diff options
Diffstat (limited to '')
-rw-r--r-- | hosts/by-name/server2/configuration.nix | 76 | ||||
-rw-r--r-- | hosts/by-name/server2/secrets/dkim/mail.vhack.eu-private.age | 16 | ||||
-rw-r--r-- | hosts/by-name/server2/secrets/dkim/mail.vhack.eu-public | 1 | ||||
-rw-r--r-- | hosts/by-name/server2/secrets/nextcloud/adminpassFile.age | 14 | ||||
-rw-r--r-- | hosts/by-name/server3/configuration.nix | 23 | ||||
-rwxr-xr-x | hosts/by-name/server3/secrets/dkim/gen_key.sh (renamed from hosts/by-name/server2/secrets/dkim/gen_key.sh) | 0 | ||||
-rw-r--r-- | hosts/by-name/server3/secrets/dkim/mail.vhack.eu-private.age | 16 | ||||
-rw-r--r-- | hosts/by-name/server3/secrets/dkim/mail.vhack.eu-public | 1 |
8 files changed, 91 insertions, 56 deletions
diff --git a/hosts/by-name/server2/configuration.nix b/hosts/by-name/server2/configuration.nix index 7f0502d..65e3b24 100644 --- a/hosts/by-name/server2/configuration.nix +++ b/hosts/by-name/server2/configuration.nix @@ -1,4 +1,8 @@ -{config, ...}: { +{ + config, + lib, + ... +}: { imports = [ ./networking.nix # network configuration that just works ./hardware.nix @@ -12,13 +16,13 @@ }; vhack = { - back = { + atuin-sync = { + enable = true; + fqdn = "atuin-sync.vhack.eu"; + }; + git-back = { enable = true; domain = "issues.foss-syndicate.org"; - settings = { - scan_path = "${config.services.gitolite.dataDir}/repositories"; - project_list = "${config.services.gitolite.dataDir}/projects.list"; - }; }; backup = { enable = true; @@ -33,7 +37,7 @@ "185.16.61.132" "2a03:4000:a:106::1" ]; - zones = import ../../../zones {}; + zones = import ../../../zones {inherit lib;}; }; etesync = { enable = true; @@ -57,36 +61,10 @@ enable = true; fqdn = "mail.foss-syndicate.org"; }; - stalwart-mail = { - enable = false; - fqdn = "mail.vhack.eu"; - admin = "admin@vhack.eu"; - security = { - dkimKeys = let - loadKey = name: { - dkimPublicKey = builtins.readFile (./secrets/dkim + "/${name}-public"); - dkimPrivateKeyPath = ./secrets/dkim + "/${name}-private.age"; - keyAlgorithm = "ed25519-sha256"; - }; - in { - "mail.vhack.eu" = loadKey "mail.vhack.eu"; - }; - verificationMode = "strict"; - }; - openFirewall = true; - principals = [ - { - class = "individual"; - name = "soispha"; - secret = "$2b$05$XX36sJuHNbTFvi8DFldscOeQBHahluSkiUqD9QGzQaET7NJusSuQW"; - email = [ - "soispha@vhack.eu" - "abuse@vhack.eu" - "postmaster@vhack.eu" - "admin@vhack.eu" - ]; - } - ]; + nextcloud = { + enable = true; + hostname = "nextcloud.vhack.eu"; + adminpassFile = ./secrets/nextcloud/adminpassFile.age; }; nginx = { enable = true; @@ -105,6 +83,30 @@ }; redlib.enable = true; rust-motd.enable = true; + sharkey = { + enable = true; + fqdn = "sharkey.vhack.eu"; + settings = { + id = "aidx"; + + maxNoteLength = 8192; + maxFileSize = 1024 * 1024 * 1024; + proxyRemoteFiles = true; + + # > At the suggestion of Sharkey maintainers, + # > this allows the server to run multiple workers + # > and