vueko: Add mail and dav server

2021-02-06 12:18:55 +01:00 · 2021-02-06 12:18:55 +01:00 · 34ec244fcc
parent 62f1dbe30f
commit 34ec244fcc
3 changed files with 54 additions and 2 deletions
--- a/machines/vueko/configuration.nix
+++ b/machines/vueko/configuration.nix
@ -1,5 +1,4 @@
-{ config, pkgs, ... }:
-
+{ config, lib, pkgs, ... }:
 {
  imports = [
    ./hardware-configuration.nix
@ -9,9 +8,62 @@
  sbruder = {
    restic.enable = true;
    full = false;
+
+    mailserver = {
+      enable = true;
+      fqdn = "vueko.sbruder.de";
+      domains = [
+        "kegelschiene.net"
+        "sbruder.de"
+      ];
+      users = import ./secrets/mail-users.nix;
+      rejectSenders = import ./secrets/mail-reject-senders.nix;
+    };
  };

  networking.hostName = "vueko";

  system.stateVersion = "20.09";
+
+  services.nginx = {
+    enable = true;
+
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+
+    virtualHosts = {
+      "vueko.sbruder.de" = {
+        enableACME = true;
+        forceSSL = true;
+      };
+      "dav.sbruder.de" = {
+        enableACME = true;
+        forceSSL = true;
+
+        locations."/".proxyPass = "http://localhost:5232";
+      };
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    80 # HTTP
+    443 # HTTPS
+  ];
+
+  services.radicale = {
+    enable = true;
+    config = lib.generators.toINI { } {
+      auth = {
+        type = "htpasswd";
+        htpasswd_encryption = "bcrypt";
+        htpasswd_filename = toString (pkgs.writeText
+          "radicale-htpasswd"
+          (lib.concatMapStringsSep
+            "\n"
+            ({ address, passwordHash, ... }: "${address}:${passwordHash}")
+            config.sbruder.mailserver.users));
+      };
+    };
+  };
 }
--- a/machines/vueko/secrets/mail-reject-senders.nix
+++ b/machines/vueko/secrets/mail-reject-senders.nix
--- a/machines/vueko/secrets/mail-users.nix
+++ b/machines/vueko/secrets/mail-users.nix