Compare commits
4 commits
a7d684e1f8
...
5ade1c028f
Author | SHA1 | Date | |
---|---|---|---|
Benjamin Bädorf | 5ade1c028f | ||
Benjamin Bädorf | 8f0cde4c3d | ||
Benjamin Bädorf | 6c736b8684 | ||
Benjamin Bädorf | 26318bcafc |
|
@ -72,6 +72,19 @@
|
||||||
reverse_proxy :4000
|
reverse_proxy :4000
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
"list.pub.solar" = {
|
||||||
|
logFormat = lib.mkForce ''
|
||||||
|
output discard
|
||||||
|
'';
|
||||||
|
extraConfig = ''
|
||||||
|
handle_path /static/* {
|
||||||
|
root * /var/lib/mailman/web
|
||||||
|
file_server
|
||||||
|
}
|
||||||
|
|
||||||
|
reverse_proxy :8000
|
||||||
|
'';
|
||||||
|
};
|
||||||
"obs-portal.pub.solar" = {
|
"obs-portal.pub.solar" = {
|
||||||
logFormat = lib.mkForce ''
|
logFormat = lib.mkForce ''
|
||||||
output discard
|
output discard
|
||||||
|
|
|
@ -19,6 +19,7 @@ in {
|
||||||
./drone.nix
|
./drone.nix
|
||||||
./keycloak.nix
|
./keycloak.nix
|
||||||
./gitea.nix
|
./gitea.nix
|
||||||
|
./mailman.nix
|
||||||
|
|
||||||
profiles.base-user
|
profiles.base-user
|
||||||
profiles.users.root # make sure to configure ssh keys
|
profiles.users.root # make sure to configure ssh keys
|
||||||
|
|
114
hosts/flora-6/mailman.nix
Normal file
114
hosts/flora-6/mailman.nix
Normal file
|
@ -0,0 +1,114 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
self,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
system.activationScripts.mkMailmanNet = let
|
||||||
|
docker = config.virtualisation.oci-containers.backend;
|
||||||
|
dockerBin = "${pkgs.${docker}}/bin/${docker}";
|
||||||
|
in ''
|
||||||
|
${dockerBin} network inspect mailman-net >/dev/null 2>&1 || ${dockerBin} network create mailman-net --subnet 172.20.1.0/24
|
||||||
|
'';
|
||||||
|
|
||||||
|
users.users.mailman = {
|
||||||
|
description = "Mailman Service";
|
||||||
|
home = "/var/lib/mailman";
|
||||||
|
useDefaultShell = true;
|
||||||
|
uid = 993;
|
||||||
|
# Group hakkonaut so caddy can serve the static files from mailman-web directly
|
||||||
|
group = "hakkonaut";
|
||||||
|
isSystemUser = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
age.secrets.mailman-core-secrets = {
|
||||||
|
file = "${self}/secrets/mailman-core-secrets.age";
|
||||||
|
mode = "600";
|
||||||
|
owner = "mailman";
|
||||||
|
};
|
||||||
|
|
||||||
|
age.secrets.mailman-web-secrets = {
|
||||||
|
file = "${self}/secrets/mailman-web-secrets.age";
|
||||||
|
mode = "600";
|
||||||
|
owner = "mailman";
|
||||||
|
};
|
||||||
|
|
||||||
|
age.secrets.mailman-db-secrets = {
|
||||||
|
file = "${self}/secrets/mailman-db-secrets.age";
|
||||||
|
mode = "600";
|
||||||
|
owner = "mailman";
|
||||||
|
};
|
||||||
|
|
||||||
|
virtualisation = {
|
||||||
|
docker = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
oci-containers = {
|
||||||
|
backend = "docker";
|
||||||
|
containers."mailman-core" = {
|
||||||
|
image = "maxking/mailman-core:0.4";
|
||||||
|
autoStart = true;
|
||||||
|
user = "993";
|
||||||
|
volumes = [
|
||||||
|
"/var/lib/mailman/core:/opt/mailman/"
|
||||||
|
];
|
||||||
|
extraOptions = [
|
||||||
|
"--network=mailman-net"
|
||||||
|
];
|
||||||
|
environment = {
|
||||||
|
DATABASE_TYPE = "postgres";
|
||||||
|
DATABASE_CLASS = "mailman.database.postgresql.PostgreSQLDatabase";
|
||||||
|
};
|
||||||
|
environmentFiles = [
