os/hosts/0001/mailman.nix
Benjamin Bädorf f291e88d86
All checks were successful
continuous-integration/drone/push Build is passing
Initial proposal for momo infrastructure setup
2023-02-25 04:24:27 +01:00

144 lines
3.7 KiB
Nix

{
config,
lib,
pkgs,
self,
...
}: let
postfixConfig = pkgs.writeTextFile {
name = "main.cf";
text = builtins.readFile ./postfix/main.cf;
};
in {
system.activationScripts.mkMailmanNet = let
docker = config.virtualisation.oci-containers.backend;
dockerBin = "${pkgs.${docker}}/bin/${docker}";
in ''
${dockerBin} network inspect mailman-net >/dev/null 2>&1 || ${dockerBin} network create mailman-net --subnet 172.20.1.0/24
'';
users.users.mailman = {
description = "Mailman Service";
home = "/var/lib/mailman";
useDefaultShell = true;
uid = 993;
# Group hakkonaut so caddy can serve the static files from mailman-web directly
group = "hakkonaut";
isSystemUser = true;
};
systemd.tmpfiles.rules = [
"d '/var/lib/mailman' 0750 mailman hakkonaut - -"
];
age.secrets.mailman-core-secrets = {
file = "${self}/secrets/mailman-core-secrets.age";
mode = "600";
owner = "mailman";
};
age.secrets.mailman-web-secrets = {
file = "${self}/secrets/mailman-web-secrets.age";
mode = "600";
owner = "mailman";
};
age.secrets.mailman-db-secrets = {
file = "${self}/secrets/mailman-db-secrets.age";
mode = "600";
owner = "mailman";
};
virtualisation = {
docker = {
enable = true;
};
oci-containers = {
backend = "docker";
containers."mailman-core" = {
image = "maxking/mailman-core:0.4";
autoStart = true;
user = "993";
volumes = [
"/var/lib/mailman/core:/opt/mailman/"
];
extraOptions = [
"--network=mailman-net"
];
environment = {
DATABASE_TYPE = "postgres";
DATABASE_CLASS = "mailman.database.postgresql.PostgreSQLDatabase";
MTA = "postfix";
};
environmentFiles = [
config.age.secrets.mailman-core-secrets.path
];
ports = [
"127.0.0.1:8001:8001" # API
"127.0.0.1:8024:8024" # LMTP - incoming emails
];
};
containers."mailman-web" = {
image = "maxking/mailman-web:0.4";
autoStart = true;
user = "993";
volumes = [
"/var/lib/mailman/web:/opt/mailman-web-data"
];
extraOptions = [
"--network=mailman-net"
];
environment = {
DATABASE_TYPE = "postgres";
SERVE_FROM_DOMAIN = "list.pub.solar";
MAILMAN_ADMIN_USER = "admin";
MAILMAN_ADMIN_EMAIL = "admins@pub.solar";
};
environmentFiles = [
config.age.secrets.mailman-web-secrets.path
];
ports = [
"127.0.0.1:8000:8000" # HTTP
# "127.0.0.1:8080:8080" # uwsgi
];
};
containers."mailman-db" = {
image = "postgres:14-alpine";
autoStart = true;
user = "993";
extraOptions = [
"--network=mailman-net"
];
volumes = [
"/var/lib/mailman/database:/var/lib/postgresql/data"
];
environmentFiles = [
config.age.secrets.mailman-db-secrets.path
];
};
containers."mailman-postfix" = {
image = "mailu/postfix:1.9.46";
autoStart = true;
user = "993";
extraOptions = [
"--network=mailman-net"
];
volumes = [
"/var/lib/mailman/postfix/overrides:/overrides:ro"
"/var/lib/mailman/postfix/mailqueue:/var/spool/postfix"
"/var/lib/mailman/postfix/data:/var/lib/postfix"
"/var/lib/mailman/core:/var/lib/mailman/core"
"${postfixConfig}:/etc/postfix/main.cf"
];
environmentFiles = [
config.age.secrets.mailman-db-secrets.path
];
};
};
};
}