From e0d4455fb593dfada29b35f93d6bb20bfb452522 Mon Sep 17 00:00:00 2001 From: Alex Stan Date: Sun, 17 Dec 2023 11:39:52 +0200 Subject: [PATCH] "What did you self-host?" "Y E S" Signed-off-by: Alex Stan --- .gitignore | 1 + flake.lock | 171 ++++++++++++++++---- flake.nix | 4 + hosts/titan/configuration.nix | 7 +- hosts/titan/services/caddy.nix | 19 +++ hosts/titan/services/cloud.nix | 23 +++ hosts/titan/services/forge.nix | 23 +++ hosts/titan/services/lemmy.nix | 231 +++++++++++++++++++++++++++ hosts/titan/services/mail-server.nix | 30 ++++ hosts/titan/services/vaultwarden.nix | 12 ++ 10 files changed, 486 insertions(+), 35 deletions(-) create mode 100644 hosts/titan/services/caddy.nix create mode 100644 hosts/titan/services/cloud.nix create mode 100644 hosts/titan/services/forge.nix create mode 100644 hosts/titan/services/lemmy.nix create mode 100644 hosts/titan/services/mail-server.nix create mode 100644 hosts/titan/services/vaultwarden.nix diff --git a/.gitignore b/.gitignore index b2be92b..c2e0afb 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ result +hosts/titan/services/lemmy_credentials.txt diff --git a/flake.lock b/flake.lock index 6cb05ff..ac9b29c 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,21 @@ { "nodes": { + "blobs": { + "flake": false, + "locked": { + "lastModified": 1604995301, + "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=", + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "type": "gitlab" + } + }, "crane": { "inputs": { "nixpkgs": [ @@ -52,11 +68,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1692366702, - "narHash": "sha256-GEysmNDm+olt1WXHzRwb4ZLifkXmeP5+APAN3b81/Og=", + "lastModified": 1702290399, + "narHash": "sha256-hIP3l1a9Jm8HZx9TuV8IoqdvFzjI+SB5Npz08oC6ZU8=", "owner": "elkowar", "repo": "eww", - "rev": "a9a35c1804d72ef92e04ee71555bd9e5a08fa17e", + "rev": "fff40ce1a78d4d75bf63a8ee33dd7d9be8dc289e", "type": "github" }, "original": { @@ -81,6 +97,22 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" @@ -142,11 +174,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1701875994, - "narHash": "sha256-iHID4VbI2QyBzbG6WNgS1zZgU0zYzidhI72PeAl1aLw=", + "lastModified": 1702700966, + "narHash": "sha256-KaSAZI12mhIcYHjFiARBclIl8CoxLpx5ZafrWZMsnw4=", "owner": "helix-editor", "repo": "helix", - "rev": "b81aacc5e1332bb01043a18e55dd9e9543711ec6", + "rev": "c56cd6ee8b9312a620d4fc38eea90a49613f5d72", "type": "github" }, "original": { @@ -163,11 +195,11 @@ ] }, "locked": { - "lastModified": 1701728041, - "narHash": "sha256-x0pyrI1vC8evVDxCxyO6olOyr4wlFg9+VS3C3p4xFYQ=", + "lastModified": 1702735279, + "narHash": "sha256-SztEzDOE/6bDNnWWvnRbSHPVrgewLwdSei1sxoZFejM=", "owner": "nix-community", "repo": "home-manager", - "rev": "ac7216918cd65f3824ba7817dea8f22e61221eaf", + "rev": "e9b9ecef4295a835ab073814f100498716b05a96", "type": "github" }, "original": { @@ -183,11 +215,11 @@ ] }, "locked": { - "lastModified": 1700963402, - "narHash": "sha256-JhkanLmYRLekGOysO6JpCWKPlgRoemHPzUrARCGBqYA=", + "lastModified": 1702242899, + "narHash": "sha256-p2FmwhHlIW3V8YzlRu/bWCiKa2a9fSardt9Eh22JlWE=", "owner": "hyprwm", "repo": "contrib", - "rev": "65e567a81176d39be7ce6513d1af23954f00cbec", + "rev": "740dbac96354c076a76b7cf6fe70dad150d21659", "type": "github" }, "original": { @@ -207,11 +239,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1701945972, - "narHash": "sha256-Nvbjtu7FAM5ULS1Z028y1ou3qJR1x606fnyva5kLkuo=", + "lastModified": 1702675213, + "narHash": "sha256-Sl5gAPzCvYmXw7jo7ISzz/djhprOstFLRyznfxq2JIw=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "a794eecd6a71e431b654cebb1b28dbff0d6da079", + "rev": "b1b8d732e64ecf527baef010ad2f28ed3b8c4ac1", "type": "github" }, "original": { @@ -245,6 +277,31 @@ "type": "github" } }, + "mailserver": { + "inputs": { + "blobs": "blobs", + "flake-compat": "flake-compat_2", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-22_11": "nixpkgs-22_11", + "nixpkgs-23_05": "nixpkgs-23_05", + "utils": "utils" + }, + "locked": { + "lastModified": 