From b6b1c3b2fbd1ea6471e72baddcb208cfae1cb43d Mon Sep 17 00:00:00 2001 From: dettlaff Date: Tue, 14 May 2024 00:39:21 +0400 Subject: [PATCH 1/7] feat: add roundcube feat: flake.lock update --- flake.lock | 14 ++++---- flake.nix | 2 +- sp-modules/roundcube/config-paths-needed.json | 15 ++++++++ sp-modules/roundcube/flake.nix | 9 +++++ sp-modules/roundcube/module.nix | 35 +++++++++++++++++++ sp-modules/simple-nixos-mailserver/config.nix | 1 + 6 files changed, 68 insertions(+), 8 deletions(-) create mode 100644 sp-modules/roundcube/config-paths-needed.json create mode 100644 sp-modules/roundcube/flake.nix create mode 100644 sp-modules/roundcube/module.nix diff --git a/flake.lock b/flake.lock index 93d7395..3ae54e1 100644 --- a/flake.lock +++ b/flake.lock @@ -28,17 +28,17 @@ ] }, "locked": { - "lastModified": 1709843377, - "narHash": "sha256-lQGd4xtKWsIlD5vVurrA/xtNYxYFGfLGyev4oOUeMmY=", - "ref": "master", - "rev": "1f1fcc223be4c6ae65eef1d50918aed0826e5ad1", - "revCount": 1259, + "lastModified": 1717701247, + "narHash": "sha256-MiP9/qgfxEFG0XrsNhKxKkct4g+ucNpxzUdN9c5Kklg=", + "ref": "refs/heads/master", + "rev": "8c753730c41fe9f2ba281bcabc76808bf61754fc", + "revCount": 1306, "type": "git", - "url": "https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git" + "url": "https://git.selfprivacy.org/def/selfprivacy-rest-api.git" }, "original": { "type": "git", - "url": "https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git" + "url": "https://git.selfprivacy.org/def/selfprivacy-rest-api.git" } } }, diff --git a/flake.nix b/flake.nix index 5f1ed70..95d16a1 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ nixpkgs.url = github:nixos/nixpkgs; selfprivacy-api.url = - git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git; + git+https://git.selfprivacy.org/def/selfprivacy-rest-api.git; # make selfprivacy-api use the same shared nixpkgs selfprivacy-api.inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/sp-modules/roundcube/config-paths-needed.json b/sp-modules/roundcube/config-paths-needed.json new file mode 100644 index 0000000..5e0f12a --- /dev/null +++ b/sp-modules/roundcube/config-paths-needed.json @@ -0,0 +1,15 @@ +[ + [ + "selfprivacy", + "domain" + ], + [ + "selfprivacy", + "modules", + "roundcube" + ], + [ + "mailserver", + "fqdn" + ] +] \ No newline at end of file diff --git a/sp-modules/roundcube/flake.nix b/sp-modules/roundcube/flake.nix new file mode 100644 index 0000000..d335522 --- /dev/null +++ b/sp-modules/roundcube/flake.nix @@ -0,0 +1,9 @@ +{ + description = "Roundcube is a web-based email client."; + + outputs = { self }: { + nixosModules.default = import ./module.nix; + configPathsNeeded = + builtins.fromJSON (builtins.readFile ./config-paths-needed.json); + }; +} diff --git a/sp-modules/roundcube/module.nix b/sp-modules/roundcube/module.nix new file mode 100644 index 0000000..9b24b9a --- /dev/null +++ b/sp-modules/roundcube/module.nix @@ -0,0 +1,35 @@ +{ config, lib, ... }: +let + domain = config.selfprivacy.domain; + cfg = config.selfprivacy.modules.roundcube; +in +{ + options.selfprivacy.modules.roundcube = { + enable = lib.mkOption { + default = false; + type = lib.types.bool; + }; + subdomain = lib.mkOption { + default = "roundcube"; + type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]"; + }; + }; + + config = lib.mkIf cfg.enable { + + services.roundcube = { + enable = true; + # this is the url of the vhost, not necessarily the same as the fqdn of + # the mailserver + hostName = "${cfg.subdomain}.