|
||||||
|
config.age.secrets.mailman-core-secrets.path
|
||||||
|
];
|
||||||
|
ports = [
|
||||||
|
"127.0.0.1:8001:8001" # API
|
||||||
|
"127.0.0.1:8024:8024" # LMTP - incoming emails
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
containers."mailman-web" = {
|
||||||
|
image = "maxking/mailman-web:0.4";
|
||||||
|
autoStart = true;
|
||||||
|
user = "993";
|
||||||
|
volumes = [
|
||||||
|
"/var/lib/mailman/web:/opt/mailman-web-data"
|
||||||
|
];
|
||||||
|
extraOptions = [
|
||||||
|
"--network=mailman-net"
|
||||||
|
];
|
||||||
|
environment = {
|
||||||
|
DATABASE_TYPE = "postgres";
|
||||||
|
SERVE_FROM_DOMAIN = "list.pub.solar";
|
||||||
|
MAILMAN_ADMIN_USER = "admin";
|
||||||
|
MAILMAN_ADMIN_EMAIL = "admins@pub.solar";
|
||||||
|
};
|
||||||
|
environmentFiles = [
|
||||||
|
config.age.secrets.mailman-web-secrets.path
|
||||||
|
];
|
||||||
|
ports = [
|
||||||
|
"127.0.0.1:8000:8000" # HTTP
|
||||||
|
# "127.0.0.1:8080:8080" # uwsgi
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
containers."mailman-db" = {
|
||||||
|
image = "postgres:14-alpine";
|
||||||
|
autoStart = true;
|
||||||
|
user = "993";
|
||||||
|
extraOptions = [
|
||||||
|
"--network=mailman-net"
|
||||||
|
];
|
||||||
|
volumes = [
|
||||||
|
"/var/lib/mailman/database:/var/lib/postgresql/data"
|
||||||
|
];
|
||||||
|
environmentFiles = [
|
||||||
|
config.age.secrets.mailman-db-secrets.path
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
BIN
secrets/mailman-core-secrets.age
Normal file
BIN
secrets/mailman-core-secrets.age
Normal file
Binary file not shown.
23
secrets/mailman-db-secrets.age
Normal file
23
secrets/mailman-db-secrets.age
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 Y0ZZaw WqfbigFDHy0nh/B8SjJk2MCKKRQ1Jt/gXxRz2neNvlc
|
||||||
|
5wJjaxa1sOPPQfg4n6n6HurhkN/+ARVhthxoK8bzOWE
|
||||||
|
-> ssh-ed25519 BVsyTA Lvki0R7gZediS9KnQGerUtVZQ7qZYUXaUbPvqv2zmgM
|
||||||
|
YTLaJM1UqpL+avMZz0mMKz1i9LSalbTQkC6xFbYbyAw
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
Xcm7KqiO5yK5RUwhJPrJ3fk/GTVK0OJlsGouc71p35o5AgqBrbW0HiNBGMl24oUP
|
||||||
|
jMU9nSlATq4VaQWKHCqnGOeJCw83C1AON7sVHhoT3vzFWKs9TO0TDR0Gm0fCBTm1
|
||||||
|
hk2fQZ/sMe8lGuSyISDg1QmEkC7ow/FwXmMlW5xw0honj1ca+mZ8w5YeWVCMLpGg
|
||||||
|
pob/79odfVMtlk4uqcjboto6X6aY/W43yG8VQUJwZ3hK/4wVn16Os+RlNH6GAFr0
|
||||||
|
aZ6SS4cJR9uTd/y9rQIg9rgQ95qTusg66ClBRdMCy7fvXbfMAMvmtmwBQJQdpO2q
|
||||||
|
tURAN4Id3+j+vuqk0nqnj0oXx61mIlutbADbkoRlhB9VFVffSu/KeMFVOtSMD0AN
|
||||||
|
Sp0q4nhv5BSaOP/D0YwOMPmCuS2M6aVfWvPQvrQ5YE4MEWK2qs4A3vZRn2d8o5hh
|
||||||
|
mvH+y+Foxt69D+k32DWFMCbZCSxlBKW1aGZ6AexFXx6zYyzBoYE9zB6QSI8ZbqN0
|
||||||
|
LfBpz2YNCix+6y5qUsCYsY9aa9m4azpsKD7M5IFgmkLqUGvsH7Xx7PC/Z9B4zTgs
|
||||||
|
MHMJPPR/yRZ8PzbnXIUen4/PnO4j7AbgYDv4FCAAfWJjufC7v+vTI0m80Y/7uZCu
|
||||||
|
dk6DPZaUMbJFYXPNUNODP/6Dn5RL8hy74IjdLtNIbzg
|
||||||
|
-> ejJ:5Us-grease
|
||||||
|
fWwlxnUaotXS0iwGa0zkPyoHuNjTBBgFJUO8cVMNfB2vxoPKraJ+weyTXbu8Fa7i
|
||||||
|
WVehDudiKTfaK4Ruy6hbUZBjZ+Aq3LDpezw
|
||||||
|
--- XjN/bkA+YEfIro1w01fcKA7n0xMq6raWxpXoedRIw/g
|
||||||
|
EC†í³dtyaè¢(QqÆ.j²H 6¾‰‹®i[M
|
||||||
|
sº”Çm0©])Õ±T‘Täo½<6F>=¹¢Ì¢
å¡7£DýA¯Ô}±&HàÞ=OâRæ6·>ª°?<3F>ý$ŒO¥‰m͸öÇg…‰ÿê´–AF£™YqÜ°Ì~ô½kƒàâi¾ú2iu1!U›?2<Ä©$eÜ6×ëï3·µ
|
BIN
secrets/mailman-web-secrets.age
Normal file
BIN
secrets/mailman-web-secrets.age
Normal file
Binary file not shown.
|
@ -1,15 +1,26 @@
|
||||||
let
|
let
|
||||||
# set ssh public keys here for your system and user
|
# set ssh public keys here for your system and user
|
||||||
b12f-main = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHx4A8rLYmFgTOp1fDGbbONN8SOT0l5wWrUSYFUcVzMPTyfdT23ZVIdVD5yZCySgi/7PSh5mVmyLIZVIXlNrZJg=";
|
b12f-bbcom = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmXpOU6vzQiVSSYCoxHYv7wDxC63Qg3dxlAMR6AOzwIABCU5PFFNcO0NWYms/YR7MOViorl+19LCLRABar9JgHU1n+uqxKV6eGph3OPeMp5sN8LAh7C9N+TZj8iJzBxQ3ch+Z/LdmLRwYNJ7KSUI+gwGK6xRS3+z1022Y4P0G0sx7IeCBl4lealQEIIF10ZOfjUdBcLQar7XTc5AxyGKnHCerXHRtccCoadLQujk0AvPXbv3Ma4JwX9X++AnCWRWakqS5UInu2tGuZ/6Hrjd2a9AKWjTaBVDcbYqCvY4XVuMj2/A2bCceFBaoi41apybSk26FSFTU4qiEUNQ6lxeOwG4+1NCXyHe2bGI4VyoxinDYa8vLLzXIRfTRA0qoGfCweXNeWPf0jMqASkUKaSOH5Ot7O5ps34r0j9pWzavDid8QeKJPyhxKuF1a5G4iBEZ0O9vuti60dPSjJPci9oTxbune2/jb7Sa0yO06DtLFJ2ncr5f70s/BDxKk4XIwQLy+KsvzlQEGdY8yA6xv28bOGxL3sQ0HE2pDTsvIbAisVOKzdJeolStL9MM5W8Hg0r/KkGj2bg0TfoRp1xHV9hjKkvJrsQ6okaPvNFeZq0HXzPhWMOVQ+/46z80uaQ1ByRLr3FTwuWJ7F/73ndfxiq6bDE4z2Ji0vOjeWJm6HCxTdGw==";
|
||||||
b12f-backup = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw=";
|
teutat3s-dumpyourvms = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms";
|
||||||
teutat3s = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms";
|
|
||||||
flora-6 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP1InpTBN4AlF/4V8HHumAMLJzeO8DpzjUv9Co/+J09 root@pub-solar-infra-vm-1";
|
flora-6 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP1InpTBN4AlF/4V8HHumAMLJzeO8DpzjUv9Co/+J09 root@pub-solar-infra-vm-1";
|
||||||
allKeys = [flora-6 teutat3s b12f-main b12f-backup];
|
|
||||||
deployKeys = [flora-6 teutat3s b12f-main b12f-backup];
|
allKeys = [
|
||||||
|
flora-6
|
||||||
|
teutat3s-dumpyourvms
|
||||||
|
b12f-bbcom
|
||||||
|
];
|
||||||
|
deployKeys = [
|
||||||
|
flora-6
|
||||||
|
teutat3s-dumpyourvms
|
||||||
|
b12f-bbcom
|
||||||
|
];
|
||||||
in {
|
in {
|
||||||
"gitea-database-password.age".publicKeys = deployKeys;
|
"gitea-database-password.age".publicKeys = deployKeys;
|
||||||
"gitea-mailer-password.age".publicKeys = deployKeys;
|
"gitea-mailer-password.age".publicKeys = deployKeys;
|
||||||
"keycloak-database-password.age".publicKeys = deployKeys;
|
"keycloak-database-password.age".publicKeys = deployKeys;
|
||||||
"drone-secrets.age".publicKeys = deployKeys;
|
"drone-secrets.age".publicKeys = deployKeys;
|
||||||
"drone-db-secrets.age".publicKeys = deployKeys;
|
"drone-db-secrets.age".publicKeys = deployKeys;
|
||||||
|
"mailman-core-secrets.age".publicKeys = deployKeys;
|
||||||
|
"mailman-web-secrets.age".publicKeys = deployKeys;
|
||||||
|
"mailman-db-secrets.age".publicKeys = deployKeys;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue