diff --git a/flake.lock b/flake.lock index 8ca6c4f..2464df8 100644 --- a/flake.lock +++ b/flake.lock @@ -52,6 +52,22 @@ "type": "github" } }, + "blobs": { + "flake": false, + "locked": { + "lastModified": 1604995301, + "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=", + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "type": "gitlab" + } + }, "crane": { "locked": { "lastModified": 1727974419, @@ -132,12 +148,28 @@ }, "original": { "owner": "edolstra", - "ref": "v1.0.1", "repo": "flake-compat", "type": "github" } }, "flake-compat_4": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "ref": "v1.0.1", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_5": { "flake": false, "locked": { "lastModified": 1650374568, @@ -153,7 +185,7 @@ "type": "github" } }, - "flake-compat_5": { + "flake-compat_6": { "flake": false, "locked": { "lastModified": 1650374568, @@ -296,7 +328,7 @@ }, "flake-utils_5": { "inputs": { - "systems": "systems_7" + "systems": "systems_8" }, "locked": { "lastModified": 1694529238, @@ -848,6 +880,21 @@ "type": "github" } }, + "nixpkgs-24_05": { + "locked": { + "lastModified": 1717144377, + "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "805a384895c696f802a9bf5bf4720f37385df547", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-24.05", + "type": "indirect" + } + }, "nixpkgs-latest-factorio": { "locked": { "lastModified": 1731242709, @@ -1005,6 +1052,21 @@ } }, "nixpkgs_7": { + "locked": { + "lastModified": 1717602782, + "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, + "nixpkgs_8": { "locked": { "lastModified": 1731763621, "narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=", @@ -1020,7 +1082,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1731319897, "narHash": "sha256-PbABj4tnbWFMfBp6OcUK5iGy1QY+/Z96ZcLpooIbuEI=", @@ -1109,6 +1171,7 @@ "nixpkgs-master": "nixpkgs-master", "nixpkgs-unstable": "nixpkgs-unstable", "raspberry-pi-nix": "raspberry-pi-nix", + "simple-nixos-mailserver": "simple-nixos-mailserver", "snowfall-flake": "snowfall-flake", "snowfall-lib": "snowfall-lib_2", "sops-nix": "sops-nix", @@ -1255,9 +1318,32 @@ "type": "github" } }, + "simple-nixos-mailserver": { + "inputs": { + "blobs": "blobs", + "flake-compat": "flake-compat_3", + "nixpkgs": "nixpkgs_7", + "nixpkgs-24_05": "nixpkgs-24_05", + "utils": "utils" + }, + "locked": { + "lastModified": 1718084203, + "narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=", + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "rev": "29916981e7b3b5782dc5085ad18490113f8ff63b", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "ref": "nixos-24.05", + "repo": "nixos-mailserver", + "type": "gitlab" + } + }, "snowfall-flake": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_4", "nixpkgs": [ "nixpkgs-unstable" ], @@ -1279,7 +1365,7 @@ }, "snowfall-lib": { "inputs": { - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_5", "flake-utils-plus": "flake-utils-plus", "nixpkgs": [ "snowfall-flake", @@ -1303,7 +1389,7 @@ }, "snowfall-lib_2": { "inputs": { - "flake-compat": "flake-compat_5", + "flake-compat": "flake-compat_6", "flake-utils-plus": "flake-utils-plus_2", "nixpkgs": [ "nixpkgs" @@ -1325,7 +1411,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1731862312, @@ -1446,6 +1532,21 @@ "type": "github" } }, + "systems_8": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "u-boot-src": { "flake": false, "locked": { @@ -1459,6 +1560,24 @@ "url": "https://ftp.denx.de/pub/u-boot/u-boot-2024.07.tar.bz2" } }, + "utils": { + "inputs": { + "systems": "systems_7" + }, + "locked": { + "lastModified": 