${config.selfprivacy.domain}"; + extraConfig = '' + # starttls needed for authentication, so the fqdn required to match + # the certificate + $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; + $config['smtp_user'] = "%u"; + $config['smtp_pass'] = "%p"; + ''; + }; +}; +} + diff --git a/sp-modules/simple-nixos-mailserver/config.nix b/sp-modules/simple-nixos-mailserver/config.nix index 81d847f..0c1d990 100644 --- a/sp-modules/simple-nixos-mailserver/config.nix +++ b/sp-modules/simple-nixos-mailserver/config.nix @@ -89,4 +89,5 @@ lib.mkIf sp.modules.simple-nixos-mailserver.enable virusScanning = false; }; + } From f9a949b5b5590490cfe0478ea40cd3eb72b3d1ea Mon Sep 17 00:00:00 2001 From: dettlaff Date: Fri, 7 Jun 2024 04:45:35 +0400 Subject: [PATCH 2/7] fix: remove test links --- flake.lock | 16 ++++++++-------- flake.nix | 2 +- sp-modules/simple-nixos-mailserver/config.nix | 1 - 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index 3ae54e1..b885f0d 100644 --- a/flake.lock +++ b/flake.lock @@ -28,20 +28,20 @@ ] }, "locked": { - "lastModified": 1717701247, - "narHash": "sha256-MiP9/qgfxEFG0XrsNhKxKkct4g+ucNpxzUdN9c5Kklg=", - "ref": "refs/heads/master", - "rev": "8c753730c41fe9f2ba281bcabc76808bf61754fc", - "revCount": 1306, + "lastModified": 1709843377, + "narHash": "sha256-lQGd4xtKWsIlD5vVurrA/xtNYxYFGfLGyev4oOUeMmY=", + "ref": "master", + "rev": "1f1fcc223be4c6ae65eef1d50918aed0826e5ad1", + "revCount": 1259, "type": "git", - "url": "https://git.selfprivacy.org/def/selfprivacy-rest-api.git" + "url": "https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git" }, "original": { "type": "git", - "url": "https://git.selfprivacy.org/def/selfprivacy-rest-api.git" + "url": "https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git" } } }, "root": "root", "version": 7 -} +} \ No newline at end of file diff --git a/flake.nix b/flake.nix index 95d16a1..5f1ed70 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ nixpkgs.url = github:nixos/nixpkgs; selfprivacy-api.url = - git+https://git.selfprivacy.org/def/selfprivacy-rest-api.git; + git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git; # make selfprivacy-api use the same shared nixpkgs selfprivacy-api.inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/sp-modules/simple-nixos-mailserver/config.nix b/sp-modules/simple-nixos-mailserver/config.nix index 0c1d990..81d847f 100644 --- a/sp-modules/simple-nixos-mailserver/config.nix +++ b/sp-modules/simple-nixos-mailserver/config.nix @@ -89,5 +89,4 @@ lib.mkIf sp.modules.simple-nixos-mailserver.enable virusScanning = false; }; - } From 99d404bd10de3a9b76a0efcecb7e6c81e43c8a90 Mon Sep 17 00:00:00 2001 From: dettlaff Date: Wed, 12 Jun 2024 16:10:28 +0400 Subject: [PATCH 3/7] fix: from review --- sp-modules/roundcube/config-paths-needed.json | 18 +++-------- sp-modules/roundcube/module.nix | 31 +++++++++++-------- 2 files changed, 22 insertions(+), 27 deletions(-) diff --git a/sp-modules/roundcube/config-paths-needed.json b/sp-modules/roundcube/config-paths-needed.json index 5e0f12a..a650a1e 100644 --- a/sp-modules/roundcube/config-paths-needed.json +++ b/sp-modules/roundcube/config-paths-needed.json @@ -1,15 +1,5 @@ [ - [ - "selfprivacy", - "domain" - ], - [ - "selfprivacy", - "modules", - "roundcube" - ], - [ - "mailserver", - "fqdn" - ] -] \ No newline at end of file + ["selfprivacy", "domain"], + ["selfprivacy", "modules", "roundcube"], + ["mailserver", "fqdn"] +] diff --git a/sp-modules/roundcube/module.nix b/sp-modules/roundcube/module.nix index 9b24b9a..1b968dc 100644 --- a/sp-modules/roundcube/module.nix +++ b/sp-modules/roundcube/module.nix @@ -17,19 +17,24 @@ in config = lib.mkIf cfg.enable { - services.roundcube = { - enable = true; - # this is the url of the vhost, not necessarily the same as the fqdn of - # the mailserver - hostName = "${cfg.subdomain}.${config.selfprivacy.domain}"; - extraConfig = '' - # starttls needed for authentication, so the fqdn required to match - # the certificate - $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; - $config['smtp_user'] = "%u"; - $config['smtp_pass'] = "%p"; - ''; + services.roundcube = { + enable = true; + # this is the url of the vhost, not necessarily the same as the fqdn of + # the mailserver + hostName = "${cfg.subdomain}.${config.selfprivacy.domain}"; + extraConfig = '' + # starttls needed for authentication, so the fqdn required to match + # the certificate + $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; + $config['smtp_user'] = "%u"; + $config['smtp_pass'] = "%p"; + ''; + }; + services.nginx.virtualHosts."