mirror of
https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect.git
synced 2024-11-22 03:51:27 +00:00
Merge pull request 'Pleroma issues resolved and authored updated version. Added alps webmail. Added volume as /var filesystem' (#7) from preproduction into master
Reviewed-on: https://git.selfprivacy.org/ilchub/selfprivacy-nixos-infect/pulls/7
This commit is contained in:
commit
2d319a9fd2
96
nixos-infect
96
nixos-infect
|
@ -42,12 +42,14 @@ makeConf() {
|
|||
$NIXOS_IMPORT
|
||||
./files.nix
|
||||
./mailserver/system/mailserver.nix
|
||||
./mailserver/system/alps.nix
|
||||
./vpn/ocserv.nix
|
||||
./api/api.nix
|
||||
./api/api-module.nix
|
||||
./social/pleroma-module.nix
|
||||
./social/pleroma.nix
|
||||
./letsencrypt/acme.nix
|
||||
./letsencrypt/resolve.nix
|
||||
./backup/restic.nix
|
||||
./passmgr/bitwarden.nix
|
||||
./webserver/nginx.nix
|
||||
|
@ -62,7 +64,7 @@ makeConf() {
|
|||
networking = {
|
||||
hostName = "$(hostname)";
|
||||
firewall = {
|
||||
allowedTCPPorts = lib.mkForce [ 22 25 80 143 443 587 8443 ];
|
||||
allowedTCPPorts = lib.mkForce [ 22 25 80 143 443 465 587 993 8443 ];
|
||||
allowedUDPPorts = lib.mkForce [ 8443 ];
|
||||
};
|
||||
};
|
||||
|
@ -127,7 +129,10 @@ EOF
|
|||
{
|
||||
imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
|
||||
boot.loader.grub.device = "$grubdev";
|
||||
fileSystems."/" = { device = "$rootfsdev"; fsType = "ext4"; };
|
||||
fileSystems = {
|
||||
"/" = { device = "$rootfsdev"; fsType = "ext4"; };
|
||||
"/var" = { device = "/dev/sdb"; fsType = "ext4"; };
|
||||
};
|
||||
}
|
||||
EOF
|
||||
|
||||
|
@ -251,6 +256,27 @@ EOF
|
|||
};
|
||||
};
|
||||
}
|
||||
EOF
|
||||
cat > /etc/nixos/letsencrypt/resolve.nix << EOF
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
systemd = {
|
||||
services = {
|
||||
"acme-$DOMAIN" = {
|
||||
serviceConfig = {
|
||||
StartLimitBurst = 5;
|
||||
StartLimitIntervalSec = 5;
|
||||
Restart = "on-failure";
|
||||
};
|
||||
};
|
||||
"nginx-config-reload" = {
|
||||
serviceConfig = {
|
||||
After = [ "acme-$DOMAIN.service" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
EOF
|
||||
|
||||
cat > /etc/nixos/backup/restic.nix << EOF
|
||||
|
@ -308,6 +334,7 @@ EOF
|
|||
{
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
enableReload = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
|
@ -751,18 +778,18 @@ cat > /etc/nixos/social/pleroma-package.nix << EOF
|
|||
}:
|
||||
stdenv.mkDerivation {
|
||||
pname = "pleroma-otp";
|
||||
version = "2.2.2";
|
||||
version = "2.3.0";
|
||||
|
||||
# To find the latest binary release stable link, have a look at
|
||||
# the CI pipeline for the latest commit of the stable branch
|
||||
# https://git.pleroma.social/pleroma/pleroma/-/tree/stable
|
||||
src = {
|
||||
aarch64-linux = fetchurl {
|
||||
url = "https://git.pleroma.social/pleroma/pleroma/-/jobs/175288/artifacts/download";
|
||||
sha256 = "107kp5zqwq1lixk1cwkx4v7zpm0h248xzlm152aj36ghb43j2snw";
|
||||
url = "https://git.pleroma.social/pleroma/pleroma/-/jobs/182392/artifacts/download";
|
||||
sha256 = "1drpd6xh7m2damxi5impb8jwvjl6m3qv5yxynl12i8g66vi3rbwf";
