From 791c2a69158d684861d332ec267972dc3fcd70b8 Mon Sep 17 00:00:00 2001 From: Stefan Ellmauthaler Date: Wed, 30 Mar 2022 14:23:52 +0200 Subject: [PATCH] Add base config for the server --- default.nix | 2 +- flake.lock | 136 +++++++++++++++++++++++++++++-- flake.nix | 7 ++ layer/server.nix | 9 +- machine/ellmauthaler/default.nix | 1 + secrets/default.nix | 4 + secrets/secrets.yaml | 0 services/default.nix | 9 ++ services/mariadb.nix | 7 ++ services/nextcloud.nix | 4 + services/nginx.nix | 9 ++ services/smailserver.nix | 4 + 12 files changed, 183 insertions(+), 9 deletions(-) create mode 100644 secrets/default.nix create mode 100644 secrets/secrets.yaml create mode 100644 services/default.nix create mode 100644 services/mariadb.nix create mode 100644 services/nextcloud.nix create mode 100644 services/nginx.nix create mode 100644 services/smailserver.nix diff --git a/default.nix b/default.nix index 81bee9f..0a47e5a 100644 --- a/default.nix +++ b/default.nix @@ -43,6 +43,6 @@ flakes.nixpkgs.lib.listToAttrs (map mkMachine [ } { name = "ellmauthaler"; - extraModules = [ flakes.home-manager.nixosModules.home-manager ]; + extraModules = [ flakes.home-manager.nixosModules.home-manager flakes.simple-nixos-mailserver.nixosModule flakes.sops-nix.nixosModules.sops ]; } ]) diff --git a/flake.lock b/flake.lock index f5c2e57..13edec3 100644 --- a/flake.lock +++ b/flake.lock @@ -1,12 +1,28 @@ { "nodes": { + "blobs": { + "flake": false, + "locked": { + "lastModified": 1604995301, + "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=", + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "type": "gitlab" + } + }, "emacs-overlay": { "locked": { - "lastModified": 1648610035, - "narHash": "sha256-eQ3/YRbabEJbmRKvo48NHZ2MtgyqnlQfjBXLkBcyqGk=", + "lastModified": 1648636019, + "narHash": "sha256-+ouEG2bFGttFe9xDgTJ6EQx6MbfZ8Mwvp+K1+CZJNGg=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "26da73dd9129d267f0c8c26b591ab91050c4cdc9", + "rev": "af2208c42bca9e11703fd4d3853a56213e88cbb8", "type": "github" }, "original": { @@ -54,11 +70,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1648383610, - "narHash": "sha256-egKvd+S5FEpjwK2aCoJ+NrBG2m+9Njl4I1OXrDTZHvE=", + "lastModified": 1648553562, + "narHash": "sha256-xQhRKu6h0phd56oCzGjkhHkY4eDI1XKedGqkFtlXapk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7a3f9d626c8a88141077ab99d8352469aa6feeb7", + "rev": "9b168e5e62406fa2e55e132f390379a6ba22b402", "type": "github" }, "original": { @@ -68,6 +84,36 @@ "type": "github" } }, + "nixpkgs-21_05": { + "locked": { + "lastModified": 1625692408, + "narHash": "sha256-e9L3TLLDVIJpMnHtiNHJE62oOh6emRtSZ244bgYJUZs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c06613c25df3fe1dd26243847a3c105cf6770627", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-21.05", + "type": "indirect" + } + }, + "nixpkgs-21_11": { + "locked": { + "lastModified": 1638371214, + "narHash": "sha256-0kE6KhgH7n0vyuX4aUoGsGIQOqjIx2fJavpCWtn73rc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a640d8394f34714578f3e6335fc767d0755d78f9", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-21.11", + "type": "indirect" + } + }, "nixpkgs-unstable": { "locked": { "lastModified": 1648390671, @@ -84,13 +130,89 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1626852498, + "narHash": "sha256-lOXUJvi0FJUXHTVSiC5qsMRtEUgqM4mGZpMESLuGhmo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "16105403bdd843540cbef9c63fc0f16c1c6eaa70", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, "root": { "inputs": { "emacs-overlay": "emacs-overlay", "home-manager": "home-manager", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", - "nixpkgs-unstable": "nixpkgs-unstable" + "nixpkgs-unstable": "nixpkgs-unstable", + "simple-nixos-mailserver": "simple-nixos-mailserver", + "sops-nix": "sops-nix" + } + }, + "simple-nixos-mailserver": { + "inputs": { + "blobs": "blobs", + "nixpkgs": "nixpkgs_2", + "nixpkgs-21_05": "nixpkgs-21_05", + "nixpkgs-21_11": "nixpkgs-21_11", + "utils": "utils" + }, + "locked": { + "lastModified": 