1700085753, + "narHash": "sha256-qtib7f3eRwfaUF+VziJXiBcZFqpHCAXS4HlrFsnzzl4=", + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "rev": "008d78cc21959e33d0d31f375b88353a7d7121ae", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "type": "gitlab" + } + }, "nix-but-gigachad": { "inputs": { "nixpkgs": [ @@ -252,11 +309,11 @@ ] }, "locked": { - "lastModified": 1701522423, - "narHash": "sha256-V5TQ/1loQnegDjfLh61DxBWEQZivYEBq2kQpT0fn2cQ=", + "lastModified": 1702567580, + "narHash": "sha256-lmO5UWwCyFD1WhwHru6Xb0zSRBGcIyqhyX3vVSGNTR0=", "owner": "viperML", "repo": "nh", - "rev": "375c6cf57de3a839b7937358659bea526da27eae", + "rev": "bd225f25992098122d83b28579a710d4181e0008", "type": "github" }, "original": { @@ -287,11 +344,11 @@ ] }, "locked": { - "lastModified": 1701572887, - "narHash": "sha256-oCPwQZT0Inis4zcYhtFHUp7Rym1zglKPLDcRird35q8=", + "lastModified": 1702291765, + "narHash": "sha256-kfxavgLKPIZdYVPUPcoDZyr5lleymrqbr5G9PVfQ2NY=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "41afa8d1c061beda68502bcc67f2788f3a77042b", + "rev": "45d82e0a8b9dd6c5dd9da835ac0c072239af7785", "type": "github" }, "original": { @@ -305,7 +362,7 @@ "nixpkgs": [ "nixpkgs" ], - "utils": "utils" + "utils": "utils_2" }, "locked": { "lastModified": 1693158194, @@ -323,11 +380,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1701656485, - "narHash": "sha256-xDFormrGCKKGqngHa2Bz1GTeKlFMMjLnHhTDRdMJ1hs=", + "lastModified": 1702453208, + "narHash": "sha256-0wRi9SposfE2wHqjuKt8WO2izKB/ASDOV91URunIqgo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "fa194fc484fd7270ab324bb985593f71102e84d1", + "rev": "7763c6fd1f299cb9361ff2abf755ed9619ef01d6", "type": "github" }, "original": { @@ -338,11 +395,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1701718080, - "narHash": "sha256-6ovz0pG76dE0P170pmmZex1wWcQoeiomUZGggfH9XPs=", + "lastModified": 1702312524, + "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2c7f3c0fb7c08a0814627611d9d7d45ab6d75335", + "rev": "a9bf124c46ef298113270b1f84a164865987a91c", "type": "github" }, "original": { @@ -352,6 +409,36 @@ "type": "github" } }, + "nixpkgs-22_11": { + "locked": { + "lastModified": 1669558522, + "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.11", + "type": "indirect" + } + }, + "nixpkgs-23_05": { + "locked": { + "lastModified": 1684782344, + "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.05", + "type": "indirect" + } + }, "nixpkgs-lib": { "locked": { "dir": "lib", @@ -372,11 +459,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1701962726, - "narHash": "sha256-UFXSEVwzNrHqbY5yRBHf1ugXqirKUGxf1uQ6rm755R4=", + "lastModified": 1702753406, + "narHash": "sha256-kRwOtgNWqrB/hXcK7JJwTMwAcKITRNBLPYsZ6zKcqZc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2453c821f0a89bd579ac06f6a84152f41ee0c68b", + "rev": "3b5083b83662210ef84325b879f5ec9189933822", "type": "github" }, "original": { @@ -394,6 +481,7 @@ "home-manager": "home-manager", "hypr-contrib": "hypr-contrib", "hyprland": "hyprland", + "mailserver": "mailserver", "nix-but-gigachad": "nix-but-gigachad", "nix-index-database": "nix-index-database", "nix-software-center": "nix-software-center", @@ -495,6 +583,21 @@ } }, "utils": { + "locked": { + "lastModified": 1605370193, + "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5021eac20303a61fafe17224c087f5519baed54d", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_2": { "inputs": { "systems": "systems_3" }, @@ -547,11 +650,11 @@ ] }, "locked": { - "lastModified": 1700508250, - "narHash": "sha256-X4o/mifI7Nhu0UKYlxx53wIC+gYDo3pVM9L2u3PE2bE=", + "lastModified": 