1709126324, + "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "d465f4819400de7c8d874d50b982301f28a84605", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "xdph": { "inputs": { "hyprland-protocols": [ @@ -1502,7 +1621,7 @@ }, "zen-browser": { "inputs": { - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1731689537, diff --git a/flake.nix b/flake.nix index d9eb2d9..3055822 100644 --- a/flake.nix +++ b/flake.nix @@ -83,6 +83,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; + ################ ## inputs for dev shells @@ -134,6 +136,10 @@ raspberry-pi-nix.nixosModules.sd-image ]; + systems.hosts.loptland.modules = with inputs; [ + simple-nixos-mailserver.nixosModules.default + ]; + systems.hosts.wsl.modules = with inputs; [ nixos-wsl.nixosModules.default ]; } // { diff --git a/secrets/secrets-loptland.yaml b/secrets/secrets-loptland.yaml index 6066f7f..1ce466d 100644 --- a/secrets/secrets-loptland.yaml +++ b/secrets/secrets-loptland.yaml @@ -5,6 +5,9 @@ factorio: forgejo: db: password: ENC[AES256_GCM,data:CicLsCG2WCtiKMcz3DF5eVVaT8A=,iv:SPO1H4AZwo5FjJWkf1OS7aPOrpTGxqsAj4q3cuuWAbA=,tag:0snK8RyAd8heNvui2sbSNw==,type:str] + mail: + password: ENC[AES256_GCM,data:XgQZM0MBUEELyhH7UvyyMEiUABs=,iv:m3Wzs2SAPQ2w6UC02lpTvwd83Dt0LEzqdIj65HeOrbU=,tag:3cr5dnjeyoJ4ze9RFd9K5g==,type:str] + passwordHash: ENC[AES256_GCM,data:hHGJBUEtCi/gErZ5vm0gsEFqyIDNkED4scR4NAOSzbiiZAYTMg++yqf3hfjjwWV3wTPswNpzzw+gYKEH,iv:wDM5IOOamopFpMEkUit4y7LBZi8CJff3+Tc08lK4IXI=,tag:FaaaohtA+vBFwjDugoemQw==,type:str] netcup: customer_number: ENC[AES256_GCM,data:9+QboNg1,iv:Tg9ylJUM8L/kzqFmk2uIsD9noqnp5wIxr5GVXMsZwB8=,tag:2qRggSIkPHuCQYDWCfka5Q==,type:str] api: @@ -34,8 +37,8 @@ sops: UllqSDR1YWl6aU1jSnY2WE9oczg5Q28KfN15tFxXHrJmOHySK+cyLi2bFqArg244 bNTYyuBUtBW1Y/EuNpbyLjSNQpKZWFz7grE64uxrNQHP865N3wv0gg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-12T14:29:12Z" - mac: ENC[AES256_GCM,data:lKx1qAe689wkWkrMRvqHpE0zmv+ShLwpApBw2C4+JEuuHnoN1W7aoB/GQRkWzmImCCy9odzM2yoUa0mJogl0i+bddblrl+ZS0uPmPQrm3pM0sl876pelogxKuNpQWS8PRNDe24z3m06f0TozhfPF9D2ywH30tFH8naZONfWTTUU=,iv:tDhJVlWnTHnjZak32pgnUZ8XtM6TK9o2gZ0X3tcQD4Q=,tag:PcMS/5DpEkDkk+U0GG918w==,type:str] + lastmodified: "2024-12-03T13:46:57Z" + mac: ENC[AES256_GCM,data:5o/0aL6x4Kc+IwKL4sIZ4gyG4IXZqvL6TqZFnp3GNGjazRyUKvEbTbKTj96C7W1ci+JUv73mO/0IGjPxY/Bbsv06clKxSX40XbSvWVxSOfQp1qfiQaDxswcF+7yw5vA6wsOfZnYCWeyzJHuBD8OvTE+xXE8bNil5q2ZY5OXX7nk=,iv:aR7um7d9fjJxetxj8a0LrK9zs8tAWiSvKMenYBCMWpc=,tag:Zvj+ZiM5uV5HFVwu6ZAd2A==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1 diff --git a/systems/x86_64-linux/loptland/default.nix b/systems/x86_64-linux/loptland/default.nix index f0db53f..bcb8b18 100644 --- a/systems/x86_64-linux/loptland/default.nix +++ b/systems/x86_64-linux/loptland/default.nix @@ -26,6 +26,12 @@ in "forgejo/db/password" = { inherit sopsFile; }; + "forgejo/mail/password" = { + inherit sopsFile; + }; + "forgejo/mail/passwordHash" = { + inherit sopsFile; + }; }; }; @@ -83,13 +89,33 @@ in mailer = { ENABLED = true; - PROTOCOL = "sendmail"; + PROTOCOL = "smtps"; FROM = "no-reply@${domainName}"; - SENDMAIL_PATH = "${pkgs.system-sendmail}/bin/sendmail"; + SMTP_ADDR = "mail.${domainName}"; + USER = "forgejo@${domainName}"; }; service.DISABLE_REGISTRATION = true; }; + + secrets = { + mailer.PASSWD = config.sops.secrets."forgejo/mail/password".path; + }; + }; + + mailserver = { + enable = true; + fqdn = "mail.${domainName}"; + domains = [ domainName ]; + + loginAccounts = { + "forgejo@${domainName}" = { + hashedPasswordFile = config.sops.secrets."forgejo/mail/passwordHash".path; + aliases = [ "no-reply@${domainName}" ]; + }; + }; + + certificateScheme = "acme-nginx"; }; networking.firewall.allowedTCPPorts = [