patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity

feat: nextcloud send mail

Browse source
This commit is contained in:
Patrick 2024-02-11 00:40:30 +01:00
parent eb1de17bc3
commit 2cfaf4c116
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
6 changed files with 71 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
hosts/elisabeth/net.nix
View file

@ -7,11 +7,6 @@
inherit (config.secrets.secrets.local.networking) hostId; inherit (config.secrets.secrets.local.networking) hostId;
}; };
systemd.network.networks = { systemd.network.networks = {
"40-lan01" = {
matchConfig.Name = "lan01";
dhcpV6Config.UseDNS = false;
dhcpV4Config.UseDNS = false;
};
"10-lan01" = { "10-lan01" = {
address = [(lib.net.cidr.hostCidr config.secrets.secrets.global.net.ips.${config.node.name} config.secrets.secrets.global.net.privateSubnetv4)]; address = [(lib.net.cidr.hostCidr config.secrets.secrets.global.net.ips.${config.node.name} config.secrets.secrets.global.net.privateSubnetv4)];
gateway = [(lib.net.cidr.host 1 config.secrets.secrets.global.net.privateSubnetv4)]; gateway = [(lib.net.cidr.host 1 config.secrets.secrets.global.net.privateSubnetv4)];
@ -19,6 +14,7 @@
matchConfig.Name = "lan"; matchConfig.Name = "lan";
dhcpV6Config.UseDNS = false; dhcpV6Config.UseDNS = false;
dhcpV4Config.UseDNS = false; dhcpV4Config.UseDNS = false;
ipv6AcceptRAConfig.UseDNS = false;
networkConfig = { networkConfig = {
IPv6PrivacyExtensions = "yes"; IPv6PrivacyExtensions = "yes";
MulticastDNS = true; MulticastDNS = true;

15
hosts/elisabeth/secrets/nextcloud/generated/maddyPasswd.age Normal file
View file

@ -0,0 +1,15 @@
age-encryption.org/v1
-> X25519 59/M7sZBQrBQPAcEOVz6Wx4JAa2KDr7uuvWujXw0UQ4
F0xyN4XaRsUxWeWw8D/iMeG5Ae5q9O7E+aIAy4H6o1Y
-> piv-p256 XTQkUA A9Ebcz93AXKtJGec/q8lhai+HlW6wMcfvexN71l0G3Fh
AJMEfVRsd0FhYk4gRQxls5pNP8g2yNSQDTXz0ZFg1Zo
-> piv-p256 ZFgiIw AoEfBUMaCAqv250jrjBNSm/JKGvYOazanHBss6kHmAmt
N4Bu8uLMqwqbu7D6d57hlVYmt95NXSJjFY8biU6vs58
-> piv-p256 5vmPtQ ApQ9mIcmf88Z22mBr1IMSJ1dgoDADRB+Jj48HpKFiAbD
rEcWLXh8oCPQRuKTQpTjqlDME2Rw2zkWk+1X4BTtgts
-> piv-p256 ZFgiIw Asa1oVWehCSqG0JVPtLrngOJiFMYyWcmCYnlyxGbH5DF
nIWn2OQkBAgwPlLExo5eG6GwEdB+zmSrSD88/XrTsiU
-> W5<$HY5Y-grease kIKLXr B( 8<}qd
jcKYwwiWM/CGNodKYwOT
--- 41dZQpbgiDIVRmiBMyO9u76SNI350z+LPHjYNW5LyOc
¶ºý0Ì¿²Ý 3®k`EäÉEßµe•öp‡Ž€µ~n?gV9ÈÁêU#tâ5üý;ε·Ðž¿¡ù;-a9<61>jÊrK".Œ%Ðìyè@뀦Î

2
hosts/testienix/default.nix
View file

@ -19,8 +19,6 @@
./fs.nix ./fs.nix
] ]
++ lib.lists.optionals (!minimal) [ ++ lib.lists.optionals (!minimal) [
../../modules/services/samba.nix
../../modules/services/nextcloud.nix
]; ];
services.xserver = { services.xserver = {
layout = "de"; layout = "de";