1702334919, + "narHash": "sha256-ibOZ3TLjqndGMcj2f+07NFwDWoum4IbzF58byZuJJNg=", "owner": "hyprwm", "repo": "xdg-desktop-portal-hyprland", - "rev": "eb120ff25265ecacd0fc13d7dab12131b60d0f47", + "rev": "f5c3576c3b6cb1c31a8dfa3e4113f59bfe40cd71", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index fec79e0..6fa35cf 100644 --- a/flake.nix +++ b/flake.nix @@ -43,6 +43,10 @@ url = "github:nix-community/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; }; + mailserver = { + url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { self, nixpkgs, home-manager, ... }@inputs: { diff --git a/hosts/titan/configuration.nix b/hosts/titan/configuration.nix index f263aee..2642fbf 100644 --- a/hosts/titan/configuration.nix +++ b/hosts/titan/configuration.nix @@ -13,7 +13,12 @@ in { ./hardware/hardware-configuration.nix ./cachix.nix ( import ./hardware/nvidia.nix inputs ) - ( import ./services/dnsmasq.nix inputs ) + ( import ./services/forge.nix inputs ) + ( import ./services/cloud.nix inputs ) + ( import ./services/vaultwarden.nix inputs ) + # ( import ./services/caddy.nix inputs ) # doesn't work + # ( import ./services/dnsmasq.nix inputs ) # borks my DNS + # ( import ./services/mail-server.nix inputs ) # needs a lot of DNS configs from cloudflaer, I only have 3 rules inputs.nix-but-gigachad.nixosModules.default ]; nh = { diff --git a/hosts/titan/services/caddy.nix b/hosts/titan/services/caddy.nix new file mode 100644 index 0000000..8760a49 --- /dev/null +++ b/hosts/titan/services/caddy.nix @@ -0,0 +1,19 @@ +inputs: { config, ... }: { + services.caddy = { + enable = true; + /* + virtualHosts = { + "https://gra.phite.ro".extraConfig = '' + root * /home/ultra/code/html/blog + ''; + "https://git.gra.phite.ro".extraConfig = '' + reverse_proxy :3000 + ''; + "https://phite.ro".extraConfig = '' + redir https://gra.phite.ro{uri} permanent + ''; + }; + */ + configFile = /home/ultra/code/html/blog/Caddyfile; + }; +} diff --git a/hosts/titan/services/cloud.nix b/hosts/titan/services/cloud.nix new file mode 100644 index 0000000..923364d --- /dev/null +++ b/hosts/titan/services/cloud.nix @@ -0,0 +1,23 @@ +inputs: { pkgs, config, ... }: { + services.nextcloud = { + enable = true; + package = pkgs.nextcloud27; + hostName = "localhost"; + config = { + adminpassFile = "/var/keys/nextcloud_initial_password"; + extraTrustedDomains = [ + "cloud.gra.phite.ro" + ]; + }; + extraApps = with config.services.nextcloud.package.packages.apps; { + inherit news files_markdown files_texteditor forms maps memories music onlyoffice polls; + }; + /* + extraOptions = { + trusted_domains = [ "https://cloud.gra.phite.ro" ]; + }; + */ + extraAppsEnable = true; + }; + services.nginx.virtualHosts."localhost".listen = [ { addr = "127.0.0.1"; port = 3001; } ]; +} diff --git a/hosts/titan/services/forge.nix b/hosts/titan/services/forge.nix new file mode 100644 index 0000000..ccc5451 --- /dev/null +++ b/hosts/titan/services/forge.nix @@ -0,0 +1,23 @@ +inputs: { config, pkgs, ... }: { + services = { + /* + postgresql = { + ensureDatabases = [ config.services.gitea.user ]; + ensureUsers = [ + { + name = config.services.gitea.database.user; + ensurePermissions."DATABASE ${config.services.gitea.database.name}" = "ALL PRIVILEGES"; + } + ]; + }; + */ + gitea = { + enable = true; + package = pkgs.forgejo; + appName = "Graphite's Forge"; + domain = "git.gra.phite.ro"; + rootUrl = "https://git.gra.phite.ro"; + lfs.enable = true; + }; + }; +} diff --git a/hosts/titan/services/lemmy.nix b/hosts/titan/services/lemmy.nix new file mode 100644 index 0000000..2364c1b --- /dev/null +++ b/hosts/titan/services/lemmy.nix @@ -0,0 +1,231 @@ +inputs: { config, pkgs, lib, ... } : +let + + # add nginx reverse proxy and ACME web certificate + add_nginx = true; + nginx_ports = [ 80 443 ]; + + lemmy = { + upstreamName = "lemmy"; + dataDir = "/var/lib/lemmy"; + ip = "127.0.0.1"; + port = 1234; + domain = "lemmy.gra.phi.te"; + }; + + lemmy-ui = { + upstreamName = "lemmy-ui"; + ip = "127.0.0.1"; + port = 8536; + }; + + pict-rs = { + ip = "127.0.0.1"; + port = 8080; + }; + + acmeDomain = lemmy.domain; + nginxVhost = lemmy.domain; + +in { + + security.acme = lib.mkIf add_nginx { + acceptTerms = true; + defaults = { + email = "ultra980@proton.me"; + dnsProvider = "cloudflare"; + credentialsFile = ./lemmy_credentials.txt; + }; + certs."