diff --git a/flake.lock b/flake.lock index a25021a..44b819b 100644 --- a/flake.lock +++ b/flake.lock @@ -23,6 +23,22 @@ "type": "github" } }, + "blobs": { + "flake": false, + "locked": { + "lastModified": 1604995301, + "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=", + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "type": "gitlab" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -65,6 +81,70 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "git-hooks": { + "inputs": { + "flake-compat": [ + "mailserver", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "mailserver", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758108966, + "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "mailserver", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -93,11 +173,11 @@ ] }, "locked": { - "lastModified": 1760130406, - "narHash": "sha256-GKMwBaFRw/C1p1VtjDz4DyhyzjKUWyi1K50bh8lgA2E=", + "lastModified": 1760312644, + "narHash": "sha256-U9SkK45314urw9P7MmjhEgiQwwD/BTj+T3HTuz1JU1Q=", "owner": "nix-community", "repo": "home-manager", - "rev": "d305eece827a3fe317a2d70138f53feccaf890a1", + "rev": "e121f3773fa596ecaba5b22e518936a632d72a90", "type": "github" }, "original": { @@ -128,6 +208,28 @@ "type": "github" } }, + "mailserver": { + "inputs": { + "blobs": "blobs", + "flake-compat": "flake-compat", + "git-hooks": "git-hooks", + "nixpkgs": "nixpkgs", + "nixpkgs-25_05": "nixpkgs-25_05" + }, + "locked": { + "lastModified": 1759489698, + "narHash": "sha256-2lT2i5ha23I2vrolEaBaAS/63ChgZPh181Awt6q1bDY=", + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "rev": "6005d88bed7a5418f9772b4058a73cd0fd1e69a1", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "type": "gitlab" + } + }, "nix-flatpak": { "locked": { "lastModified": 1739444422, @@ -162,11 +264,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1760038930, - "narHash": "sha256-Oncbh0UmHjSlxO7ErQDM3KM0A5/Znfofj2BSzlHLeVw=", + "lastModified": 1759036355, + "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0b4defa2584313f3b781240b29d61f6f9f7e0df3", + "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127", "type": "github" }, "original": { @@ -176,29 +278,45 @@ "type": "github" } }, - "nixpkgs-stable": { + "nixpkgs-25_05": { "locked": { - "lastModified": 1751274312, - "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", + "lastModified": 1759143472, + "narHash": "sha256-TvODmeR2W7yX/JmOCmP+lAFNkTT7hAxYcF3Kz8SZV3w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674", + "rev": "5ed4e25ab58fd4c028b59d5611e14ea64de51d23", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.11", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1760139962, + "narHash": "sha256-4xggC56Rub3WInz5eD7EZWXuLXpNvJiUPahGtMkwtuc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7e297ddff44a3cc93673bb38d0374df8d0ad73e4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1760038930, - "narHash": "sha256-Oncbh0UmHjSlxO7ErQDM3KM0A5/Znfofj2BSzlHLeVw=", + "lastModified": 1760284886, + "narHash": "sha256-TK9Kr0BYBQ/1P5kAsnNQhmWWKgmZXwUQr4ZMjCzWf2c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0b4defa2584313f3b781240b29d61f6f9f7e0df3", + "rev": "cf3f5c4def3c7b5f1fc012b3d839575dbe552d43", "type": "github" }, "original": { @@ -209,6 +327,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1760284886, + "narHash": "sha256-TK9Kr0BYBQ/1P5kAsnNQhmWWKgmZXwUQr4ZMjCzWf2c=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "cf3f5c4def3c7b5f1fc012b3d839575dbe552d43", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1755615617, "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", @@ -229,9 +363,10 @@ "agenix": "agenix", "disko": "disko", "home-manager": "home-manager_2", + "mailserver": "mailserver", "nix-flatpak": "nix-flatpak", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "nixpkgs-stable": "nixpkgs-stable", "nixpkgs-unstable": "nixpkgs-unstable", "zen-browser": "zen-browser" @@ -255,14 +390,14 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1760213924, - "narHash": "sha256-fin1uGUVt06T2cXz0FuWK6J+Ih7kOOVoGm0fOhtqJew=", + "lastModified": 1760380505, + "narHash": "sha256-qSDhqXzeGcgidKdT3HCxEbuo4/VFI46lcXODRZtwCxg=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "6efcb0b7538270ee5f18c8c0957339ccd2839b03", + "rev": "21d967b539f2c599786356c2cae17b1273aaa6ad", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 