1638911354, + "narHash": "sha256-hNhzLOp+dApEY15vwLAQZu+sjEQbJcOXCaSfAT6lpsQ=", + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "rev": "6e3a7b2ea6f0d68b82027b988aa25d3423787303", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "ref": "nixos-21.11", + "repo": "nixos-mailserver", + "type": "gitlab" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1647279403, + "narHash": "sha256-ZsHfMah9+TElcjaENsaOIFHBNNtSbXmyLFVbiJiAECs=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "c01f48b055ac776f9831c9d4a0fff83e3b74dbe3", + "type": "github" + }, + "original": { + "owner": "Mic92", + "ref": "master", + "repo": "sops-nix", + "type": "github" + } + }, + "utils": { + "locked": { + "lastModified": 1605370193, + "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5021eac20303a61fafe17224c087f5519baed54d", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" } } }, diff --git a/flake.nix b/flake.nix index b2d5221..72c63e1 100644 --- a/flake.nix +++ b/flake.nix @@ -19,6 +19,13 @@ emacs-overlay = { url = "github:nix-community/emacs-overlay"; }; + + simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.11"; + + sops-nix = { + url = "github:Mic92/sops-nix/master"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = {self, ...}@inputs: diff --git a/layer/server.nix b/layer/server.nix index ab9f953..a5f795d 100644 --- a/layer/server.nix +++ b/layer/server.nix @@ -1,3 +1,10 @@ -{ config, pkgs, ...}: +{ config, pkgs, lib, ...}: { + config = lib.mkIf config.variables.server { + services.sshd.enable = true; + imports = [ + ../services + ../secrets + ]; + }; } diff --git a/machine/ellmauthaler/default.nix b/machine/ellmauthaler/default.nix index 2123497..9dba42b 100644 --- a/machine/ellmauthaler/default.nix +++ b/machine/ellmauthaler/default.nix @@ -3,6 +3,7 @@ variables = { hostName = "ellmauthaler"; + server = true; }; networking = { diff --git a/secrets/default.nix b/secrets/default.nix new file mode 100644 index 0000000..fc4d166 --- /dev/null +++ b/secrets/default.nix @@ -0,0 +1,4 @@ +{ config, pkgs, ... }: +{ + sops.defaultSopsFile = ./secrets.yaml; +} diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml new file mode 100644 index 0000000..e69de29 diff --git a/services/default.nix b/services/default.nix new file mode 100644 index 0000000..26cb372 --- /dev/null +++ b/services/default.nix @@ -0,0 +1,9 @@ +{ config, pkgs, lib, ...}: +{ + imports = [ + ./nginx.nix + ./smailserver.nix + ./mariadb.nix + ./nextcloud.nix + ]; +} diff --git a/services/mariadb.nix b/services/mariadb.nix new file mode 100644 index 0000000..a0b65eb --- /dev/null +++ b/services/mariadb.nix @@ -0,0 +1,7 @@ +{ config, pkgs, lib, ...}: +{ + services.mysql = { + enable = true; + package = pkgs.mariadb; + }; +} diff --git a/services/nextcloud.nix b/services/nextcloud.nix new file mode 100644 index 0000000..bc24a02 --- /dev/null +++ b/services/nextcloud.nix @@ -0,0 +1,4 @@ +{ config, pkgs, lib, ...}: +{ + mailserver.enable = true; +} diff --git a/services/nginx.nix b/services/nginx.nix new file mode 100644 index 0000000..9ee46d6 --- /dev/null +++ b/services/nginx.nix @@ -0,0 +1,9 @@ +{ config, pkgs, lib, ...}: +{ + services.nginx.enable = true; + services.nginx.virtualHosts."localhost" = { + addSSL = false; + enableACME = false; + root = "/var/www/localhost"; + }; +} diff --git a/services/smailserver.nix b/services/smailserver.nix new file mode 100644 index 0000000..bc24a02 --- /dev/null +++ b/services/smailserver.nix @@ -0,0 +1,4 @@ +{ config, pkgs, lib, ...}: +{ + mailserver.enable = true; +}