From 26318bcafcf98f72916774d92f9920d861964b11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Tue, 31 Jan 2023 21:25:45 +0100 Subject: [PATCH] feat/mailman: Add flora-6 config for mailman --- hosts/flora-6/caddy.nix | 13 ++++ hosts/flora-6/flora-6.nix | 1 + hosts/flora-6/mailman.nix | 114 +++++++++++++++++++++++++++++++ secrets/mailman-core-secrets.age | Bin 0 -> 1373 bytes secrets/mailman-db-secrets.age | 23 +++++++ secrets/mailman-web-secrets.age | Bin 0 -> 1383 bytes secrets/secrets.nix | 21 ++++-- 7 files changed, 167 insertions(+), 5 deletions(-) create mode 100644 hosts/flora-6/mailman.nix create mode 100644 secrets/mailman-core-secrets.age create mode 100644 secrets/mailman-db-secrets.age create mode 100644 secrets/mailman-web-secrets.age diff --git a/hosts/flora-6/caddy.nix b/hosts/flora-6/caddy.nix index cd90d4ef..648bfe33 100644 --- a/hosts/flora-6/caddy.nix +++ b/hosts/flora-6/caddy.nix @@ -72,6 +72,19 @@ reverse_proxy :4000 ''; }; + "list.pub.solar" = { + logFormat = lib.mkForce '' + output discard + ''; + extraConfig = '' + handle_path /static/* { + root * /var/lib/mailman/web + file_server + } + + reverse_proxy :8000 + ''; + }; "obs-portal.pub.solar" = { logFormat = lib.mkForce '' output discard diff --git a/hosts/flora-6/flora-6.nix b/hosts/flora-6/flora-6.nix index f25f89dc..08af3d5d 100644 --- a/hosts/flora-6/flora-6.nix +++ b/hosts/flora-6/flora-6.nix @@ -19,6 +19,7 @@ in { ./drone.nix ./keycloak.nix ./gitea.nix + ./mailman.nix profiles.base-user profiles.users.root # make sure to configure ssh keys diff --git a/hosts/flora-6/mailman.nix b/hosts/flora-6/mailman.nix new file mode 100644 index 00000000..340d3e03 --- /dev/null +++ b/hosts/flora-6/mailman.nix @@ -0,0 +1,114 @@ +{ + config, + lib, + pkgs, + self, + ... +}: { + system.activationScripts.mkMailmanNet = let + docker = config.virtualisation.oci-containers.backend; + dockerBin = "${pkgs.${docker}}/bin/${docker}"; + in '' + ${dockerBin} network inspect mailman-net >/dev/null 2>&1 || ${dockerBin} network create mailman-net --subnet 172.20.1.0/24 + ''; + + users.users.mailman = { + description = "Mailman Service"; + home = "/var/lib/mailman"; + useDefaultShell = true; + uid = 993; + # Group hakkonaut so caddy can serve the static files from mailman-web directly + group = "hakkonaut"; + isSystemUser = true; + }; + + age.secrets.mailman-core-secrets = { + file = "${self}/secrets/mailman-core-secrets.age"; + mode = "600"; + owner = "mailman"; + }; + + age.secrets.mailman-web-secrets = { + file = "${self}/secrets/mailman-web-secrets.age"; + mode = "600"; + owner = "mailman"; + }; + + age.secrets.mailman-db-secrets = { + file = "${self}/secrets/mailman-db-secrets.age"; + mode = "600"; + owner = "mailman"; + }; + + virtualisation = { + docker = { + enable = true; + }; + + oci-containers = { + backend = "docker"; + containers."mailman-core" = { + image = "maxking/mailman-core:0.4"; + autoStart = true; + user = 993; + volumes = [ + "/var/lib/mailman/core:/opt/mailman/" + ]; + extraOptions = [ + "--network=mailman-net" + ]; + environment = { + DATABASE_TYPE = "postgres"; + DATABASE_CLASS = "mailman.database.postgresql.PostgreSQLDatabase"; + }; + environmentFiles = [ + config.age.secrets.mailman-core-secrets.path + ]; + ports = [ + "127.0.0.1:8001:8001" # API + "127.0.0.1:8024:8024" # LMTP - incoming emails + ]; + }; + + containers."mailman-web" = { + image = "maxking/mailman-web:0.4"; + autoStart = true; + user = 993; + volumes = [ + "/var/lib/mailman/web:/opt/mailman-web-data"; + ]; + extraOptions = [ + "--network=mailman-net" + ]; + environment = { + DATABASE_TYPE = "postgres"; + SERVE_FROM_DOMAIN = "list.pub.solar"; + MAILMAN_ADMIN_USER: "admin"; + MAILMAN_ADMIN_EMAIL: "admins@pub.solar"; + }; + environmentFiles = [ + config.age.secrets.mailman-web-secrets.path + ]; + ports = [ + "127.0.0.1:8000:8000" # HTTP + # "127.0.0.1:8080:8080" # uwsgi + ]; + }; + + containers."mailman-db" = { + image = "postgres:14-alpine"; + autoStart = true; + user = 993; + extraOptions = [ + "--network=mailman-net" + ]; + volumes = [ + "/var/lib/mailman/database:/var/lib/postgresql/data"; + ]; + environmentFiles = [ + config.age.secrets.mailman-db-secrets.path + }; + }; + }; + }; +} diff --git a/secrets/mailman-core-secrets.age b/secrets/mailman-core-secrets.age new file mode 100644 index 0000000000000000000000000000000000000000..294bcd9d2f0d18f9115f22455f37b0bdf24e7ea1 GIT binary patch literal 1373 zcmZ9~dx+Zv0LO6=wn=a>aYG#&cBtDl)~4+xO*S`7(ma|reWvN-hL|R4(j;x#q)n5` z9CIgZ&hx<-s5smZK^-`iA?k5DADptMiaHf1inj-B>Tc>7PSEoY|MB17Kc7E-UrAHL zYDad0Zog%B?y(&$;zfb*#*pjkVO5F2a1;yGpn6>z&QC>|=5$z2n`VK9xSF7+NTSlA z3ms9t3nAj<<7t5(1cou$xTs?ce6awVIE0^Mvmax?3b8I>ZFypd32RrCKE zA-aKphw5Sr)F24*7=b{NZ5j0CA&nzR4I4SNREcHF5Us1FfuK=9yq+GKt*RsRgQg1` zzCgd{s;Ae49+nbvTDpJ=K^;K?TN?~U3~2LlK;$%!6VQxQwxlAQv|W4%$56P@ z6?}ng#UUluRz%v7L8`}4Nt`7b=^{bq3guKGpU5X*K!V0lB_U)pmAsdZF}6s8q#-rf zW5*-F&SDR9!lb0U%Tn1sL# zF`l+K-%$oW)$?%}Vd4!-W-3jjkOt!|k*Ro)5y2cDU;{fwTis~3!<7qOE-=&OL4*|Q z1;+~DluM^FGYs6zW0vh$l#b(>k(658)OCXbQ>^Wg@E&)JQa0?vDgarw7dv zPSd>Tjo|8tmK>@-jKN?(j_^{QQThR0chyeG?rSmy^qFjb&nmk}jLLnt4^ zc^H%e5RDlSmLYmDY*hUyn!?8PG7{AACaPO#K=~a&^;kzs4o$XYv}mX|>SXFh5etHP zpB6{Sk{Un}C^P1p@Bl>!jLuM~gBEO2Msz5v7rH7S`o)S+PpB<6N}?W^7+MZK)^XcO zqAeITlqs?nktpjPVrQZ;ES`4ba<(C>5iXJ}^Zt+lN|x621Q8OHR_7`{3l)JPr?$OvNh=2N`KMU9gorjX zpM5wS>I4l#F+~#TQfWQ{H3dVe)QPMp~K*vl6Wu9}@Yvi3J~;lv*$ZxykjH2KE)1^fP741Hexf_XUi|GTdh$wX(J$cXSMK;~+t$Np|30~XdoZ~$boP;9@u%mE8TAOf@yt^iv*L-+ zsW(+)e?VT@JSW~a-JjkeUAi_D`Ec8=L!a$^i;!