Merge remote-tracking branch 'origin/flakes' into inex/test-service-configuration

2024-11-23 20:11:27 +00:00 · 2024-07-15 18:22:14 +04:00 · 2024-07-15 18:22:14 +04:00 · 8987727c5b
parent f26512af7a ea207b48d6
commit 8987727c5b
7 changed files with 99 additions and 1 deletions
--- a/flake.lock
+++ b/flake.lock
@ -44,4 +44,4 @@
  },
  "root": "root",
  "version": 7
-}
+}
--- a/sp-modules/monitoring/config-paths-needed.json
+++ b/sp-modules/monitoring/config-paths-needed.json
@ -0,0 +1,3 @@
+[
+  [ "selfprivacy", "modules", "monitoring" ]
+]
--- a/sp-modules/monitoring/flake.nix
+++ b/sp-modules/monitoring/flake.nix
@ -0,0 +1,9 @@
+{
+  description = "PoC SP module for Prometheus-based monitoring";
+
+  outputs = { self }: {
+    nixosModules.default = import ./module.nix;
+    configPathsNeeded =
+      builtins.fromJSON (builtins.readFile ./config-paths-needed.json);
+  };
+}
--- a/sp-modules/monitoring/module.nix
+++ b/sp-modules/monitoring/module.nix
@ -0,0 +1,33 @@
+{config, lib, ...}: let
+  cfg = config.selfprivacy.modules.monitoring;
+in {
+  options.selfprivacy.modules.monitoring = {
+    enable = lib.mkOption {
+      default = false;
+      type = lib.types.bool;
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    services.prometheus = {
+      enable = true;
+      port = 9001;
+      listenAddress = "127.0.0.1";
+      exporters = {
+        node = {
+          enable = true;
+          enabledCollectors = [ "systemd" ];
+          port = 9002;
+          listenAddress = "127.0.0.1";
+        };
+      };
+      scrapeConfigs = [
+        {
+          job_name = "node-exporter";
+          static_configs = [{
+            targets = [ "127.0.0.1:9002" ];
+          }];
+        }
+      ];
+    };
+  };
+}
--- a/sp-modules/roundcube/config-paths-needed.json
+++ b/sp-modules/roundcube/config-paths-needed.json
@ -0,0 +1,5 @@
+[
+  ["selfprivacy", "domain"],
+  ["selfprivacy", "modules", "roundcube"],
+  ["mailserver", "fqdn"]
+]
--- a/sp-modules/roundcube/flake.nix
+++ b/sp-modules/roundcube/flake.nix
@ -0,0 +1,9 @@
+{
+  description = "Roundcube is a web-based email client.";
+
+  outputs = { self }: {
+    nixosModules.default = import ./module.nix;
+    configPathsNeeded =
+      builtins.fromJSON (builtins.readFile ./config-paths-needed.json);
+  };
+}
--- a/sp-modules/roundcube/module.nix
+++ b/sp-modules/roundcube/module.nix
@ -0,0 +1,39 @@
+{ config, lib, ... }:
+let
+  domain = config.selfprivacy.domain;
+  cfg = config.selfprivacy.modules.roundcube;
+in
+{
+  options.selfprivacy.modules.roundcube = {
+    enable = lib.mkOption {
+      default = false;
+      type = lib.types.bool;
+    };
+    subdomain = lib.mkOption {
+      default = "roundcube";
+      type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+
+    services.roundcube = {
+      enable = true;
+      # this is the url of the vhost, not necessarily the same as the fqdn of
+      # the mailserver
+      hostName = "${cfg.subdomain}.${config.selfprivacy.domain}";
+      extraConfig = ''
+        # starttls needed for authentication, so the fqdn required to match
+        # the certificate
+        $config['smtp_server'] = "tls://${config.mailserver.fqdn}";
+        $config['smtp_user'] = "%u";
+        $config['smtp_pass'] = "%p";
+      '';
+    };
+    services.nginx.virtualHosts."${cfg.subdomain}.${domain}" = {
+      forceSSL = true;
+      useACMEHost = domain;
+    };
+  };
+}
+