diff --git a/hosts/frikandel/default.nix b/hosts/frikandel/default.nix index 907f23d..17ed70d 100644 --- a/hosts/frikandel/default.nix +++ b/hosts/frikandel/default.nix @@ -5,5 +5,7 @@ ./networking.nix ./wireguard.nix + ./email.nix + ./website.nix ]; } diff --git a/hosts/frikandel/email.nix b/hosts/frikandel/email.nix new file mode 100644 index 0000000..e8b6fce --- /dev/null +++ b/hosts/frikandel/email.nix @@ -0,0 +1,35 @@ +{ + pkgs, + lib, + ... +}: { + age.secrets."mail@b12f.io-password" = { + file = "${flake.self}/secrets/mail@b12f.io-password.age"; + mode = "400"; + owner = "maddy"; + }; + + services.maddy = { + enable = true; + primaryDomain = "b12f.io"; + + ensureAccounts = [ + "mail@b12f.io" + ]; + + ensureCredentials = { + # Do not use this in production. This will make passwords world-readable + # in the Nix store + "mail@b12f.io".passwordFile = "${pkgs.writeText "postmaster" "test"}"; + }; + + tls = { + certificates = [ + { + keyPath = ""; + certPath = ""; + } + ]; + }; + }; +} diff --git a/hosts/frikandel/networking.nix b/hosts/frikandel/networking.nix index d024a36..728c79b 100644 --- a/hosts/frikandel/networking.nix +++ b/hosts/frikandel/networking.nix @@ -7,7 +7,12 @@ }: { networking.hostName = "frikandel"; networking.hostId = "44234773"; - networking.nameservers = [ "9.9.9.9" ]; + networking.nameservers = [ + "193.110.81.0#dns0.eu" + "2a0f:fc80::#dns0.eu" + "185.253.5.0#dns0.eu" + "2a0f:fc81::#dns0.eu" + ]; services.openssh.openFirewall = true; @@ -25,4 +30,14 @@ address = "fe80::1"; interface = "enp1s0"; }; + + # Caddy reverse proxy for local services like cups + services.caddy = { + globalConfig = '' + default_bind 128.140.109.213 2a01:4f8:c2c:b60:: + # auto_https off + email acme@benjaminbaedorf.eu + # acme_ca https://acme-staging-v02.api.letsencrypt.org/directory + ''; + }; } diff --git a/hosts/frikandel/website.nix b/hosts/frikandel/website.nix new file mode 100644 index 0000000..e69de29 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index ee0d18a..1bfd8b7 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -68,4 +68,6 @@ in { "invoiceplane-db-password.age".publicKeys = pieKeys ++ baseKeys; "invoiceplane-db-secrets.env.age".publicKeys = pieKeys ++ baseKeys; + + "mail@b12f.io-password.age".publicKeys = frikandelKeys ++ baseKeys; }