thary/sp-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

selfprivacy.userdata -> selfprivacy; SP modules -> selfprivacy.modules

Browse Source
This commit is contained in:
Alexander Tomokhov
2023-11-16 04:00:11 +04:00
parent f4fb0a9ce8
commit 80447abb2e
21 changed files with 80 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
sp-modules/nextcloud/config-paths-needed.json
View File

@@ -1,5 +1,5 @@
[
[ "selfprivacy", "userdata", "domain" ],
[ "selfprivacy", "userdata", "nextcloud" ],
[ "selfprivacy", "userdata", "useBinds" ]
[ "selfprivacy", "domain" ],
[ "selfprivacy", "useBinds" ],
[ "selfprivacy", "modules", "nextcloud" ]
]

20
sp-modules/nextcloud/module.nix
View File

@@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }:
{
options.selfprivacy.userdata.nextcloud = with lib; {
options.selfprivacy.modules.nextcloud = with lib; {
enable = mkOption {
type = types.nullOr types.bool;
default = false;
@@ -13,13 +13,13 @@
config =
let
cfg = config.selfprivacy.userdata;
secrets-filepath = "/etc/nixos/userdata/userdata.json";
sp = config.selfprivacy;
secrets-filepath = "/etc/selfprivacy/secrets.json";
db-pass-filepath = "/var/lib/nextcloud/db-pass";
admin-pass-filepath = "/var/lib/nextcloud/admin-pass";
hostName = "cloud.${cfg.domain}";
hostName = "cloud.${sp.domain}";
in
lib.mkIf cfg.nextcloud.enable
lib.mkIf sp.modules.nextcloud.enable
{
system.activationScripts.nextcloudSecrets = ''
mkdir -p /var/lib/nextcloud
@@ -31,9 +31,9 @@
chmod 0440 ${admin-pass-filepath}
chown nextcloud:nextcloud ${admin-pass-filepath}
'';
fileSystems = lib.mkIf cfg.useBinds {
fileSystems = lib.mkIf sp.useBinds {
"/var/lib/nextcloud" = {
device = "/volumes/${cfg.nextcloud.location}/nextcloud";
device = "/volumes/${sp.modules.nextcloud.location}/nextcloud";
options = [ "bind" ];
};
};
@@ -64,8 +64,8 @@
};
};
services.nginx.virtualHosts.${hostName} = {
sslCertificate = "/var/lib/acme/${cfg.domain}/fullchain.pem";
sslCertificateKey = "/var/lib/acme/${cfg.domain}/key.pem";
sslCertificate = "/var/lib/acme/${sp.domain}/fullchain.pem";
sslCertificateKey = "/var/lib/acme/${sp.domain}/key.pem";
forceSSL = true;
extraConfig = ''
add_header Strict-Transport-Security $hsts_header;
@@ -86,7 +86,7 @@
}
# FIXME do we really want to delete passwords on module deactivation!?
//
lib.mkIf (!cfg.nextcloud.enable) {
lib.mkIf (!sp.modules.nextcloud.enable) {
system.activationScripts.nextcloudSecrets =
lib.trivial.warn
(

16
sp-modules/simple-nixos-mailserver/config-paths-needed.json
View File

@@ -1,16 +1,16 @@
[
[ "mailserver" ],
[ "selfprivacy", "userdata", "domain" ],
[ "selfprivacy", "userdata", "email" ],
[ "selfprivacy", "userdata", "hashedMasterPassword" ],
[ "selfprivacy", "userdata", "simple-nixos-mailserver" ],
[ "selfprivacy", "userdata", "useBinds" ],
[ "selfprivacy", "userdata", "username" ],
[ "selfprivacy", "userdata", "users" ],
[ "selfprivacy", "domain" ],
[ "selfprivacy", "email" ],
[ "selfprivacy", "hashedMasterPassword" ],
[ "selfprivacy", "useBinds" ],
[ "selfprivacy", "username" ],
[ "selfprivacy", "users" ],
[ "services", "dovecot2" ],
[ "services", "opendkim" ],
[ "services", "postfix", "group" ],
[ "services", "postfix", "user" ],
[ "services", "redis" ],
[ "services", "rspamd" ]
[ "services", "rspamd" ],
[ "selfprivacy", "modules", "simple-nixos-mailserver" ]
]