|
||||
};
|
||||
x86_64-linux = fetchurl {
|
||||
url = "https://git.pleroma.social/pleroma/pleroma/-/jobs/175284/artifacts/download";
|
||||
url = "https://git.pleroma.social/pleroma/pleroma/-/jobs/182388/artifacts/download";
|
||||
sha256 = "1c6l04gga9iigm249ywwcrjg6wzy8iiid652mws3j9dnl71w2sim";
|
||||
};
|
||||
}."\${stdenv.hostPlatform.system}";
|
||||
|
@ -966,7 +993,7 @@ cat > /etc/nixos/social/pleroma.nix << EOF
|
|||
initialScript = "/etc/setup.psql";
|
||||
};
|
||||
};
|
||||
environment.etc."pleroma_setup.psql".text = ''
|
||||
environment.etc."setup.psql".text = ''
|
||||
CREATE USER pleroma WITH ENCRYPTED PASSWORD '$DB_PASSWORD';
|
||||
CREATE DATABASE pleroma OWNER pleroma;
|
||||
\\c pleroma;
|
||||
|
@ -986,7 +1013,7 @@ import Config
|
|||
|
||||
config :pleroma, Pleroma.Web.Endpoint,
|
||||
url: [host: "social.$DOMAIN", scheme: "https", port: 443],
|
||||
http: [ip: {127, 0, 0, 1}, port: 4000],
|
||||
http: [ip: {127, 0, 0, 1}, port: 4000]
|
||||
#secret_key_base: "",
|
||||
#signing_salt: ""
|
||||
|
||||
|
@ -1011,7 +1038,7 @@ config :pleroma, Pleroma.Repo,
|
|||
hostname: "localhost",
|
||||
pool_size: 10
|
||||
|
||||
config :web_push_encryption, :vapid_details,
|
||||
#config :web_push_encryption, :vapid_details,
|
||||
#subject: "",
|
||||
#public_key: "",
|
||||
#private_key: ""
|
||||
|
@ -1027,6 +1054,57 @@ config :pleroma, :http_security,
|
|||
|
||||
config :pleroma, configurable_from_database: false
|
||||
|
||||
EOF
|
||||
|
||||
cat > /etc/nixos/mailserver/system/alps.nix << EOF
|
||||
{ pkgs, lib, fetchgit, buildGoModule, ... }: {
|
||||
nixpkgs.overlays =
|
||||
[ (self: super: { alps = self.callPackage ./alps-package.nix { }; }) ];
|
||||
|
||||
systemd.services = {
|
||||
alps = {
|
||||
path = [ pkgs.alps pkgs.coreutils ];
|
||||
serviceConfig = {
|
||||
ExecStart =
|
||||
"\${pkgs.alps}/bin/alps -theme sourcehut imaps://$DOMAIN:993 smtps://$DOMAIN:465";
|
||||
WorkingDirectory = "\${pkgs.alps}/bin";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
EOF
|
||||
|
||||
cat > /etc/nixos/mailserver/system/alps-package.nix << EOF
|
||||
{ lib, fetchgit, buildGoModule, ... }:
|
||||
buildGoModule rec {
|
||||
pname = "alps";
|
||||
version = "v1.0.0"; # latest available tag at the moment
|
||||
|
||||
src = fetchGit {
|
||||
url = "https://git.selfprivacy.org/ilchub/selfprivacy-alps";
|
||||
rev = "dc2109ca2fdabfbda5d924faa4947f5694d5d758";
|
||||
};
|
||||
|
||||
vendorSha256 = "0bqg0qjam4mvh07wfil6l5spz32mk5a7kfxxnwfyva805pzmn6dk";
|
||||
|
||||
deleteVendor = false;
|
||||
runVend = true;
|
||||
|
||||
buildPhase = ''
|
||||
go build ./cmd/alps
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p \$out/bin
|
||||
cp -r * \$out/bin
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "Webmail application for the dovecot/postfix mailserver";
|
||||
homepage = "https://git.selfprivacy.org/ilchub/selfprivacy-alps";
|
||||
license = licenses.mit;
|
||||
};
|
||||
}
|
||||
EOF
|
||||
|
||||
[[ -n "$doNetConf" ]] && makeNetworkingConf || true
|
||||
|
|
Loading…
Reference in a new issue