From bf71744b936271f77ac46ccf3aabb4e8e725c263 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 12 Nov 2023 21:45:02 +0100 Subject: [PATCH] feat: more email, like dns --- hosts/frikandel/email.nix | 14 +++++++++- hosts/frikandel/networking.nix | 2 ++ hosts/frikandel/website.nix | 42 ++++++++++++++++++++++++++++++ hosts/pie/unbound.nix | 2 ++ secrets/mail@b12f.io-password.age | Bin 0 -> 1184 bytes 5 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 secrets/mail@b12f.io-password.age diff --git a/hosts/frikandel/email.nix b/hosts/frikandel/email.nix index e8b6fce..a43a99d 100644 --- a/hosts/frikandel/email.nix +++ b/hosts/frikandel/email.nix @@ -1,6 +1,7 @@ { pkgs, lib, + flake, ... }: { age.secrets."mail@b12f.io-password" = { @@ -9,8 +10,19 @@ owner = "maddy"; }; + services.caddy.virtualHosts = { + "mail.b12f.io" = { + extraConfig = '' + respond "404 Not Found" + ''; + }; + }; + services.maddy = { - enable = true; + enable = false; + + openFirewall = true; + primaryDomain = "b12f.io"; ensureAccounts = [ diff --git a/hosts/frikandel/networking.nix b/hosts/frikandel/networking.nix index 728c79b..f1d382e 100644 --- a/hosts/frikandel/networking.nix +++ b/hosts/frikandel/networking.nix @@ -31,6 +31,8 @@ interface = "enp1s0"; }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + # Caddy reverse proxy for local services like cups services.caddy = { globalConfig = '' diff --git a/hosts/frikandel/website.nix b/hosts/frikandel/website.nix index e69de29..8240cf4 100644 --- a/hosts/frikandel/website.nix +++ b/hosts/frikandel/website.nix @@ -0,0 +1,42 @@ +{ + pkgs, + lib, + ... +}: let + bbeu = pkgs.stdenv.mkDerivation { + name = "benjaminbaedorf.eu"; + src = builtins.fetchgit { + url = "https://git.pub.solar/b12f/benjaminbaedorf.eu.git"; + sparseCheckout = [ + "fonts" + "cows.jpg" + "fonts.css" + "index.html" + "public-pgp-benjamin-baedorf.asc" + ]; + hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; + }; + }; +in { + services.caddy.virtualHosts = { + "benjaminbaedorf.eu" = { + extraConfig = '' + redir https://b12f.io{uri} temporary + ''; + }; + + "b12f.io" = { + extraConfig = '' + handle { + root * ${bbeu} + try_files {path}.html {path} + file_server + } + + handle_errors { + respond "{http.error.status_code} {http.error.status_text}" + } + ''; + }; + }; +} diff --git a/hosts/pie/unbound.nix b/hosts/pie/unbound.nix index 88fe672..1ac1fcd 100644 --- a/hosts/pie/unbound.nix +++ b/hosts/pie/unbound.nix @@ -73,6 +73,8 @@ forward-tls-upstream = "yes"; } ]; + + remote-control.control-enable = true; }; }; diff --git a/secrets/mail@b12f.io-password.age b/secrets/mail@b12f.io-password.age new file mode 100644 index 0000000000000000000000000000000000000000..0e3ead3b6391173767afa06d95e4a05b24d489a6 GIT binary patch literal 1184 zcmXxi$*bH10Dy53p^tzdDyX+OnItchWs*$Ro|4HjlVq~bB$=Wp zSVU1QUPOwhsI3cL1Zx#U#0nxFJctJuEQlhlwWkU$i1pxK@EyLN9e5otnHOzVEz{&! zS_IIh3v?dbEz3p6b9)HV#dj053$@ZNYO>Cl$Y9P*O9$&?D^?~v$AWW*4XxS8Ytcfm z1CJE-5?Bk44l1Bc&RWyqFp_Z)vz&8W4ABJXpc7=gveCXRMKkIDT2b1&5j9d^0-!ZI zl0nhZRACk}oSgA)If$UqTIwg57tOYr*2|?*6-`-PKq{25{T^lbDGm=OnK2pyIHMAj zD3iS9*YPp~#fmkXVdJzKPn%d@_PTK|hXmVNl+|+77%f7VFgsHy+zQr)Z2<{^LQcS~ zvBcIQUh&l+D?ELcRj8mT1X)kC)EOo8wu>}DxC-0BrldSd<1Jc2#jM}~POHU~&Ol@t zDxlknjnf+XEoEB4$y zne2)hjPisriMwVwYUzb&!Hy7*)09BcNP-h#yzECTlTOP)n*R)oorO8|e?q^TSuin8a)sU(XG z+cP#+FEFXumRv_xMJn+qpky8?n0-m$)2HdTGoK`-7Mq6pYu8-35cK zkp5KjM&`73(wZ(PT?;DsKgahTzsDn%C(KSzcy{US)(;;!7TpbSjR8_>tzdySOyLPx zdNs`P>LSh6Et2UmsO3VJ388sgv4vM~d6^S~QPOa@9j-~n0xE3fHioY?`jRBJQj6fs z%;}ke8-+NQ4~f=i-E3b4I-Sn$ykJsd9lET*t1CuR*GMy1Py4DDL|R?$E#zj);-#=P zQw$g%y?XI0{p{t>FYNsF(icy^`ocepL)6a6lj==Z&K{1`^A|rmdhPW4f8KFtde?zZ z4*kyF_>ggq5HB2$K7IU&^>YVu_lGxrc`Id3$KRZL2LBT20{8v;uDbIR6&$?u{QZw@ z4|cA6clq$8_pZKj@VB2|JJw(2r*8QA+iLIu`Q(Rl^8A_GK05LC&5!P!5{^6@zj^ET b@4SA?iyuGr$KT7BubtWX@pk-?2c&-inEs;z literal 0 HcmV?d00001