54637aa..3e8e6e6 100644 --- a/flake.nix +++ b/flake.nix @@ -16,7 +16,7 @@ nix-flatpak.url = "github:gmodena/nix-flatpak/latest"; zen-browser.url = "github:0xc000022070/zen-browser-flake"; - mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.05"; + mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; disko = { url = "github:nix-community/disko"; @@ -29,7 +29,7 @@ }; }; - outputs = { self, nixpkgs, ... }@inputs: { + outputs = { self, nixpkgs, mailserver, ... }@inputs: { nixosConfigurations = { # Framework Computer piaf = nixpkgs.lib.nixosSystem { @@ -42,7 +42,10 @@ zora = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = inputs; - modules = [ ./hosts/zora ]; + modules = [ + ./hosts/zora + mailserver.nixosModules.default + ]; }; # Desktop ISO diff --git a/modules/server/taf/default.nix b/modules/server/taf/default.nix index ec6e4fb..00a8276 100644 --- a/modules/server/taf/default.nix +++ b/modules/server/taf/default.nix @@ -13,42 +13,71 @@ localDnsResolver = false; enableManageSieve = true; - ldap = { - enable = true; + # debug.all = true; - uris = [ "ldaps://" ]; - searchBase = "dc=auth,dc=lyes,dc=eu"; - searchScope = "sub"; + # ldap = { + # enable = true; - bind = { - dn = "dn=token,dc=auth,dc=lyes,dc=eu"; - passwordFile = config.age.secrets.taf-token.path; - }; + # uris = [ "ldaps://auth.lyes.eu:636" ]; + # searchBase = "dc=auth,dc=lyes,dc=eu"; + # searchScope = "sub"; - dovecot = { - userFilter = "(mail=%u)"; - passFilter = "(mail=%u)"; - }; + # bind = { + # # dn = "dn=token,dc=auth,dc=lyes,dc=eu"; + # dn = "dn=token"; + # passwordFile = config.age.secrets.taf-token.path; + # }; - postfix = { - filter = "(mail=%s)"; - mailAttribute = "mail"; - uidAttribute = "name"; + # dovecot = { + # userFilter = "(name=%u)"; + # passFilter = "(name=%u)"; + # }; + + # postfix = { + # filter = "(name=%s)"; + # mailAttribute = "mail"; + # uidAttribute = "name"; + # }; + # }; + + loginAccounts = { + "lyes@mail.lyes.eu" = { + hashedPasswordFile = config.age.secrets.lyes-mail-passwd.path; + aliases = [ + "@lyes.eu" + ]; }; }; - extraVirtualAliases = { - "@lyes.eu" = "lyes@mail.lyes.eu"; - }; + # extraVirtualAliases = { + # "@lyes.eu" = "lyes@mail.lyes.eu"; + # }; certificateScheme = "acme-nginx"; }; + # services.dovecot2.extraConfig = '' + # userdb { + # driver = ldap + # auth_bind = yes + # # pass_attrs = uid=user + # pass_filter = (name=%u) + # } + + # passdb { + # driver = ldap + # auth_bind = yes + # # pass_attrs = uid=user + # pass_filter = (name=%u) + # } + # ''; + services.roundcube = { enable = true; - hostName = "mail.lyes.eu"; + hostName = "taf.lyes.eu"; extraConfig = '' + $config['imap_host'] = "ssl://taf.lyes.eu:993"; $config['smtp_host'] = "tls://taf.lyes.eu"; $config['smtp_port'] = 587; $config['smtp_user'] = "%u"; @@ -61,5 +90,10 @@ owner = "postfix"; file = ../../../secrets/zora/services/taf-token.age; }; + + lyes-mail-passwd = { + owner = "postfix"; + file = ../../../secrets/lyes/mail-passwd.age; + }; }; } diff --git a/secrets.nix b/secrets.nix index 77739cc..c0b2da1 100644 --- a/secrets.nix +++ b/secrets.nix @@ -7,7 +7,7 @@ let in { # Lyes - # "lyes/name.age".publicKeys = [ lyes ]; + "secrets/lyes/mail-passwd.age".publicKeys = [ lyes zora ]; # Zora "secrets/zora/services/kanidm-admin-password.age".publicKeys = all; diff --git a/secrets/lyes/mail-passwd.age b/secrets/lyes/mail-passwd.age new file mode 100644 index 0000000..61d080b --- /dev/null +++ b/secrets/lyes/mail-passwd.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 whuRpQ iLo2EVUsZTlQTBSm8mbt9dMXb/o1M/0QbfDcilY2sRE +uzfGi4pNeWoUPfriNmpqF6zxPa1wRe2ISamvLks1qPM +-> ssh-ed25519 TFqgIg JKpj953iRNgUPvLXfyXjn5mbuV6149t+IrKB6xS5en4 +dOrWvfLxl2n6qvTSdLCty4ljx4lFwDRzK5Q/28gzoI8 +--- rn0DTUW0SrRd0Qq6PVYLao0CVyK9+la84eNw1aIwlk0 +] ?ZhZP&Lnp}Sn= .%HFnl@INaiq ja^'.a$ \ No newline at end of file diff --git a/users/lyes/desktop/packages.nix b/users/lyes/desktop/packages.nix index d339278..e738a78 100644 --- a/users/lyes/desktop/packages.nix +++ b/users/lyes/desktop/packages.nix @@ -72,6 +72,7 @@ in { # unstable.suyu # suyu # factorio + sgt-sgt-puzzles # Reading # calibre