diff --git a/flake.lock b/flake.lock index 868326c..a8b513b 100644 --- a/flake.lock +++ b/flake.lock @@ -381,11 +381,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1663629861, - "narHash": "sha256-CjfQUyPfG/hkE4jnMcTvVJ0ubc84u8ySruZL+emXMjw=", + "lastModified": 1663800189, + "narHash": "sha256-OzomhNhiKvHKr0qxASKNyuXpx6ilhflb/4P5Wsz2FGo=", "owner": "nix-community", "repo": "home-manager", - "rev": "41790ba656bafc023f48ccdbbe7816d30fd52d76", + "rev": "f17819f4f198a3973be76797aa8a9370e35c7ca6", "type": "github" }, "original": { @@ -400,11 +400,11 @@ "wlroots": "wlroots" }, "locked": { - "lastModified": 1663708982, - "narHash": "sha256-FfWGRoZ9IRNz9Z2IhN3Onh7EqUbaE1cT7IMiQ/fGcbs=", + "lastModified": 1663778486, + "narHash": "sha256-Gtx7HmpEl7k1PFzZULU5WBRSCCrN5MgZnrpJdaA4kSY=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "8b11a2e1b15a8e05a308a64b075ee7c9d612e6cc", + "rev": "d3ffccd45ff6d6f7bf8cd08b4c1d9e0c00635ab4", "type": "github" }, "original": { @@ -511,11 +511,11 @@ "utils": "utils_4" }, "locked": { - "lastModified": 1663552861, - "narHash": "sha256-Xum3e8K1o1VRua52TwKxXPSUGHWeSqFpg9edsiO9VpU=", + "lastModified": 1663823263, + "narHash": "sha256-u2glihcKP6tr8tW5Glz0pXhxOwfuRdJQGslJsg4dIFQ=", "owner": "jyooru", "repo": "nix-minecraft-servers", - "rev": "3a36fab5c690e0750fb6a9a3c53ecc5284bf70ba", + "rev": "51b10b3388b367dfdf8dcd7f695bdfdfc5105256", "type": "github" }, "original": { @@ -606,11 +606,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1661931183, - "narHash": "sha256-0+2KzcexiJCB3Il5t7cZAM2RXNRfm5/gMCwhcZJxLuQ=", + "lastModified": 1663494472, + "narHash": "sha256-fSowlaoXXWcAM8m9wA6u+eTJJtvruYHMA+Lb/tFi/qM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "97747d3209efde533f7b1b28f1be11619f556a06", + "rev": "f677051b8dc0b5e2a9348941c99eea8c4b0ff28f", "type": "github" }, "original": { @@ -1009,11 +1009,11 @@ "flake": false, "locked": { "host": "gitlab.freedesktop.org", - "lastModified": 1661882030, - "narHash": "sha256-Kw0MG4rXdTnbndVLLCNwkXDmNszwdQZmm7pwI1R3Kds=", + "lastModified": 1663507239, + "narHash": "sha256-LISZtkPVe8lQ2N8YwVe+KxCkXWLP9mdw6Q2kG93wE8A=", "owner": "wlroots", "repo": "wlroots", - "rev": "fd0b0276c9ecc159549acff48b932b83ec3b4f12", + "rev": "2ad25b1460400e66ea26bd6489b04072be7d9dbb", "type": "gitlab" }, "original": { diff --git a/nixos/hosts/olympus/mailserver/configuration.nix b/nixos/hosts/olympus/mailserver/configuration.nix index 3a3cbe4..d7efebc 100644 --- a/nixos/hosts/olympus/mailserver/configuration.nix +++ b/nixos/hosts/olympus/mailserver/configuration.nix @@ -3,7 +3,7 @@ # and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, ... }: - +let vs = config.vault-secrets.secrets; in { imports = [ ]; @@ -18,13 +18,46 @@ # Additional packages environment.systemPackages = with pkgs; [ ]; - networking.firewall.allowedTCPPorts = [ ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + networking.extraHosts = '' + 10.42.42.6 vault.olympus + ''; + + vault-secrets.secrets.mailserver = { + services = [ "dovecot2" "postfix"]; + }; mailserver = { - enable = false; + enable = true; fqdn = "mail.0x76.dev"; domains = [ "0x76.dev" ]; + loginAccounts = { + "v@0x76.dev" = { + hashedPasswordFile = "${vs.mailserver}/v@0x76.dev"; + }; + }; + certificateScheme = 3; }; + + services.roundcube = { + enable = true; + # this is the url of the vhost, not necessarily the same as the fqdn of + # the mailserver + hostName = "webmail.0x76.dev"; + extraConfig = '' + # starttls needed for authentication, so the fqdn required to match + # the certificate + $config['smtp_host'] = "tls://${config.mailserver.fqdn}"; + $config['smtp_user'] = "%u"; + $config['smtp_pass'] = "%p"; + ''; + }; + + services.nginx.enable = true; + + security.acme.acceptTerms = true; + security.acme.defaults.email = "victor@xirion.net"; }