${acmeDomain}" = { + domain = "${acmeDomain}"; + }; + }; + + networking.firewall.allowedTCPPorts = lib.mkIf add_nginx nginx_ports; + + # is needed because of certificate file permissions + users.users.nginx.extraGroups = lib.mkIf add_nginx ["acme"]; + + services.nginx = lib.mkIf add_nginx { + upstreams."${lemmy.upstreamName}".servers."${lemmy.ip}:${builtins.toString lemmy.port}" = {}; + upstreams."${lemmy-ui.upstreamName}".servers."${lemmy-ui.ip}:${builtins.toString lemmy-ui.port}" = {}; + + virtualHosts."${nginxVhost}" = { + useACMEHost = "${acmeDomain}"; + # inherit from config.security.acme.acmeRoot; + acmeRoot = null; + # add redirects from http to https + forceSSL = true; + # this whole block was lifted from https://github.com/LemmyNet/lemmy/blob/ef1aa18fd20cc03d492a81cb70cc75cf3281649f/docker/nginx.conf#L21 lines 21-32 + extraConfig = '' + # disables emitting nginx version on error pages and in the “Server” response header field + server_tokens off; + + gzip on; + gzip_types text/css application/javascript image/svg+xml; + gzip_vary on; + + # Upload limit, relevant for pictrs + client_max_body_size 20M; + + add_header X-Frame-Options SAMEORIGIN; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + ''; + + locations = { + "/" = { + # we do not use the nixos "locations..proxyPass" option because the nginx config needs to do something fancy. + # again, lifted wholesale from https://github.com/LemmyNet/lemmy/blob/ef1aa18fd20cc03d492a81cb70cc75cf3281649f/docker/nginx.conf#L36 lines 36-55 + extraConfig = '' + # distinguish between ui requests and backend + # don't change lemmy-ui or lemmy here, they refer to the upstream definitions on top + set $proxpass "http://${lemmy-ui.upstreamName}"; + + if ($http_accept = "application/activity+json") { + set $proxpass "http://${lemmy.upstreamName}"; + } + if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") { + set $proxpass "http://${lemmy.upstreamName}"; + } + if ($request_method = POST) { + set $proxpass "http://${lemmy.upstreamName}"; + } + proxy_pass $proxpass; + + # Cuts off the trailing slash on URLs to make them valid + rewrite ^(.+)/+$ $1 permanent; + + # Send actual client IP upstream + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + ''; + }; + + # again, lifted wholesale from https://github.com/LemmyNet/lemmy/blob/ef1aa18fd20cc03d492a81cb70cc75cf3281649f/docker/nginx.conf#L60 lines 60-69 (nice!) + "~ ^/(api|pictrs|feeds|nodeinfo|.well-known)" = { + proxyPass = "http://${lemmy.upstreamName}"; + extraConfig = '' + # proxy common stuff + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + ## Send actual client IP upstream + #proxy_set_header X-Real-IP $remote_addr; + #proxy_set_header Host $host; + #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + ''; + }; + }; + }; + }; + + systemd.services.lemmy-ui = { + environment = { + LEMMY_UI_HOST = lib.mkForce "${lemmy-ui.ip}:${toString lemmy-ui.port}"; + LEMMY_UI_LEMMY_INTERNAL_HOST = lib.mkForce "${lemmy.ip}:${toString lemmy.port}"; + LEMMY_UI_LEMMY_EXTERNAL_HOST = lib.mkForce lemmy.domain ; + LEMMY_UI_HTTPS="true"; + }; + }; + + services.pict-rs = { + enable = true; + port = pict-rs.port; + dataDir = "${dataDir}/pict-rs"; + address = pict-rs.ip; + }; + + systemd.services.lemmy = { + requires = ["postgresql.service"]; + after = ["postgresql.service"]; + environment = { + LEMMY_DATABASE_URL = lib.mkForce "postgresql://lemmy@127.0.0.1:${toString config.services.postgresql.port}/lemmy"; + }; + }; + + services.lemmy = { + enable = true; + ui.port = lemmy-ui.port; + database.createLocally = true; + settings = { + # TODO: Enable this much later when you tested everything. + # N.B. you can't change your domain name after enabling this. + federation.enabled = false; + # settings related to the postgresql database + database = { + user = "lemmy"; + password = "secretlemmypassword"; + host = "127.0.0.1"; + port = ${config.services.postgresql.port}; + database = "lemmy"; + pool_size = 5; + }; + /* + # Pictrs image server configuration. + pictrs = { + # Address where pictrs is available (for image hosting) + url = "http://${pict-rs.ip}:${toString pict-rs.port}/"; + # TODO: Set a custom pictrs API key. ( Required for deleting images ) + api_key = ""; + }; + */ + # TODO: Email sending configuration. All options except login/password are mandatory + email = { + # Hostname and port of the smtp server + smtp_server = ""; + # Login name for smtp server + smtp_login = ""; + # Password to login to the smtp server + smtp_password = ""; + # Address to send emails from, eg "noreply@your-instance.com"; + smtp_from_address = "noreply@${lemmy.domain}"; + # Whether or not smtp connections should use tls. Can be none, tls, or starttls + tls_type = "none"; + }; + # TODO: Parameters for automatic configuration of new instance (only used at first start) + setup = { + # Username for the admin user + admin_username = "superawesomeadmin"; + # Password for the admin user. It must be at least 10 characters. + admin_password = ""; + # Name of the site (can be changed later) + site_name = "Lemmy at ${lemmy.domain}"; + # Email for the admin user (optional, can be omitted and set later through the website) + admin_email = "admin@${lemmy.domain}"; + }; + # the domain name of your instance (mandatory) + hostname = lemmy.domain; + # Address where lemmy should listen for incoming requests + bind = lemmy.ip; + # Port where lemmy should listen for incoming requests + port = lemmy.port; + # Whether the site is available over TLS. Needs to be true for federation to work. + tls_enabled = true; + }; + + }; + + + # needed for now + nixpkgs.config.permittedInsecurePackages = [ + "nodejs-14.21.3" + "openssl-1.1.1t" + ]; + + system.activationScripts."make_sure_lemmy_user_owns_files" = '' + uid='${config.users.users.lemmy.uid}'; + gid='${config.users.groups.lemmy.gid}'; + dir='${lemmy.dataDir}' + + mkdir -p "''${dir}" + + if [[ "$(${pkgs.toybox}/bin/stat "''${dir}" -c '%u:%g' | tee /dev/stderr )" != "''${uid}:''${gid}" ]]; then + chown -R "''${uid}:''${gid}" "''${dir}" + fi + ''; + }; + }; +} diff --git a/hosts/titan/services/mail-server.nix b/hosts/titan/services/mail-server.nix new file mode 100644 index 0000000..51eb49c --- /dev/null +++ b/hosts/titan/services/mail-server.nix @@ -0,0 +1,30 @@ +inputs: { config, pkgs, ... }: { + imports = [ + inputs.mailserver.nixosModules.default + ]; + mailserver = { + enable = true; + fqdn = "mail.gra.phite.ro"; + domains = [ "gra.phite.ro" ]; + + loginAccounts = { + "alex@gra.phite.ro" = { + aliases = [ + "postmaster@gra.phite.ro" + "ultra@gra.phite.ro" + "graphite@gra.phite.ro" + "me@gra.phite.ro" + "webmaster@gra.phite.ro" + "security@gra.phite.ro" + ]; + hashedPasswordFile = "/home/ultra/hashed_mail_password.txt"; + }; + }; + certificateScheme = "acme-nginx"; + }; + security.acme = { + acceptTerms = true; + email = "security@gra.phite.ro"; + }; + +} diff --git a/hosts/titan/services/vaultwarden.nix b/hosts/titan/services/vaultwarden.nix new file mode 100644 index 0000000..8453e81 --- /dev/null +++ b/hosts/titan/services/vaultwarden.nix @@ -0,0 +1,12 @@ +inputs: { config, pkgs, ... }: { + services.vaultwarden = { + enable = true; + backupDir = "/var/vaultwarden/backups"; + config = { + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 3002; + DOMAIN = "https://pwd.gra.phite.ro"; + SIGNUPS_ALLOWED = false; + }; + }; +}