lyes/nixfiles
1
0
Fork 0
Code Issues Pull requests Activity Actions

Hardcoding mails for server

Browse source
This commit is contained in:
Lyes Saadi 2025-10-14 00:09:16 +02:00
parent 960500b2d7
commit 8fb4bf2858
Signed by: lyes
GPG key ID: 55A1D803917CF39A
6 changed files with 224 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

173
flake.lock generated
View file

@ -23,6 +23,22 @@
"type": "github"
}
},
"blobs": {
"flake": false,
"locked": {
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"type": "gitlab"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@ -65,6 +81,70 @@
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": [
"mailserver",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"mailserver",
"nixpkgs"
]
},
"locked": {
"lastModified": 1758108966,
"narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"mailserver",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -93,11 +173,11 @@
]
},
"locked": {
"lastModified": 1760130406,
"narHash": "sha256-GKMwBaFRw/C1p1VtjDz4DyhyzjKUWyi1K50bh8lgA2E=",
"lastModified": 1760312644,
"narHash": "sha256-U9SkK45314urw9P7MmjhEgiQwwD/BTj+T3HTuz1JU1Q=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "d305eece827a3fe317a2d70138f53feccaf890a1",
"rev": "e121f3773fa596ecaba5b22e518936a632d72a90",
"type": "github"
},
"original": {
@ -128,6 +208,28 @@
"type": "github"
}
},
"mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat",
"git-hooks": "git-hooks",
"nixpkgs": "nixpkgs",
"nixpkgs-25_05": "nixpkgs-25_05"
},
"locked": {
"lastModified": 1759489698,
"narHash": "sha256-2lT2i5ha23I2vrolEaBaAS/63ChgZPh181Awt6q1bDY=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "6005d88bed7a5418f9772b4058a73cd0fd1e69a1",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"type": "gitlab"
}
},
"nix-flatpak": {
"locked": {
"lastModified": 1739444422,
@ -162,11 +264,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1760038930,
"narHash": "sha256-Oncbh0UmHjSlxO7ErQDM3KM0A5/Znfofj2BSzlHLeVw=",
"lastModified": 1759036355,
"narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0b4defa2584313f3b781240b29d61f6f9f7e0df3",
"rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127",
"type": "github"
},
"original": {
@ -176,29 +278,45 @@
"type": "github"
}
},
"nixpkgs-stable": {
"nixpkgs-25_05": {
"locked": {
"lastModified": 1751274312,
"narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=",
"lastModified": 1759143472,
"narHash": "sha256-TvODmeR2W7yX/JmOCmP+lAFNkTT7hAxYcF3Kz8SZV3w=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674",
"rev": "5ed4e25ab58fd4c028b59d5611e14ea64de51d23",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1760139962,
"narHash": "sha256-4xggC56Rub3WInz5eD7EZWXuLXpNvJiUPahGtMkwtuc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7e297ddff44a3cc93673bb38d0374df8d0ad73e4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1760038930,
"narHash": "sha256-Oncbh0UmHjSlxO7ErQDM3KM0A5/Znfofj2BSzlHLeVw=",
"lastModified": 1760284886,
"narHash": "sha256-TK9Kr0BYBQ/1P5kAsnNQhmWWKgmZXwUQr4ZMjCzWf2c=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0b4defa2584313f3b781240b29d61f6f9f7e0df3",
"rev": "cf3f5c4def3c7b5f1fc012b3d839575dbe552d43",
"type": "github"
},
"original": {
@ -209,6 +327,22 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1760284886,
"narHash": "sha256-TK9Kr0BYBQ/1P5kAsnNQhmWWKgmZXwUQr4ZMjCzWf2c=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "cf3f5c4def3c7b5f1fc012b3d839575dbe552d43",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1755615617,
"narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
@ -229,9 +363,10 @@
"agenix": "agenix",
"disko": "disko",
"home-manager": "home-manager_2",
"mailserver": "mailserver",
"nix-flatpak": "nix-flatpak",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable",
"nixpkgs-unstable": "nixpkgs-unstable",
"zen-browser": "zen-browser"
@ -255,14 +390,14 @@
"zen-browser": {
"inputs": {
"home-manager": "home-manager_3",
"nixpkgs": "nixpkgs_2"
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1760213924,
"narHash": "sha256-fin1uGUVt06T2cXz0FuWK6J+Ih7kOOVoGm0fOhtqJew=",
"lastModified": 1760380505,
"narHash": "sha256-qSDhqXzeGcgidKdT3HCxEbuo4/VFI46lcXODRZtwCxg=",
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"rev": "6efcb0b7538270ee5f18c8c0957339ccd2839b03",
"rev": "21d967b539f2c599786356c2cae17b1273aaa6ad",
"type": "github"
},
"original": {