48
sp-modules/simple-nixos-mailserver/config.nix
View File

@@ -1,37 +1,37 @@
{ config, lib, ... }:
let
cfg = config.selfprivacy.userdata;
sp = config.selfprivacy;
in
{
fileSystems = lib.mkIf
(cfg.simple-nixos-mailserver.enable && cfg.useBinds)
{
"/var/vmail" = {
device = "/volumes/${cfg.email.location}/vmail";
options = [ "bind" ];
fileSystems =
lib.mkIf (sp.modules.simple-nixos-mailserver.enable && sp.useBinds)
{
"/var/vmail" = {
device = "/volumes/${sp.email.location}/vmail";
options = [ "bind" ];
};
"/var/sieve" = {
device = "/volumes/${sp.email.location}/sieve";
options = [ "bind" ];
};
};
"/var/sieve" = {
device = "/volumes/${cfg.email.location}/sieve";
options = [ "bind" ];
};
};
users.users = lib.mkIf cfg.simple-nixos-mailserver.enable {
users.users = lib.mkIf sp.modules.simple-nixos-mailserver.enable {
virtualMail = {
isNormalUser = false;
};
};
selfprivacy.userdata.simple-nixos-mailserver =
lib.mkIf cfg.simple-nixos-mailserver.enable {
fqdn = cfg.domain;
domains = [ cfg.domain ];
selfprivacy.modules.simple-nixos-mailserver =
lib.mkIf sp.modules.simple-nixos-mailserver.enable {
fqdn = sp.domain;
domains = [ sp.domain ];
# A list of all login accounts. To create the password hashes, use
# mkpasswd -m sha-512 "super secret password"
loginAccounts = {
"${cfg.username}@${cfg.domain}" = {
hashedPassword = cfg.hashedMasterPassword;
"${sp.username}@${sp.domain}" = {
hashedPassword = sp.hashedMasterPassword;
sieveScript = ''
require ["fileinto", "mailbox"];
if header :contains "Chat-Version" "1.0"
@@ -43,7 +43,7 @@ in
};
} // builtins.listToAttrs (builtins.map
(user: {
name = "${user.username}@${cfg.domain}";
name = "${user.username}@${sp.domain}";
value = {
hashedPassword = user.hashedPassword;
sieveScript = ''
@@ -56,15 +56,15 @@ in
'';
};
})
cfg.users);
sp.users);
extraVirtualAliases = {
"admin@${cfg.domain}" = "${cfg.username}@${cfg.domain}";
"admin@${sp.domain}" = "${sp.username}@${sp.domain}";
};
certificateScheme = "manual";
certificateFile = "/var/lib/acme/${cfg.domain}/fullchain.pem";
keyFile = "/var/lib/acme/${cfg.domain}/key.pem";
certificateFile = "/var/lib/acme/${sp.domain}/fullchain.pem";
keyFile = "/var/lib/acme/${sp.domain}/key.pem";
# Enable IMAP and POP3
enableImap = true;

4
sp-modules/simple-nixos-mailserver/flake.nix
View File

@@ -13,10 +13,10 @@
module // {
imports = module.imports ++ [
./config.nix
{ mailserver = config.selfprivacy.userdata.simple-nixos-mailserver; }
{ mailserver = config.selfprivacy.modules.simple-nixos-mailserver; }
];
options = module.options // {
selfprivacy.userdata.simple-nixos-mailserver =
selfprivacy.modules.simple-nixos-mailserver =
module.options.mailserver;
};
};