${cfg.subdomain}.${domain}" = { + forceSSL = true; + useACMEHost = domain; + enableACME = false; + }; }; -}; } From d3408075d9267c6400f31ff1ff5081ab26d9e105 Mon Sep 17 00:00:00 2001 From: dettlaff Date: Wed, 12 Jun 2024 16:14:34 +0400 Subject: [PATCH 4/7] fix: delete enableACME = false --- sp-modules/roundcube/module.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/sp-modules/roundcube/module.nix b/sp-modules/roundcube/module.nix index 1b968dc..1fd157d 100644 --- a/sp-modules/roundcube/module.nix +++ b/sp-modules/roundcube/module.nix @@ -33,7 +33,6 @@ in services.nginx.virtualHosts."${cfg.subdomain}.${domain}" = { forceSSL = true; useACMEHost = domain; - enableACME = false; }; }; } From 26c9fd5f6e6871056144ee9b7d14984f63c5d3a4 Mon Sep 17 00:00:00 2001 From: nhnn Date: Sun, 9 Jun 2024 21:04:14 +0300 Subject: [PATCH 5/7] feat: add prometheus monitoring service --- .../monitoring/config-paths-needed.json | 3 ++ sp-modules/monitoring/flake.nix | 9 ++++++ sp-modules/monitoring/module.nix | 31 +++++++++++++++++++ 3 files changed, 43 insertions(+) create mode 100644 sp-modules/monitoring/config-paths-needed.json create mode 100644 sp-modules/monitoring/flake.nix create mode 100644 sp-modules/monitoring/module.nix diff --git a/sp-modules/monitoring/config-paths-needed.json b/sp-modules/monitoring/config-paths-needed.json new file mode 100644 index 0000000..91fb203 --- /dev/null +++ b/sp-modules/monitoring/config-paths-needed.json @@ -0,0 +1,3 @@ +[ + [ "selfprivacy", "modules", "monitoring" ] +] diff --git a/sp-modules/monitoring/flake.nix b/sp-modules/monitoring/flake.nix new file mode 100644 index 0000000..b6b3f77 --- /dev/null +++ b/sp-modules/monitoring/flake.nix @@ -0,0 +1,9 @@ +{ + description = "PoC SP module for Prometheus-based monitoring"; + + outputs = { self }: { + nixosModules.default = import ./module.nix; + configPathsNeeded = + builtins.fromJSON (builtins.readFile ./config-paths-needed.json); + }; +} diff --git a/sp-modules/monitoring/module.nix b/sp-modules/monitoring/module.nix new file mode 100644 index 0000000..9d44610 --- /dev/null +++ b/sp-modules/monitoring/module.nix @@ -0,0 +1,31 @@ +{config, lib, ...}: let + cfg = config.selfprivacy.modules.monitoring; +in { + options.selfprivacy.modules.monitoring = { + enable = lib.mkOption { + default = false; + type = lib.types.bool; + }; + }; + config = lib.mkIf cfg.enable { + services.prometheus = { + enable = true; + port = 9001; + exporters = { + node = { + enable = true; + enabledCollectors = [ "systemd" ]; + port = 9002; + }; + }; + scrapeConfigs = [ + { + job_name = "node-exporter"; + static_configs = [{ + targets = [ "127.0.0.1:9002" ]; + }]; + } + ]; + }; + }; +} \ No newline at end of file From bf8ee7705a3b0b7af953c3ad2a3cd2a281eb5520 Mon Sep 17 00:00:00 2001 From: nhnn Date: Mon, 17 Jun 2024 21:42:49 +0300 Subject: [PATCH 6/7] fix: ensure that prometheus listens only on 127.0.0.1 --- sp-modules/monitoring/module.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/sp-modules/monitoring/module.nix b/sp-modules/monitoring/module.nix index 9d44610..3fe9002 100644 --- a/sp-modules/monitoring/module.nix +++ b/sp-modules/monitoring/module.nix @@ -11,6 +11,7 @@ in { services.prometheus = { enable = true; port = 9001; + listenAddress = "127.0.0.1"; exporters = { node = { enable = true; From 7cb625ba0cc3472c01b9ca9ce7d072461dea336d Mon Sep 17 00:00:00 2001 From: nhnn Date: Tue, 18 Jun 2024 21:30:02 +0300 Subject: [PATCH 7/7] fix: ensure that node-exporter listens on 127.0.0.1 --- sp-modules/monitoring/module.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/sp-modules/monitoring/module.nix b/sp-modules/monitoring/module.nix index 3fe9002..90bf806 100644 --- a/sp-modules/monitoring/module.nix +++ b/sp-modules/monitoring/module.nix @@ -17,6 +17,7 @@ in { enable = true; enabledCollectors = [ "systemd" ]; port = 9002; + listenAddress = "127.0.0.1"; }; }; scrapeConfigs = [