>W+?hLg-RzF34G4Dq*v*??c;>Yq z_8)5;Tk_EHH4k2;XHK6yU0=L=X2JMT@`G35v;5Tk&%cCzEiOkleZ1>|^u)Q%KzPr@ z?DQf4U$gG=nYr-Qots`?6zYCAmM3R7RhPcwX2zGT*z;a0a%}1NuZJ#j;Mo-UVPMkV$`N>NQ{sC;3^(p`W literal 0 HcmV?d00001 diff --git a/secrets/mailman-db-secrets.age b/secrets/mailman-db-secrets.age new file mode 100644 index 00000000..c2a0ab33 --- /dev/null +++ b/secrets/mailman-db-secrets.age @@ -0,0 +1,23 @@ +age-encryption.org/v1 +-> ssh-ed25519 Y0ZZaw WqfbigFDHy0nh/B8SjJk2MCKKRQ1Jt/gXxRz2neNvlc +5wJjaxa1sOPPQfg4n6n6HurhkN/+ARVhthxoK8bzOWE +-> ssh-ed25519 BVsyTA Lvki0R7gZediS9KnQGerUtVZQ7qZYUXaUbPvqv2zmgM +YTLaJM1UqpL+avMZz0mMKz1i9LSalbTQkC6xFbYbyAw +-> ssh-rsa kFDS0A +Xcm7KqiO5yK5RUwhJPrJ3fk/GTVK0OJlsGouc71p35o5AgqBrbW0HiNBGMl24oUP +jMU9nSlATq4VaQWKHCqnGOeJCw83C1AON7sVHhoT3vzFWKs9TO0TDR0Gm0fCBTm1 +hk2fQZ/sMe8lGuSyISDg1QmEkC7ow/FwXmMlW5xw0honj1ca+mZ8w5YeWVCMLpGg +pob/79odfVMtlk4uqcjboto6X6aY/W43yG8VQUJwZ3hK/4wVn16Os+RlNH6GAFr0 +aZ6SS4cJR9uTd/y9rQIg9rgQ95qTusg66ClBRdMCy7fvXbfMAMvmtmwBQJQdpO2q +tURAN4Id3+j+vuqk0nqnj0oXx61mIlutbADbkoRlhB9VFVffSu/KeMFVOtSMD0AN +Sp0q4nhv5BSaOP/D0YwOMPmCuS2M6aVfWvPQvrQ5YE4MEWK2qs4A3vZRn2d8o5hh +mvH+y+Foxt69D+k32DWFMCbZCSxlBKW1aGZ6AexFXx6zYyzBoYE9zB6QSI8ZbqN0 +LfBpz2YNCix+6y5qUsCYsY9aa9m4azpsKD7M5IFgmkLqUGvsH7Xx7PC/Z9B4zTgs +MHMJPPR/yRZ8PzbnXIUen4/PnO4j7AbgYDv4FCAAfWJjufC7v+vTI0m80Y/7uZCu +dk6DPZaUMbJFYXPNUNODP/6Dn5RL8hy74IjdLtNIbzg +-> ejJ:5Us-grease +fWwlxnUaotXS0iwGa0zkPyoHuNjTBBgFJUO8cVMNfB2vxoPKraJ+weyTXbu8Fa7i +WVehDudiKTfaK4Ruy6hbUZBjZ+Aq3LDpezw +--- XjN/bkA+YEfIro1w01fcKA7n0xMq6raWxpXoedRIw/g +ECdtya(Qq.jH 6i[M +sm0 ])ձTTo=̢ 7DA}&H=OR6>?$Om͸g괖AFYqܰ~ki2iu1!U?2<ĩ$e63 \ No newline at end of file diff --git a/secrets/mailman-web-secrets.age b/secrets/mailman-web-secrets.age new file mode 100644 index 0000000000000000000000000000000000000000..fe6c8d5f3e96766f0724a196883eaa6bde1fa168 GIT binary patch literal 1383 zcmZA0+pp6E0Dy6cMq`mn3_K9goQR3Q7~R^nTLB5}x^CT0*LB_6u0S|l*R@+O>uqhf z$b-fp#z3M`q6mozps2)P;)A{z2{C~vmlG8U`rsv^F-ibKFo;BbGVw3?eJ`J)YiZ3< z{fQe6M$Ys%6K?#IESsZpG=u4Iqn8YXQUw9u#P$K9YfC4ljCr3QERA zh8Lk}hb9NQ$qhr?mkF?x;0iyD_&)EXtf*#_0NfUfHbKx8u;ij6RP$V;ja%Z7qal*Njk@TuM!3T6@R2y-iCCFh^ zLcv+HEI6=K;M5{UqGJwY$CMz>x(eAaRTao^Ne3^3c|KEW+IWR5Bq$lv30r6cwE>zf zixs%;RzZ1)gD6gQ`@=y?LC9IY+KXWW#(hAc^CZ>?;a-%<4tN|#a2v`FA~qFLWQuN8 z3vr@bAvz)%D91^|ia743SYJkx5+l)E-Urw&s>%%3N>Id#SArP4 z)K<~HYdNyeMgrQGc^Slec~2RRlB}Xb9YCp?EuZc1ExpyRxPq7IiwrxBU2x2hb~i`U zXd$ek-PlWDv)0O?!ycD}jLda>vZ)a~4)nWpAjq~7N=Bt6c1DDZDe#0I*^xYw`V)dH zmSng-MD$RKNt!TNvCA}tmKbIoN=`BmP%M;+L}#KDZOrxqJ0s4HSqsYrnq%~0GEYUi zmvO`zVfyC3*F3SA#nZa4DS-xPl>!mDELJQ@W+x$Xw2Z+eBNlQ=D)PF0b`};?tj1Bg z6!bN@Y@*eo$4u)e3age^q%EN6_Z68&8vzHT)9INBRz?bSmG2vcB9G*zTc<%g3e5poV}SFuchRjUmVA72{g!R`hsW>UduPX%msjok{?M}Vi}0=;ca<(& ze>(h>IeTL6^t`w9A*9Gxl_yUHP0!BKe%(6KK9*DUv0T?yZ%P$v8%f` zoV|4LNpzK^@0~8cJon~%N7oeWyH@O