mirror of
https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect.git
synced 2024-11-25 21:11:27 +00:00
Merge pull request 'Pleroma issues resolved and authored updated version. Added alps webmail. Added volume as /var filesystem' (#7) from preproduction into master
Reviewed-on: https://git.selfprivacy.org/ilchub/selfprivacy-nixos-infect/pulls/7
This commit is contained in:
commit
2d319a9fd2
96
nixos-infect
96
nixos-infect
|
@ -42,12 +42,14 @@ makeConf() {
|
||||||
$NIXOS_IMPORT
|
$NIXOS_IMPORT
|
||||||
./files.nix
|
./files.nix
|
||||||
./mailserver/system/mailserver.nix
|
./mailserver/system/mailserver.nix
|
||||||
|
./mailserver/system/alps.nix
|
||||||
./vpn/ocserv.nix
|
./vpn/ocserv.nix
|
||||||
./api/api.nix
|
./api/api.nix
|
||||||
./api/api-module.nix
|
./api/api-module.nix
|
||||||
./social/pleroma-module.nix
|
./social/pleroma-module.nix
|
||||||
./social/pleroma.nix
|
./social/pleroma.nix
|
||||||
./letsencrypt/acme.nix
|
./letsencrypt/acme.nix
|
||||||
|
./letsencrypt/resolve.nix
|
||||||
./backup/restic.nix
|
./backup/restic.nix
|
||||||
./passmgr/bitwarden.nix
|
./passmgr/bitwarden.nix
|
||||||
./webserver/nginx.nix
|
./webserver/nginx.nix
|
||||||
|
@ -62,7 +64,7 @@ makeConf() {
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "$(hostname)";
|
hostName = "$(hostname)";
|
||||||
firewall = {
|
firewall = {
|
||||||
allowedTCPPorts = lib.mkForce [ 22 25 80 143 443 587 8443 ];
|
allowedTCPPorts = lib.mkForce [ 22 25 80 143 443 465 587 993 8443 ];
|
||||||
allowedUDPPorts = lib.mkForce [ 8443 ];
|
allowedUDPPorts = lib.mkForce [ 8443 ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -127,7 +129,10 @@ EOF
|
||||||
{
|
{
|
||||||
imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
|
imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
|
||||||
boot.loader.grub.device = "$grubdev";
|
boot.loader.grub.device = "$grubdev";
|
||||||
fileSystems."/" = { device = "$rootfsdev"; fsType = "ext4"; };
|
fileSystems = {
|
||||||
|
"/" = { device = "$rootfsdev"; fsType = "ext4"; };
|
||||||
|
"/var" = { device = "/dev/sdb"; fsType = "ext4"; };
|
||||||
|
};
|
||||||
}
|
}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
@ -251,6 +256,27 @@ EOF
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
EOF
|
||||||
|
cat > /etc/nixos/letsencrypt/resolve.nix << EOF
|
||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
|
systemd = {
|
||||||
|
services = {
|
||||||
|
"acme-$DOMAIN" = {
|
||||||
|
serviceConfig = {
|
||||||
|
StartLimitBurst = 5;
|
||||||
|
StartLimitIntervalSec = 5;
|
||||||
|
Restart = "on-failure";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
"nginx-config-reload" = {
|
||||||
|
serviceConfig = {
|
||||||
|
After = [ "acme-$DOMAIN.service" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
cat > /etc/nixos/backup/restic.nix << EOF
|
cat > /etc/nixos/backup/restic.nix << EOF
|
||||||
|
@ -308,6 +334,7 @@ EOF
|
||||||
{
|
{
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
enableReload = true;
|
||||||
recommendedGzipSettings = true;
|
recommendedGzipSettings = true;
|
||||||
recommendedOptimisation = true;
|
recommendedOptimisation = true;
|
||||||
recommendedProxySettings = true;
|
recommendedProxySettings = true;
|
||||||
|
@ -751,18 +778,18 @@ cat > /etc/nixos/social/pleroma-package.nix << EOF
|
||||||
}:
|
}:
|
||||||
stdenv.mkDerivation {
|
stdenv.mkDerivation {
|
||||||
pname = "pleroma-otp";
|
pname = "pleroma-otp";
|
||||||
version = "2.2.2";
|
version = "2.3.0";
|
||||||
|
|
||||||
# To find the latest binary release stable link, have a look at
|
# To find the latest binary release stable link, have a look at
|
||||||
# the CI pipeline for the latest commit of the stable branch
|
# the CI pipeline for the latest commit of the stable branch
|
||||||
# https://git.pleroma.social/pleroma/pleroma/-/tree/stable
|
# https://git.pleroma.social/pleroma/pleroma/-/tree/stable
|
||||||
src = {
|
src = {
|
||||||
aarch64-linux = fetchurl {
|
aarch64-linux = fetchurl {
|
||||||
url = "https://git.pleroma.social/pleroma/pleroma/-/jobs/175288/artifacts/download";
|
url = "https://git.pleroma.social/pleroma/pleroma/-/jobs/182392/artifacts/download";
|
||||||
sha256 = "107kp5zqwq1lixk1cwkx4v7zpm0h248xzlm152aj36ghb43j2snw";
|
sha256 = "1drpd6xh7m2damxi5impb8jwvjl6m3qv5yxynl12i8g66vi3rbwf";
|
||||||
};
|
};
|
||||||
x86_64-linux = fetchurl {
|
x86_64-linux = fetchurl {
|
||||||
url = "https://git.pleroma.social/pleroma/pleroma/-/jobs/175284/artifacts/download";
|
url = "https://git.pleroma.social/pleroma/pleroma/-/jobs/182388/artifacts/download";
|
||||||
sha256 = "1c6l04gga9iigm249ywwcrjg6wzy8iiid652mws3j9dnl71w2sim";
|
sha256 = "1c6l04gga9iigm249ywwcrjg6wzy8iiid652mws3j9dnl71w2sim";
|
||||||
};
|
};
|
||||||
}."\${stdenv.hostPlatform.system}";
|
}."\${stdenv.hostPlatform.system}";
|
||||||
|
@ -966,7 +993,7 @@ cat > /etc/nixos/social/pleroma.nix << EOF
|
||||||
initialScript = "/etc/setup.psql";
|
initialScript = "/etc/setup.psql";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
environment.etc."pleroma_setup.psql".text = ''
|
environment.etc."setup.psql".text = ''
|
||||||
CREATE USER pleroma WITH ENCRYPTED PASSWORD '$DB_PASSWORD';
|
CREATE USER pleroma WITH ENCRYPTED PASSWORD '$DB_PASSWORD';
|
||||||
CREATE DATABASE pleroma OWNER pleroma;
|
CREATE DATABASE pleroma OWNER pleroma;
|
||||||
\\c pleroma;
|
\\c pleroma;
|
||||||
|
@ -986,7 +1013,7 @@ import Config
|
||||||
|
|
||||||
config :pleroma, Pleroma.Web.Endpoint,
|
config :pleroma, Pleroma.Web.Endpoint,
|
||||||
url: [host: "social.$DOMAIN", scheme: "https", port: 443],
|
url: [host: "social.$DOMAIN", scheme: "https", port: 443],
|
||||||
http: [ip: {127, 0, 0, 1}, port: 4000],
|
http: [ip: {127, 0, 0, 1}, port: 4000]
|
||||||
#secret_key_base: "",
|
#secret_key_base: "",
|
||||||
#signing_salt: ""
|
#signing_salt: ""
|
||||||
|
|
||||||
|
@ -1011,7 +1038,7 @@ config :pleroma, Pleroma.Repo,
|
||||||
hostname: "localhost",
|
hostname: "localhost",
|
||||||
pool_size: 10
|
pool_size: 10
|
||||||
|
|
||||||
config :web_push_encryption, :vapid_details,
|
#config :web_push_encryption, :vapid_details,
|
||||||
#subject: "",
|
#subject: "",
|
||||||
#public_key: "",
|
#public_key: "",
|
||||||
#private_key: ""
|
#private_key: ""
|
||||||
|
@ -1027,6 +1054,57 @@ config :pleroma, :http_security,
|
||||||
|
|
||||||
config :pleroma, configurable_from_database: false
|
config :pleroma, configurable_from_database: false
|
||||||
|
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat > /etc/nixos/mailserver/system/alps.nix << EOF
|
||||||
|
{ pkgs, lib, fetchgit, buildGoModule, ... }: {
|
||||||
|
nixpkgs.overlays =
|
||||||
|
[ (self: super: { alps = self.callPackage ./alps-package.nix { }; }) ];
|
||||||
|
|
||||||
|
systemd.services = {
|
||||||
|
alps = {
|
||||||
|
path = [ pkgs.alps pkgs.coreutils ];
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart =
|
||||||
|
"\${pkgs.alps}/bin/alps -theme sourcehut imaps://$DOMAIN:993 smtps://$DOMAIN:465";
|
||||||
|
WorkingDirectory = "\${pkgs.alps}/bin";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat > /etc/nixos/mailserver/system/alps-package.nix << EOF
|
||||||
|
{ lib, fetchgit, buildGoModule, ... }:
|
||||||
|
buildGoModule rec {
|
||||||
|
pname = "alps";
|
||||||
|
version = "v1.0.0"; # latest available tag at the moment
|
||||||
|
|
||||||
|
src = fetchGit {
|
||||||
|
url = "https://git.selfprivacy.org/ilchub/selfprivacy-alps";
|
||||||
|
rev = "dc2109ca2fdabfbda5d924faa4947f5694d5d758";
|
||||||
|
};
|
||||||
|
|
||||||
|
vendorSha256 = "0bqg0qjam4mvh07wfil6l5spz32mk5a7kfxxnwfyva805pzmn6dk";
|
||||||
|
|
||||||
|
deleteVendor = false;
|
||||||
|
runVend = true;
|
||||||
|
|
||||||
|
buildPhase = ''
|
||||||
|
go build ./cmd/alps
|
||||||
|
'';
|
||||||
|
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p \$out/bin
|
||||||
|
cp -r * \$out/bin
|
||||||
|
'';
|
||||||
|
|
||||||
|
meta = with lib; {
|
||||||
|
description = "Webmail application for the dovecot/postfix mailserver";
|
||||||
|
homepage = "https://git.selfprivacy.org/ilchub/selfprivacy-alps";
|
||||||
|
license = licenses.mit;
|
||||||
|
};
|
||||||
|
}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
[[ -n "$doNetConf" ]] && makeNetworkingConf || true
|
[[ -n "$doNetConf" ]] && makeNetworkingConf || true
|
||||||
|
|
Loading…
Reference in a new issue