feat/mailman: Add flora-6 config for mailman
This commit is contained in:
parent
a7d684e1f8
commit
26318bcafc
|
@ -72,6 +72,19 @@
|
|||
reverse_proxy :4000
|
||||
'';
|
||||
};
|
||||
"list.pub.solar" = {
|
||||
logFormat = lib.mkForce ''
|
||||
output discard
|
||||
'';
|
||||
extraConfig = ''
|
||||
handle_path /static/* {
|
||||
root * /var/lib/mailman/web
|
||||
file_server
|
||||
}
|
||||
|
||||
reverse_proxy :8000
|
||||
'';
|
||||
};
|
||||
"obs-portal.pub.solar" = {
|
||||
logFormat = lib.mkForce ''
|
||||
output discard
|
||||
|
|
|
@ -19,6 +19,7 @@ in {
|
|||
./drone.nix
|
||||
./keycloak.nix
|
||||
./gitea.nix
|
||||
./mailman.nix
|
||||
|
||||
profiles.base-user
|
||||
profiles.users.root # make sure to configure ssh keys
|
||||
|
|
114
hosts/flora-6/mailman.nix
Normal file
114
hosts/flora-6/mailman.nix
Normal file
|
@ -0,0 +1,114 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
self,
|
||||
...
|
||||
}: {
|
||||
system.activationScripts.mkMailmanNet = let
|
||||
docker = config.virtualisation.oci-containers.backend;
|
||||
dockerBin = "${pkgs.${docker}}/bin/${docker}";
|
||||
in ''
|
||||
${dockerBin} network inspect mailman-net >/dev/null 2>&1 || ${dockerBin} network create mailman-net --subnet 172.20.1.0/24
|
||||
'';
|
||||
|
||||
users.users.mailman = {
|
||||
description = "Mailman Service";
|
||||
home = "/var/lib/mailman";
|
||||
useDefaultShell = true;
|
||||
uid = 993;
|
||||
# Group hakkonaut so caddy can serve the static files from mailman-web directly
|
||||
group = "hakkonaut";
|
||||
isSystemUser = true;
|
||||
};
|
||||
|
||||
age.secrets.mailman-core-secrets = {
|
||||
file = "${self}/secrets/mailman-core-secrets.age";
|
||||
mode = "600";
|
||||
owner = "mailman";
|
||||
};
|
||||
|
||||
age.secrets.mailman-web-secrets = {
|
||||
file = "${self}/secrets/mailman-web-secrets.age";
|
||||
mode = "600";
|
||||
owner = "mailman";
|
||||
};
|
||||
|
||||
age.secrets.mailman-db-secrets = {
|
||||
file = "${self}/secrets/mailman-db-secrets.age";
|
||||
mode = "600";
|
||||
owner = "mailman";
|
||||
};
|
||||
|
||||
virtualisation = {
|
||||
docker = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
oci-containers = {
|
||||
backend = "docker";
|
||||
containers."mailman-core" = {
|
||||
image = "maxking/mailman-core:0.4";
|
||||
autoStart = true;
|
||||
user = 993;
|
||||
volumes = [
|
||||
"/var/lib/mailman/core:/opt/mailman/"
|
||||
];
|
||||
extraOptions = [
|
||||
"--network=mailman-net"
|
||||
];
|
||||
environment = {
|
||||
DATABASE_TYPE = "postgres";
|
||||
DATABASE_CLASS = "mailman.database.postgresql.PostgreSQLDatabase";
|
||||
};
|
||||
environmentFiles = [
|
||||
config.age.secrets.mailman-core-secrets.path
|
||||
];
|
||||
ports = [
|
||||
"127.0.0.1:8001:8001" # API
|
||||
"127.0.0.1:8024:8024" # LMTP - incoming emails
|
||||
];
|
||||
};
|
||||
|
||||
containers."mailman-web" = {
|
||||
image = "maxking/mailman-web:0.4";
|
||||
autoStart = true;
|
||||
user = 993;
|
||||
volumes = [
|
||||
"/var/lib/mailman/web:/opt/mailman-web-data";
|
||||
];
|
||||
extraOptions = [
|
||||
"--network=mailman-net"
|
||||
];
|
||||
environment = {
|
||||
DATABASE_TYPE = "postgres";
|
||||
SERVE_FROM_DOMAIN = "list.pub.solar";
|
||||
MAILMAN_ADMIN_USER: "admin";
|
||||
MAILMAN_ADMIN_EMAIL: "admins@pub.solar";
|
||||
};
|
||||
environmentFiles = [
|
||||
config.age.secrets.mailman-web-secrets.path
|
||||
];
|
||||
ports = [
|
||||
"127.0.0.1:8000:8000" # HTTP
|
||||
# "127.0.0.1:8080:8080" # uwsgi
|
||||
];
|
||||
};
|
||||
|
||||
containers."mailman-db" = {
|
||||
image = "postgres:14-alpine";
|
||||
autoStart = true;
|
||||
user = 993;
|
||||
extraOptions = [
|
||||
"--network=mailman-net"
|
||||
];
|
||||
volumes = [
|
||||
"/var/lib/mailman/database:/var/lib/postgresql/data";
|
||||
];
|
||||
environmentFiles = [
|
||||
config.age.secrets.mailman-db-secrets.path
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
BIN
secrets/mailman-core-secrets.age
Normal file
BIN
secrets/mailman-core-secrets.age
Normal file
Binary file not shown.