without this (and postgres tuning), the instance runs slowly. + # Copied from: https://github.com/sodiboo/system/blob/b63c7b27f49043e8701b3ff5e1441cd27d5a2fff/sharkey.mod.nix#L21-L23 + clusterLimit = 3; + + signToActivityPubGet = true; + CheckActivityPubGetSigned = false; + }; + }; + taskchampion-sync = { + enable = true; + fqdn = "taskchampion.vhack.eu"; + }; users.enable = true; }; diff --git a/hosts/by-name/server2/secrets/dkim/mail.vhack.eu-private.age b/hosts/by-name/server2/secrets/dkim/mail.vhack.eu-private.age deleted file mode 100644 index 586a266..0000000 --- a/hosts/by-name/server2/secrets/dkim/mail.vhack.eu-private.age +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5TXdkcGE3VDhPVFd1aThX -dno3RWtMbE9vR1NuQjJXR003NmxrbllSTVhVCit5aExOb2NVSzFKZWswNlQ3R3ds -Rkt3QjU4dlUyVEdQaWFFbU9iejJOV28KLT4gWDI1NTE5IFFoVjFhMWlzUUlPWUFK -cEcwVlQrbzhkRjdEU2FoNmJ2MGpkc1NLcG5zZ1EKNnc0R3BGR0FSQWUvTlIyTk94 -ME82VDRnTytwZnAvVUl6bEFzSTFNUm5BQQotPiBzc2gtZWQyNTUxOSBYUG94RFEg -eFRmUlY2QUhUdUNWQ0xMai9IMEFJZWQxWG9MUktDMnIycnNIS3NELzFGMApxbkx3 -ZlFJTzVNTjlKSzNkOW9reXFYM04xQThQNGgvblNBRUJyZk1HUUZZCi0+IHozLWdy -ZWFzZSBuJT0Ka3NhLzVpY0Z0TW5HckJYUEhpZWlRazFjbzZEMTBwanRFdVA2WWNx -SUpLQitzNUlCQlpQQkZrZDRvbFdBMUgzVApnZ3MyMzF6dlRKZmxmd3NQejJJeE1q -YTVvUExxTTVIVkNNWldyWkY4b3cKLS0tIHYyRWV4WEo4RW1aK3E0MkNucnp1SVVQ -ZHdORjY2Z2IvMkI3a0VQbllWdncKej5N7MfXO+6MbxluZfM+Df75nBiNAEhrkvqX -dHB6qKXScbQHQp9Dpsuv/eR+vaW3rMstOMkAas4RDCii1iDwv2MjXtrFcPKXCBiz -/aiPvmn/7f/cXFw6pTSmLsF2AXGy2wepOEdIVQM4Gml7yVgVhQ3cK4QRGzPjW4Yf -urNumFlJQ7a8NVFNK2C9a+bfIz0eUYcJrOOjBg== ------END AGE ENCRYPTED FILE----- diff --git a/hosts/by-name/server2/secrets/dkim/mail.vhack.eu-public b/hosts/by-name/server2/secrets/dkim/mail.vhack.eu-public deleted file mode 100644 index 7654a2c..0000000 --- a/hosts/by-name/server2/secrets/dkim/mail.vhack.eu-public +++ /dev/null @@ -1 +0,0 @@ -U0eOxgLD3yK7PKzQRSZdJ3EH/UwVxPeYmfm42gYXsDg= \ No newline at end of file diff --git a/hosts/by-name/server2/secrets/nextcloud/adminpassFile.age b/hosts/by-name/server2/secrets/nextcloud/adminpassFile.age new file mode 100644 index 0000000..2b831f3 --- /dev/null +++ b/hosts/by-name/server2/secrets/nextcloud/adminpassFile.age @@ -0,0 +1,14 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxanRqM3pOT29DWitxUERF +RjRURVZUWGpOSzFoZVpCSzJIN0RGZDAzWEZzCkczaExmOGgxQUQwV2NleUdHMXBB +eTZLZXpGZE1hcXBhWWhVcEQ5OFBQWUkKLT4gWDI1NTE5IG5DVmlEaDhTWk9xaWs2 +TnF1K1ZtK2UyeDgvOEFlbVUzc0V1VnZoSmFobEkKczNrSGdwZEVxVFNES3dzcVgy +SmRYNS9WR29mNGNCQW84bHZsZzNTRGZCQQotPiBzc2gtZWQyNTUxOSBYUG94RFEg +Y2ZQd25odWRRbUdqM3gxMzBrQ1Y3UjRwQ0JsRldtblRaYnVKWHZud2p5awpZdkNm +bk82RVVId2tsOXlKb2psa25pNFpManN4bjQwblBWUWdGaWxxQ1B3Ci0+ICNqaTBs +KE8tZ3JlYXNlIE1KZGEgNzAKSGNMSlRGTzN5d3ZXcFZNTkxlZHprVlVQTzJ4K2Vp +MG1YMTFHRmV6L2tMMGUKLS0tIE44WHBBZk1qcmRnK2lPczdiQ294SW50UFdrUHUw +d0EreHNod29LL2pjd2cKw1rpd83gONZaOiV5lQ+QOtIZzoIkaOvRD/8avsbeFsP7 +AB/jiOfOwYJ0DVbNMjopwnzpcAFsLWs6Gg0wQhjNsl349TIcTAS0xLTJYTm8DwQy +FmzftPMHAuJ/IPGzb3hQOFqpuFAPkunfiOgZ/N7N/+LLNMC5NxkkSH8m8gDBCCk= +-----END AGE ENCRYPTED FILE----- diff --git a/hosts/by-name/server3/configuration.nix b/hosts/by-name/server3/configuration.nix index 9ad73ea..6966e58 100644 --- a/hosts/by-name/server3/configuration.nix +++ b/hosts/by-name/server3/configuration.nix @@ -1,4 +1,4 @@ -{...