16
hosts/testienix/secrets/generated/maddyPasswd.age Normal file
View file

@ -0,0 +1,16 @@
age-encryption.org/v1
-> X25519 EiiaTspuYICo7sZE7Gs8ZheQk8eL5MtxpQjwtfwO+hE
XIhhJjY/U5xGl5H7PSI+yHwDZNx7avpvxcIaMZNc/c0
-> piv-p256 XTQkUA AvaKD53FQhtuc22ZV+Ie7AfFzACDCtObyNqbbr0N4Tx8
OJ3SntPlIU4AD628ecxRwcQ/hA/zI4mX9EDwdQjncZk
-> piv-p256 ZFgiIw AyZFt8rIp8Tlc/oSSiuB7RnlwqegOOUFUd8QzpW85ZRa
X426rvg1JlYcUgOWDOHccN7sh4QpgXCzaOTWaW2C880
-> piv-p256 5vmPtQ At2On21r9ZP/hBd+J1XdOYk7+mwKjXn5Qf7E0mBsX5fV
ebY+uWnfgTcs1GQXf24Sc2vpYZ+Ns1VYMWNV/kF5JUg
-> piv-p256 ZFgiIw Ax/HbDAorQF3etat7Z9OPMEXtqsl5+Z4OqQ06q4G7NIM
INZJZSfyJtr/ixZ8hrY+3337HXrDu+zku0RLJRI7grI
-> C-grease np6r#%p 3 2}hiMzg SC$uG
W0QvKa5oteDmCEZOhRc2vwij6kfSXUljy8qOqsO36y76D7D87hmFNK+/8FFlFHF5
hieGKJW9wR4/yXYsjZtG
--- 3Uh7zG2QD1KbYAZlzkl0VEThhzcuczwydlRQ+c9rcVk
…€Ã@ú >÷÷çJ.ëü Tlk_Ðr¼<07>¸ÏÇŸãJ;ÞgÐ f˜ád‡ÛñÖ|™„6h!A]D&çÑÙ@f”Pp2!:7j¾

1
modules/services/maddy.nix
View file

@ -284,7 +284,6 @@ in {
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts."mta-sts.${priv_domain}".extraConfig = '' virtualHosts."mta-sts.${priv_domain}".extraConfig = ''
encode gzip
file_server file_server
root * ${ root * ${
pkgs.runCommand "priv_domain" {} '' pkgs.runCommand "priv_domain" {} ''

41
modules/services/nextcloud.nix
View file

@ -2,11 +2,27 @@
lib, lib,
pkgs, pkgs,
config, config,
nodes,
... ...
}: let }: let
hostName = "nc.${config.secrets.secrets.global.domains.web}"; hostName = "nc.${config.secrets.secrets.global.domains.web}";
in { in {
# TODO mailer age.secrets.maddyPasswd = {
generator.script = "alnum";
mode = "440";
owner = "nextcloud";
};
nodes.maddy = {
age.secrets.nextcloudPasswd = {
inherit (config.age.secrets.maddyPasswd) rekeyFile;
inherit (nodes.maddy.config.services.maddy) group;
mode = "640";
};
services.maddy.ensureCredentials = {
"nextcloud@${config.secrets.secrets.global.domains.mail_public}".passwordFile = nodes.maddy.config.age.secrets.nextcloudPasswd.path;
};
};
environment.persistence."/persist".directories = [ environment.persistence."/persist".directories = [
{ {
directory = "/var/lib/postgresql/"; directory = "/var/lib/postgresql/";
@ -44,10 +60,11 @@ in {
extraAppsEnable = true; extraAppsEnable = true;
database.createLocally = true; database.createLocally = true;
phpOptions."opcache.interned_strings_buffer" = "32"; phpOptions."opcache.interned_strings_buffer" = "32";
extraOptions = { settings = {
default_phone_region = "DE"; default_phone_region = "DE";
trusted_proxies = [(lib.net.cidr.host config.secrets.secrets.global.net.ips.elisabeth config.secrets.secrets.global.net.privateSubnetv4)]; trusted_proxies = [(lib.net.cidr.host config.secrets.secrets.global.net.ips.elisabeth config.secrets.secrets.global.net.privateSubnetv4)];
overwriteprotocol = "https"; overwriteprotocol = "https";
maintenance_window_start = 2;
enabledPreviewProviders = [ enabledPreviewProviders = [
"OC\\Preview\\BMP" "OC\\Preview\\BMP"
"OC\\Preview\\GIF" "OC\\Preview\\GIF"
@ -61,11 +78,31 @@ in {
"OC\\Preview\\XBitmap" "OC\\Preview\\XBitmap"
"OC\\Preview\\HEIC" "OC\\Preview\\HEIC"
]; ];
mail_smtpmode = "smtp";
mail_smtphost = "smtp.${config.secrets.secrets.global.domains.mail_public}";
mail_smtpport = 465;
mail_from_address = "nextcloud";
mail_smtpsecure = "ssl";
mail_domain = config.secrets.secrets.global.domains.mail_public;
mail_smtpauth = true;
mail_smtpname = "nextcloud@${config.secrets.secrets.global.domains.mail_public}";
loglevel = 2;
}; };
config = { config = {
dbtype = "pgsql"; dbtype = "pgsql";
}; };
}; };
systemd.tmpfiles.rules = let
mailer-passwd-conf = pkgs.writeText "nextcloud-config.php" ''
<?php
$CONFIG = [
'mail_smtppassword' => trim(file_get_contents('${config.age.secrets.maddyPasswd.path}')),
];
'';
in [
"L+ ${config.services.nextcloud.datadir}/config/mailer.config.php - - - - ${mailer-passwd-conf}"
];
networking = { networking = {
firewall.allowedTCPPorts = [80]; firewall.allowedTCPPorts = [80];