9
flake.nix
View file

@ -16,7 +16,7 @@
nix-flatpak.url = "github:gmodena/nix-flatpak/latest";
zen-browser.url = "github:0xc000022070/zen-browser-flake";
mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.05";
mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
disko = {
url = "github:nix-community/disko";
@ -29,7 +29,7 @@
};
};
outputs = { self, nixpkgs, ... }@inputs: {
outputs = { self, nixpkgs, mailserver, ... }@inputs: {
nixosConfigurations = {
# Framework Computer
piaf = nixpkgs.lib.nixosSystem {
@ -42,7 +42,10 @@
zora = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = inputs;
modules = [ ./hosts/zora ];
modules = [
./hosts/zora
mailserver.nixosModules.default
];
};
# Desktop ISO

76
modules/server/taf/default.nix
View file

@ -13,42 +13,71 @@
localDnsResolver = false;
enableManageSieve = true;
ldap = {
enable = true;
# debug.all = true;
uris = [ "ldaps://" ];
searchBase = "dc=auth,dc=lyes,dc=eu";
searchScope = "sub";
# ldap = {
# enable = true;
bind = {
dn = "dn=token,dc=auth,dc=lyes,dc=eu";
passwordFile = config.age.secrets.taf-token.path;
};
# uris = [ "ldaps://auth.lyes.eu:636" ];
# searchBase = "dc=auth,dc=lyes,dc=eu";
# searchScope = "sub";
dovecot = {
userFilter = "(mail=%u)";
passFilter = "(mail=%u)";
};
# bind = {
# # dn = "dn=token,dc=auth,dc=lyes,dc=eu";
# dn = "dn=token";
# passwordFile = config.age.secrets.taf-token.path;
# };
postfix = {
filter = "(mail=%s)";
mailAttribute = "mail";
uidAttribute = "name";
# dovecot = {
# userFilter = "(name=%u)";
# passFilter = "(name=%u)";
# };
# postfix = {
# filter = "(name=%s)";
# mailAttribute = "mail";
# uidAttribute = "name";
# };
# };
loginAccounts = {
"lyes@mail.lyes.eu" = {
hashedPasswordFile = config.age.secrets.lyes-mail-passwd.path;
aliases = [
"@lyes.eu"
];
};
};
extraVirtualAliases = {
"@lyes.eu" = "lyes@mail.lyes.eu";
};
# extraVirtualAliases = {
# "@lyes.eu" = "lyes@mail.lyes.eu";
# };
certificateScheme = "acme-nginx";
};
# services.dovecot2.extraConfig = ''
# userdb {
# driver = ldap
# auth_bind = yes
# # pass_attrs = uid=user
# pass_filter = (name=%u)
# }
# passdb {
# driver = ldap
# auth_bind = yes
# # pass_attrs = uid=user
# pass_filter = (name=%u)
# }
# '';
services.roundcube = {
enable = true;
hostName = "mail.lyes.eu";
hostName = "taf.lyes.eu";
extraConfig = ''
$config['imap_host'] = "ssl://taf.lyes.eu:993";
$config['smtp_host'] = "tls://taf.lyes.eu";
$config['smtp_port'] = 587;
$config['smtp_user'] = "%u";
@ -61,5 +90,10 @@
owner = "postfix";
file = ../../../secrets/zora/services/taf-token.age;
};
lyes-mail-passwd = {
owner = "postfix";
file = ../../../secrets/lyes/mail-passwd.age;
};
};
}

2
secrets.nix
View file

@ -7,7 +7,7 @@ let
in
{
# Lyes
# "lyes/name.age".publicKeys = [ lyes ];
"secrets/lyes/mail-passwd.age".publicKeys = [ lyes zora ];
# Zora
"secrets/zora/services/kanidm-admin-password.age".publicKeys = all;

7
secrets/lyes/mail-passwd.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 whuRpQ iLo2EVUsZTlQTBSm8mbt9dMXb/o1M/0QbfDcilY2sRE
uzfGi4pNeWoUPfriNmpqF6zxPa1wRe2ISamvLks1qPM
-> ssh-ed25519 TFqgIg JKpj953iRNgUPvLXfyXjn5mbuV6149t+IrKB6xS5en4
dOrWvfLxl2n6qvTSdLCty4ljx4lFwDRzK5Q/28gzoI8
--- rn0DTUW0SrRd0Qq6PVYLao0CVyK9+la84eNw1aIwlk0
]¥ <0A>?<3F>ZhZŽ<5A>P&ïLn¶ÕÏèp¥¡†úº}Sƒnâ=„ .Ô%öHÎFè¼nl­—£Í@ÁIù­ÇNêæaiàq jú¦a²^ÌÛ'Œ.¹¦aå

1
users/lyes/desktop/packages.nix
View file

@ -72,6 +72,7 @@ in {
# unstable.suyu
# suyu
# factorio
sgt-sgt-puzzles
# Reading
# calibre