}: { +{lib, ...}: { imports = [ ./networking.nix # network configuration that just works ./hardware.nix @@ -18,7 +18,7 @@ "92.60.38.179" "2a03:4000:33:25b::4f4e" ]; - zones = import ../../../zones {}; + zones = import ../../../zones {inherit lib;}; }; fail2ban.enable = true; nix-sync = { @@ -67,6 +67,25 @@ "/var/log" ]; }; + stalwart-mail = { + enable = true; + fqdn = "mail.vhack.eu"; + admin = "admin@vhack.eu"; + security = { + dkimKeys = let + loadKey = name: { + dkimPublicKey = builtins.readFile (./secrets/dkim + "/${name}-public"); + dkimPrivateKeyPath = ./secrets/dkim + "/${name}-private.age"; + keyAlgorithm = "ed25519-sha256"; + }; + in { + "mail.vhack.eu" = loadKey "mail.vhack.eu"; + }; + verificationMode = "strict"; + }; + openFirewall = true; + principals = null; + }; postgresql.enable = true; rust-motd.enable = true; users.enable = true; diff --git a/hosts/by-name/server2/secrets/dkim/gen_key.sh b/hosts/by-name/server3/secrets/dkim/gen_key.sh index 61da156..61da156 100755 --- a/hosts/by-name/server2/secrets/dkim/gen_key.sh +++ b/hosts/by-name/server3/secrets/dkim/gen_key.sh diff --git a/hosts/by-name/server3/secrets/dkim/mail.vhack.eu-private.age b/hosts/by-name/server3/secrets/dkim/mail.vhack.eu-private.age new file mode 100644 index 0000000..8d66808 --- /dev/null +++ b/hosts/by-name/server3/secrets/dkim/mail.vhack.eu-private.age @@ -0,0 +1,16 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqdEtVSWhiOVR1N1Q5bTBV +NXRMMm42VlR5NitSWlhiSFpUZDZQSlloWlJ3ClA3ZEJSU2dDbmRVL0NMZlFOVU5J +V1lEbDM0MlN3S3dZMUkyc1pQZVVpdDAKLT4gWDI1NTE5IFk4YnFFZmFLTlA0WENY +K3FGME1CbUV4b0Z4V1FIRFBmNVphYmhCMG1QVkkKOGhFcnl3Y2hZQU8rY0ROMTlq +d0lUVG8rRWpPNm4vWkw2WFROU3NJalgzWQotPiBzc2gtZWQyNTUxOSBweXU5Ymcg +UDV4YUdZRWZieHN4RVU1WWEvdlFRVHpTL1V5Q3Nya1kvNjFxVytpS1NGawpUWnlR +RmtQL1Z1ZFkwTC9ua3VVb05VQVlLemtuOCtLSkdxbFE5U2wyM0xZCi0+IFktZ3Jl +YXNlCk56M0t2NXB3QVpjYTNFdkEvMmpDZXBPcWlLNXNWL2tPalNMM1g0KzBJL2xz +T1gvTldRLzNxM25BOUhFZml3dFQKSnNMeHBXK3BrS2pWVU1uTkNKZ3BnaGt2Ci0t +LSBuWURsUEYxRkx3bVQzU3JTcGlwUTFCZ09IRWIrNExUclhPSmdGdUtNOFlFCuKw +PBh8U5VmweDGoY+xFXw/nqTqrKw9gZyUR2vbnHdnN9y8BToht7prsEaAn//DVivI +GMFGMhbPYTumWnEiTho8ZqQv5tKiDdIGV/9YghzUdHtMnzfO7q5ztrFYx19qjgi/ +lW17WyY8Jk2DZIH3icYweTICx9IU5K11DNj6WgNGDe8/fAyfuHTekE8sZtHPDw76 +M3wkUZM= +-----END AGE ENCRYPTED FILE----- diff --git a/hosts/by-name/server3/secrets/dkim/mail.vhack.eu-public b/hosts/by-name/server3/secrets/dkim/mail.vhack.eu-public new file mode 100644 index 0000000..fa5d243 --- /dev/null +++ b/hosts/by-name/server3/secrets/dkim/mail.vhack.eu-public @@ -0,0 +1 @@ +U0eOxgLD3yK7PKzQRSZdJ3EH/UwVxPeYmfm42gYXsDg= |