From 49df755c4444b1c32d980b59c461f33d8c81a4cb Mon Sep 17 00:00:00 2001 From: admin Date: Thu, 4 Apr 2024 13:40:20 +0200 Subject: [PATCH 1/9] homepage back up again :) --- flake.nix | 2 +- matrix.nix | 12 ++++++------ nextcloud.nix | 20 ++++++++++---------- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/flake.nix b/flake.nix index 2dd0193..5a12dc0 100644 --- a/flake.nix +++ b/flake.nix @@ -25,7 +25,7 @@ ./tail.nix ./matrix.nix ./coturn.nix - # (import ./homepage.nix {inherit homepage;}) + (import ./homepage.nix {inherit homepage;}) ]; }; diff --git a/matrix.nix b/matrix.nix index cc2d4c5..05be83b 100644 --- a/matrix.nix +++ b/matrix.nix @@ -54,9 +54,9 @@ services.postgresql = { ${fqdn} = { enableACME = true; forceSSL = true; - locations."/".extraConfig = '' - return 404; - ''; + # locations."/".extraConfig = '' + # return 404; + # ''; # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash # *must not* be used here. locations."/_matrix".proxyPass = "http://[::1]:8008"; @@ -67,9 +67,9 @@ services.postgresql = { ${domain} = { enableACME = true; forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:8008"; - }; + # locations."/" = { + # proxyPass = "http://localhost:8008"; + # }; # This section is not needed if the server_name of matrix-synapse is equal to # the domain (i.e. example.org from @foo:example.org) and the federation port # is 8448. diff --git a/nextcloud.nix b/nextcloud.nix index f89c008..20916c6 100644 --- a/nextcloud.nix +++ b/nextcloud.nix @@ -66,14 +66,14 @@ in # startAt = "*-*-* 01:15:00"; # }; }; - # services.onlyoffice = { - # enable = true; - # port = 8123; - # }; - # services.nginx.virtualHosts."office.sondell.org" = { - # forceSSL = true; - # enableACME = true; - # locations."/".proxyPass = "http://localhost:8123"; - - # }; + services.onlyoffice = { + enable = true; + port = 8123; + hostname = "office.sondell.org"; + }; + services.nginx.virtualHosts."office.sondell.org" = { + forceSSL = true; + enableACME = true; + # locations."/".proxyPass = "http://12:8123"; + }; } From 7f1e38c11d27606927709f49374acdfd6a5f1b70 Mon Sep 17 00:00:00 2001 From: admin Date: Thu, 4 Apr 2024 15:05:25 +0200 Subject: [PATCH 2/9] init: mailserver --- flake.lock | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 8 ++++- mail.nix | 40 ++++++++++++++++++++++++ 3 files changed, 136 insertions(+), 1 deletion(-) create mode 100644 mail.nix diff --git a/flake.lock b/flake.lock index 8cd04be..daae977 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,37 @@ { "nodes": { + "blobs": { + "flake": false, + "locked": { + "lastModified": 1604995301, + "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=", + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "type": "gitlab" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -39,6 +71,29 @@ "url": "https://git.sondell.org/glennwso/home.git" } }, + "nixos-mailserver": { + "inputs": { + "blobs": "blobs", + "flake-compat": "flake-compat", + "nixpkgs": [ + "nixpkgs" + ], + "utils": "utils" + }, + "locked": { + "lastModified": 1710449465, + "narHash": "sha256-2orO8nfplp6uQJBFqKkj1iyNMC6TysmwbWwbb4osTag=", + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "rev": "79c8cfcd5873a85559da6201b116fb38b490d030", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "type": "gitlab" + } + }, "nixpkgs": { "locked": { "lastModified": 1711703276, @@ -58,6 +113,7 @@ "root": { "inputs": { "home": "home", + "nixos-mailserver": "nixos-mailserver", "nixpkgs": "nixpkgs" } }, @@ -75,6 +131,39 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1709126324, + "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "d465f4819400de7c8d874d50b982301f28a84605", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 5a12dc0..217f656 100644 --- a/flake.nix +++ b/flake.nix @@ -2,11 +2,16 @@ inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; inputs.home.url = "git+https://git.sondell.org/glennwso/home.git"; inputs.home.inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixos-mailserver = { + url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; + inputs.nixpkgs.follows = "nixpkgs"; + }; - outputs = { self, nixpkgs, home }@attrs: + outputs = { self, nixpkgs, home, nixos-mailserver}@attrs: let system = "x86_64-linux"; homepage = home.packages.