23
secrets/mailman-db-secrets.age
Normal file
23
secrets/mailman-db-secrets.age
Normal file
|
@ -0,0 +1,23 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 Y0ZZaw WqfbigFDHy0nh/B8SjJk2MCKKRQ1Jt/gXxRz2neNvlc
|
||||
5wJjaxa1sOPPQfg4n6n6HurhkN/+ARVhthxoK8bzOWE
|
||||
-> ssh-ed25519 BVsyTA Lvki0R7gZediS9KnQGerUtVZQ7qZYUXaUbPvqv2zmgM
|
||||
YTLaJM1UqpL+avMZz0mMKz1i9LSalbTQkC6xFbYbyAw
|
||||
-> ssh-rsa kFDS0A
|
||||
Xcm7KqiO5yK5RUwhJPrJ3fk/GTVK0OJlsGouc71p35o5AgqBrbW0HiNBGMl24oUP
|
||||
jMU9nSlATq4VaQWKHCqnGOeJCw83C1AON7sVHhoT3vzFWKs9TO0TDR0Gm0fCBTm1
|
||||
hk2fQZ/sMe8lGuSyISDg1QmEkC7ow/FwXmMlW5xw0honj1ca+mZ8w5YeWVCMLpGg
|
||||
pob/79odfVMtlk4uqcjboto6X6aY/W43yG8VQUJwZ3hK/4wVn16Os+RlNH6GAFr0
|
||||
aZ6SS4cJR9uTd/y9rQIg9rgQ95qTusg66ClBRdMCy7fvXbfMAMvmtmwBQJQdpO2q
|
||||
tURAN4Id3+j+vuqk0nqnj0oXx61mIlutbADbkoRlhB9VFVffSu/KeMFVOtSMD0AN
|
||||
Sp0q4nhv5BSaOP/D0YwOMPmCuS2M6aVfWvPQvrQ5YE4MEWK2qs4A3vZRn2d8o5hh
|
||||
mvH+y+Foxt69D+k32DWFMCbZCSxlBKW1aGZ6AexFXx6zYyzBoYE9zB6QSI8ZbqN0
|
||||
LfBpz2YNCix+6y5qUsCYsY9aa9m4azpsKD7M5IFgmkLqUGvsH7Xx7PC/Z9B4zTgs
|
||||
MHMJPPR/yRZ8PzbnXIUen4/PnO4j7AbgYDv4FCAAfWJjufC7v+vTI0m80Y/7uZCu
|
||||
dk6DPZaUMbJFYXPNUNODP/6Dn5RL8hy74IjdLtNIbzg
|
||||
-> ejJ:5Us-grease
|
||||
fWwlxnUaotXS0iwGa0zkPyoHuNjTBBgFJUO8cVMNfB2vxoPKraJ+weyTXbu8Fa7i
|
||||
WVehDudiKTfaK4Ruy6hbUZBjZ+Aq3LDpezw
|
||||
--- XjN/bkA+YEfIro1w01fcKA7n0xMq6raWxpXoedRIw/g
|
||||
EC†í³dtyaè¢(QqÆ.j²H 6¾‰‹®i[M
|
||||
sº”Çm0©])Õ±T‘Täo½<6F>=¹¢Ì¢
å¡7£DýA¯Ô}±&HàÞ=OâRæ6·>ª°?<3F>ý$ŒO¥‰m͸öÇg…‰ÿê´–AF£™YqÜ°Ì~ô½kƒàâi¾ú2iu1!U›?2<Ä©$eÜ6×ëï3·µ
|
BIN
secrets/mailman-web-secrets.age
Normal file
BIN
secrets/mailman-web-secrets.age
Normal file
Binary file not shown.
