diff options
Diffstat (limited to '')
| -rw-r--r-- | hosts/by-name/server3/configuration.nix | 39 |
1 files changed, 36 insertions, 3 deletions
diff --git a/hosts/by-name/server3/configuration.nix b/hosts/by-name/server3/configuration.nix index 2afc79f..6966e58 100644 --- a/hosts/by-name/server3/configuration.nix +++ b/hosts/by-name/server3/configuration.nix @@ -1,4 +1,4 @@ -{config, ...}: { +{lib, ...}: { imports = [ ./networking.nix # network configuration that just works ./hardware.nix @@ -7,11 +7,24 @@ vhack = { backup = { enable = true; - privateSshKey = ./secrets/backupssh.age; - privatePassword = ./secrets/backuppass.age; + privateSshKey = ./secrets/backup/backupssh.age; + privatePassword = ./secrets/backup/backuppass.age; user = "u384702-sub4"; }; + dns = { + enable = true; + openFirewall = true; + interfaces = [ + "92.60.38.179" + "2a03:4000:33:25b::4f4e" + ]; + zones = import ../../../zones {inherit lib;}; + }; fail2ban.enable = true; + nix-sync = { + enable = true; + domains = import ./websites.nix {}; + }; mastodon = { enable = true; domain = "mastodon.vhack.eu"; @@ -23,6 +36,7 @@ enable = true; fqdn = "matrix.vhack.eu"; url = "vhack.eu"; + sharedSecretFile = ./secrets/matrix/passwd.age; }; miniflux = { enable = true; @@ -53,6 +67,25 @@ "/var/log" ]; }; + stalwart-mail = { + enable = true; + fqdn = "mail.vhack.eu"; + admin = "admin@vhack.eu"; + security = { + dkimKeys = let + loadKey = name: { + dkimPublicKey = builtins.readFile (./secrets/dkim + "/${name}-public"); + dkimPrivateKeyPath = ./secrets/dkim + "/${name}-private.age"; + keyAlgorithm = "ed25519-sha256"; + }; + in { + "mail.vhack.eu" = loadKey "mail.vhack.eu"; + }; + verificationMode = "strict"; + }; + openFirewall = true; + principals = null; + }; postgresql.enable = true; rust-motd.enable = true; users.enable = true; |