${system}.default; + mailserver = nixos-mailserver.nixosModules.default; in { # replace 'joes-desktop' with your hostname here. @@ -25,6 +30,7 @@ ./tail.nix ./matrix.nix ./coturn.nix + (import ./mail.nix {inherit mailserver;}) (import ./homepage.nix {inherit homepage;}) ]; diff --git a/mail.nix b/mail.nix new file mode 100644 index 0000000..9e2d483 --- /dev/null +++ b/mail.nix @@ -0,0 +1,40 @@ +{ mailserver , ... }: +{ + imports = [ + mailserver + ]; + + mailserver = { + enable = true; + fqdn = "mail.sondell.org"; + domains = [ "sondell.org" ]; + + # A list of all login accounts. To create the password hashes, use + # cat .secrets/nextadminpw | nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' > .secrets/mailpw.hash + loginAccounts = { + "admin@sondell.org" = { + hashedPasswordFile = "/etc/nixos/.secrets/mailpw.hash"; + aliases = ["info@sondell.org"]; + }; + }; + + # Use Let's Encrypt certificates. Note that this needs to set up a stripped + # down nginx and opens port 80. + certificateScheme = "acme-nginx"; + }; + + # services.roundcube = { + # enable = true; + # # this is the url of the vhost, not necessarily the same as the fqdn of + # # the mailserver + # hostName = "webmail.sondell.org"; + # extraConfig = '' + # # starttls needed for authentication, so the fqdn required to match + # # the certificate + # $config['smtp_server'] = "tls://${mailserver.fqdn}"; + # $config['smtp_user'] = "%u"; + # $config['smtp_pass'] = "%p"; + # ''; + # }; + +} From 3919c5f2d4a1f8f8f21b16580f37d2b2906cf303 Mon Sep 17 00:00:00 2001 From: admin Date: Tue, 9 Apr 2024 14:23:32 +0200 Subject: [PATCH 3/9] working: mailserver --- mail.nix | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/mail.nix b/mail.nix index 9e2d483..17f87aa 100644 --- a/mail.nix +++ b/mail.nix @@ -1,4 +1,8 @@ { mailserver , ... }: +let + domain = "sondell.org"; + fqdn = "mail.${domain}"; +in { imports = [ mailserver @@ -6,8 +10,8 @@ mailserver = { enable = true; - fqdn = "mail.sondell.org"; - domains = [ "sondell.org" ]; + fqdn = fqdn; + domains = [ domain ]; # A list of all login accounts. To create the password hashes, use # cat .secrets/nextadminpw | nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' > .secrets/mailpw.hash @@ -23,18 +27,18 @@ certificateScheme = "acme-nginx"; }; - # services.roundcube = { - # enable = true; - # # this is the url of the vhost, not necessarily the same as the fqdn of - # # the mailserver - # hostName = "webmail.sondell.org"; - # extraConfig = '' - # # starttls needed for authentication, so the fqdn required to match - # # the certificate - # $config['smtp_server'] = "tls://${mailserver.fqdn}"; - # $config['smtp_user'] = "%u"; - # $config['smtp_pass'] = "%p"; - # ''; - # }; + services.roundcube = { + enable = true; + # this is the url of the vhost, not necessarily the same as the fqdn of + # the mailserver + hostName = "webmail.${domain}"; + extraConfig = '' + # starttls needed for authentication, so the fqdn required to match + # the certificate + $config['smtp_server'] = "tls://${fqdn}"; + $config['smtp_user'] = "%u"; + $config['smtp_pass'] = "%p"; + ''; + }; } From 12718077d8ca148f08bfeef8f1f4ccb9d65bfb76 Mon Sep 17 00:00:00 2001 From: admin Date: Wed, 10 Apr 2024 11:01:54 +0200 Subject: [PATCH 4/9] new bin name for homepage --- flake.lock | 8 ++++---- homepage.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index daae977..e60a5d4 100644 --- a/flake.lock +++ b/flake.lock @@ -58,11 +58,11 @@ ] }, "locked": { - "lastModified": 1711535911, - "narHash": "sha256-SzgDrsyBskLyipFzsKwPOKP9FMgGB+6tUQ0VpeGQ/1Y=", + "lastModified": 1712669985, + "narHash": "sha256-fmd3xOIM0upqexDJlFQHipi7LNES+/RoN7VHIrGK7EM=", "ref": "refs/heads/main", - "rev": "80221fa4d735fbc232d97d3384c8af0e40a4e331", - "revCount": 9, + "rev": "db7de53f0f029d96055050f474544b96cf7bf904", + "revCount": 23, "type": "git", "url": "https://git.sondell.org/glennwso/home.git" }, diff --git a/homepage.nix b/homepage.nix index b250c47..190b34a 100644 --- a/homepage.nix +++ b/homepage.nix @@ -13,7 +13,7 @@ in After="network-online.target"; }; serviceConfig = { - ExecStart = "${homepage}/bin/homepage -p ${port}"; + ExecStart = "${homepage}/bin/home-prod -p ${port}"; User= "sondell"; Type= "simple"; }; From 5b8103188c7d1fd9ab20fe7554012505644e8a97 Mon Sep 17 00:00:00 2001 From: admin Date: Wed, 10 Apr 2024 12:36:42 +0200 Subject: [PATCH 5/9] homepage update --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index e60a5d4..4c362ce 100644 --- a/flake.lock +++ b/flake.lock @@ -58,11 +58,11 @@ ] }, "locked": { - "lastModified": 1712669985, - "narHash": "sha256-fmd3xOIM0upqexDJlFQHipi7LNES+/RoN7VHIrGK7EM=", + "lastModified": 1712745070, + "narHash": "sha256-75kSMjyCD5/IliSPkBcBSBamwPYF30Ddr8Ef2XxDfiE=", "ref": "refs/heads/main", - "rev": "db7de53f0f029d96055050f474544b96cf7bf904", - "revCount": 23, + "rev": "c2650ecab1c7b9b2e10d690b40e82817d257b53a", + "revCount": 28, "type": "git", "url": "https://git.sondell.org/glennwso/home.git" }, From 44d0bd0b98685941e846b4eaa94351bc30576c78 Mon Sep 17 00:00:00 2001 From: admin Date: Mon, 15 Apr 2024 13:59:59 +0200 Subject: [PATCH 6/9] glenn mail --- mail.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mail.nix b/mail.nix index 17f87aa..725c32a 100644 --- a/mail.nix +++ b/mail.nix @@ -20,6 +20,9 @@ in hashedPasswordFile = "/etc/nixos/.secrets/mailpw.hash"; aliases = ["info@sondell.org"]; }; + "glenn@sondell.org" = { + hashedPasswordFile = "/etc/nixos/.secrets/mailpw.hash"; + }; }; # Use Let's Encrypt certificates. Note that this needs to set up a stripped From 1dd9c9b61ed6cdfb20ad119f28f7e7c77b2717a3 Mon Sep 17 00:00:00 2001 From: admin Date: Fri, 19 Apr 2024 16:10:11 +0200 Subject: [PATCH 7/9] acme --- audiobooks.nix | 2 ++ filebrowser.nix | 2 ++ homepage.nix | 2 ++ jellyfin.nix | 2 ++ 4 files changed, 8 insertions(+) diff --git a/audiobooks.nix b/audiobooks.nix index 7c6574d..52be9c2 100644 --- a/audiobooks.nix +++ b/audiobooks.nix @@ -12,6 +12,8 @@ in services.nginx.virtualHosts.${domain} = { + forceSSL = true; + enableACME = true; default = true; locations."/" = { proxyPass = "http://localhost:8000/"; diff --git a/filebrowser.nix b/filebrowser.nix index 2381a7f..293f0be 100644 --- a/filebrowser.nix +++ b/filebrowser.nix @@ -34,6 +34,8 @@ in services.nginx.virtualHosts.${domain} = { + forceSSL = true; + enableACME = true; locations."/" = { proxyPass = "http://localhost:8080/"; proxyWebsockets = true; diff --git a/homepage.nix b/homepage.nix index 190b34a..36c5070 100644 --- a/homepage.nix +++ b/homepage.nix @@ -20,6 +20,8 @@ in }; services.nginx.virtualHosts.${domain} = { + forceSSL = true; + enableACME = true; locations."/" = { proxyPass = "http://localhost:${port}/"; proxyWebsockets = true; diff --git a/jellyfin.nix b/jellyfin.nix index a214af7..9d80b2b 100644 --- a/jellyfin.nix +++ b/jellyfin.nix @@ -12,6 +12,8 @@ in services.nginx.virtualHosts.${domain} = { + forceSSL = true; + enableACME = true; locations."/" = { proxyPass = "http://localhost:8096/"; proxyWebsockets = true; From fb1f1fed8799e6bc8fe4c588647554f221a5cf67 Mon Sep 17 00:00:00 2001 From: admin Date: Sat, 20 Apr 2024 10:50:26 +0200 Subject: [PATCH 8/9] feat: gilbert mail --- mail.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mail.nix b/mail.nix index 725c32a..632e706 100644 --- a/mail.nix +++ b/mail.nix @@ -15,6 +15,7 @@ in # A list of all login accounts. To create the password hashes, use # cat .secrets/nextadminpw | nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' > .secrets/mailpw.hash + # echo apassword | nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' > .secrets/gilbertmailpw.hash loginAccounts = { "admin@sondell.org" = { hashedPasswordFile = "/etc/nixos/.secrets/mailpw.hash"; @@ -23,6 +24,9 @@ in "glenn@sondell.org" = { hashedPasswordFile = "/etc/nixos/.secrets/mailpw.hash"; }; + "gilbert@sondell.org" = { + hashedPasswordFile = "/etc/nixos/.secrets/gilbertmailpw.hash"; + }; }; # Use Let's Encrypt certificates. Note that this needs to set up a stripped From 342bb03515d017345a10453c4d42d4415f45957b Mon Sep 17 00:00:00 2001 From: admin Date: Sun, 21 Apr 2024 19:01:42 +0200 Subject: [PATCH 9/9] root ssh --- configuration.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/configuration.nix b/configuration.nix index 30aa309..d7553df 100644 --- a/configuration.nix +++ b/configuration.nix @@ -101,6 +101,11 @@ ]; }; + users.users.root = { + isNormalUser = false; + openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMYGJCpFIiWqzy8YbfWh7+i52XVwyhUu+P0rUglVR5uV gws@nixos"]; + }; + # Allow unfree packages nixpkgs.config.allowUnfree = true;