|
@ -1,15 +1,26 @@
|
|||
let
|
||||
# set ssh public keys here for your system and user
|
||||
b12f-main = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHx4A8rLYmFgTOp1fDGbbONN8SOT0l5wWrUSYFUcVzMPTyfdT23ZVIdVD5yZCySgi/7PSh5mVmyLIZVIXlNrZJg=";
|
||||
b12f-backup = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw=";
|
||||
teutat3s = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms";
|
||||
b12f-bbcom = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmXpOU6vzQiVSSYCoxHYv7wDxC63Qg3dxlAMR6AOzwIABCU5PFFNcO0NWYms/YR7MOViorl+19LCLRABar9JgHU1n+uqxKV6eGph3OPeMp5sN8LAh7C9N+TZj8iJzBxQ3ch+Z/LdmLRwYNJ7KSUI+gwGK6xRS3+z1022Y4P0G0sx7IeCBl4lealQEIIF10ZOfjUdBcLQar7XTc5AxyGKnHCerXHRtccCoadLQujk0AvPXbv3Ma4JwX9X++AnCWRWakqS5UInu2tGuZ/6Hrjd2a9AKWjTaBVDcbYqCvY4XVuMj2/A2bCceFBaoi41apybSk26FSFTU4qiEUNQ6lxeOwG4+1NCXyHe2bGI4VyoxinDYa8vLLzXIRfTRA0qoGfCweXNeWPf0jMqASkUKaSOH5Ot7O5ps34r0j9pWzavDid8QeKJPyhxKuF1a5G4iBEZ0O9vuti60dPSjJPci9oTxbune2/jb7Sa0yO06DtLFJ2ncr5f70s/BDxKk4XIwQLy+KsvzlQEGdY8yA6xv28bOGxL3sQ0HE2pDTsvIbAisVOKzdJeolStL9MM5W8Hg0r/KkGj2bg0TfoRp1xHV9hjKkvJrsQ6okaPvNFeZq0HXzPhWMOVQ+/46z80uaQ1ByRLr3FTwuWJ7F/73ndfxiq6bDE4z2Ji0vOjeWJm6HCxTdGw==";
|
||||
teutat3s-dumpyourvms = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms";
|
||||
flora-6 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP1InpTBN4AlF/4V8HHumAMLJzeO8DpzjUv9Co/+J09 root@pub-solar-infra-vm-1";
|
||||
allKeys = [flora-6 teutat3s b12f-main b12f-backup];
|
||||
deployKeys = [flora-6 teutat3s b12f-main b12f-backup];
|
||||
|
||||
allKeys = [
|
||||
flora-6
|
||||
teutat3s-dumpyourvms
|
||||
b12f-bbcom
|
||||
];
|
||||
deployKeys = [
|
||||
flora-6
|
||||
teutat3s-dumpyourvms
|
||||
b12f-bbcom
|
||||
];
|
||||
in {
|
||||
"gitea-database-password.age".publicKeys = deployKeys;
|
||||
"gitea-mailer-password.age".publicKeys = deployKeys;
|
||||
"keycloak-database-password.age".publicKeys = deployKeys;
|
||||
"drone-secrets.age".publicKeys = deployKeys;
|
||||
"drone-db-secrets.age".publicKeys = deployKeys;
|
||||
"mailman-core-secrets.age".publicKeys = deployKeys;
|
||||
"mailman-web-secrets.age".publicKeys = deployKeys;
|
||||
"mailman-db-secrets.age".publicKeys = deployKeys;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue