": "nixos-mailserver", + "type": "gitlab" + } + }, "sops-nix": { "inputs": { "nixpkgs": [ @@ -424,6 +510,39 @@ "repo": "default", "type": "github" } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "utils": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1709126324, + "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "d465f4819400de7c8d874d50b982301f28a84605", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index bee09e5..80d08fb 100644 --- a/flake.nix +++ b/flake.nix @@ -49,6 +49,8 @@ inputs.nixpkgs-unstable.follows = "nixpkgs-unstable"; }; + simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; + # Secrets managemnt sops-nix = { url = "github:mic92/sops-nix"; @@ -58,7 +60,8 @@ }; # end inputs outputs = inputs@{ self, nixpkgs, nixpkgs-unstable, compose2nix, disko, genebean-omp-themes, - home-manager, nix-darwin, nix-flatpak, nix-homebrew, nixos-hardware, nixpkgs-terraform, sops-nix, ... }: let + home-manager, nix-darwin, nix-flatpak, nix-homebrew, nixos-hardware, nixpkgs-terraform, + simple-nixos-mailserver, sops-nix, ... }: let # creates a macOS system config darwinHostConfig = { system, hostname, username, additionalModules, additionalSpecialArgs }: nix-darwin.lib.darwinSystem { @@ -195,7 +198,9 @@ system = "x86_64-linux"; hostname = "hetznix01"; username = "gene"; - additionalModules = []; + additionalModules = [ + simple-nixos-mailserver.nixosModule + ]; additionalSpecialArgs = {}; }; nixnuc = nixosHostConfig { diff --git a/modules/hosts/nixos/hetznix01/default.nix b/modules/hosts/nixos/hetznix01/default.nix index 0a6161f..8ec43a0 100644 --- a/modules/hosts/nixos/hetznix01/default.nix +++ b/modules/hosts/nixos/hetznix01/default.nix @@ -24,8 +24,11 @@ # Open ports in the firewall. firewall.allowedTCPPorts = [ 22 # ssh + 25 # SMTP (unencrypted) 80 # http to local Nginx 443 # https to local Nginx + 465 # SMTP with TLS + 587 # SMTP with STARTTLS ]; # firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. @@ -45,6 +48,11 @@ enable = true; package = pkgs.postgresql_16; }; + postgresqlBackup = { + enable = true; + backupAll = true; + startAt = "*-*-* 23:00:00"; + }; uptime-kuma = { enable = true; settings = { diff --git a/modules/hosts/nixos/hetznix01/owntracks.nix b/modules/hosts/nixos/hetznix01/owntracks.nix deleted file mode 100644 index 0765bf4..0000000 --- a/modules/hosts/nixos/hetznix01/owntracks.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ config, pkgs, ... }: let - frontend_port = "8082"; -in { - environment = { - etc = { - "default/ot-recorder".text = '' - OTR_USER="recorder" - OTR_PASS="toenail-madmen-nazareth-fum" - OTR_GEOKEY="opencage:b85db97221cc4239b34e0ca07e71471e" - OTR_TOPICS="owntracks/#" - OTR_HTTPHOST="127.0.0.1" - OTR_HTTPPREFIX="owntracks" - ''; - }; - }; - - services.mosquitto = { - enable = true; - persistence = true; - listeners = [ - { - address = "127.0.0.1"; - port = 1883; - users = { - recorder.passwordFile = config.sops.secrets.mqtt_recorder_pass.path; - }; - } - ]; - }; - - users = { - groups.owntracks.gid = config.users.users.owntracks.uid; - users.owntracks = { - isSystemUser = true; - description = "OwnTracks"; - group = "owntracks"; - home = "/home/owntracks"; - }; - }; - - virtualisation.oci-containers.containers = { - "owntracks-frontend" = { - autoStart = true; - image = "docker.io/owntracks/frontend:2.15.3"; - environment = { - LISTEN = frontend_port; - SERVER_HOST = "ot-recorder"; - }; - ports = [ "127.0.0.1:${frontend_port}:80" ]; - }; - "ot-recorder" = { - autoStart = true; - image = "docker.io/owntracks/frontend:2.15.3"; - ports = [ "127.0.0.1:8083:8083" ]; - volumes = [ - "/etc/default/config:/config" - "/var/spool/owntracks/recorder/store:/store" - ]; - }; - }; -} diff --git a/modules/hosts/nixos/hetznix01/owntracks.nix-back b/modules/hosts/nixos/hetznix01/owntracks.nix-back deleted file mode 100644 index 71e595b..0000000 --- a/modules/hosts/nixos/hetznix01/owntracks.nix-back +++ /dev/null @@ -1,75 +0,0 @@ -{ config, pkgs, ... }: let - frontend_port = "8082"; -in { - environment = { - etc = { - "default/ot-recorder".text = '' - OTR_USER="recorder" - OTR_PASS="toenail-madmen-nazareth-fum" - OTR_GEOKEY="opencage:b85db97221cc4239b34e0ca07e71471e" - OTR_TOPICS="owntracks/#" - OTR_HTTPHOST="127.0.0.1" - OTR_HTTPPREFIX="owntracks" - ''; - }; - systemPackages = with pkgs; [ - owntracks-recorder - ]; - }; - - services.mosquitto = { - enable = true; - persistence = true; - listeners = [ - { - address = "127.0.0.1"; - port = 1883; - users = { - recorder.passwordFile = config.sops.secrets.mqtt_recorder_pass.path; - }; - } - ]; - }; - - systemd.services.ot-recorder = { - name = "ot-recorder.service"; - unitConfig = { - Description = "OwnTracks Recorder"; - Wants = "network-online.target"; - After = "network-online.target"; - }; - serviceConfig = { - Type = "simple"; - User = "owntracks"; - WorkingDirectory = "/"; - ExecStartPre = "${pkgs.coreutils-full.out}/bin/sleep 15"; - ExecStart = "${pkgs.owntracks-recorder.out}/bin/ot-recorder --debug"; - }; - wantedBy = [ "multi-user.target" ]; - restartTriggers = [ - config.environment.etc."default/ot-recorder".source - ]; - }; - - users = { - groups.owntracks.gid = config.users.users.owntracks.uid; - users.owntracks = { - isSystemUser = true; - description = "OwnTracks"; - group = "owntracks"; - home = "/home/owntracks"; - }; - }; - - virtualisation.oci-containers.containers = { - "owntracks-frontend" = { - autoStart = true; - image = "docker.io/owntracks/frontend:2.15.3"; - environment = { - LISTEN = frontend_port; - SERVER_HOST = "host.containers.internal"; - }; - ports = [ "127.0.0.1:${frontend_port}:80" ]; - }; - }; -} diff --git a/modules/hosts/nixos/hetznix01/post-install/default.nix b/modules/hosts/nixos/hetznix01/post-install/default.nix index 8bbc04e..12c8f5a 100644 --- a/modules/hosts/nixos/hetznix01/post-install/default.nix +++ b/modules/hosts/nixos/hetznix01/post-install/default.nix @@ -1,12 +1,45 @@ { config, username, ... }: { imports = [ + ../../../../system/common/linux/lets-encrypt.nix ../../../../system/common/linux/restic.nix ./matrix-synapse.nix ./nginx.nix ]; + mailserver = { + enable = true; + enableImap = false; + enableImapSsl = false; + fqdn = "mail.alt.technicalissues.us"; + domains = [ + "alt.technicalissues.us" + "indianspringsbsa.org" + ]; + forwards = { + "webmaster@indianspringsbsa.org" = "gene+indianspringsbsa.org@geneliverman.com"; + "newsletter@indianspringsbsa.org" = "gene+indianspringsbsa.org@geneliverman.com"; + "@alt.technicalissues.us" = "gene+alt.technicalissues.us@geneliverman.com"; + }; + + # Use Let's Encrypt certificates from Nginx + certificateScheme = "acme"; + }; + + # Cert for the mail server + security.acme.certs."alt.technicalissues.us" = { + extraDomainNames = [ + "mail.alt.technicalissues.us" + "mail.indianspringsbsa.org" + ]; + reloadServices = [ + "postfix.service" + ]; + }; + services = { restic.backups.daily.paths = [ + "${config.users.users.${username}.home}/compose-files/owntracks" + "/var/backup/postgresql" "/var/lib/uptime-kuma" ]; tailscale = { diff --git a/modules/hosts/nixos/hetznix01/post-install/matrix-synapse.nix b/modules/hosts/nixos/hetznix01/post-install/matrix-synapse.nix index d320b2a..7c83bc2 100644 --- a/modules/hosts/nixos/hetznix01/post-install/matrix-synapse.nix +++ b/modules/hosts/nixos/hetznix01/post-install/matrix-synapse.nix @@ -1,6 +1,4 @@ -{ config, pkgs, ... }: let - # -in { +{ config, ... }: { services.matrix-synapse = { enable = true; configureRedisLocally = true; diff --git a/modules/hosts/nixos/hetznix01/post-install/nginx.nix b/modules/hosts/nixos/hetznix01/post-install/nginx.nix index d7e0a55..74e6ba5 100644 --- a/modules/hosts/nixos/hetznix01/post-install/nginx.nix +++ b/modules/hosts/nixos/hetznix01/post-install/nginx.nix @@ -1,12 +1,8 @@ { config, ... }: let domain = "technicalissues.us"; - http_port = 80; https_port = 443; in { - imports = [ - ../../../../system/common/linux/lets-encrypt.nix - ]; services.nginx = { enable = true; recommendedBrotliSettings = true;