Merge pull request 'Pleroma issues resolved and authored updated version. Added alps webmail. Added volume as /var filesystem' (#7) from preproduction into master

Reviewed-on: https://git.selfprivacy.org/ilchub/selfprivacy-nixos-infect/pulls/7
2024-11-22 12:01:27 +00:00 · 2021-04-19 17:44:02 +03:00 · 2021-04-19 17:44:02 +03:00 · 2d319a9fd2
parent e94a10a4c1 1229f8fbf9
commit 2d319a9fd2
1 changed files with 87 additions and 9 deletions
--- a/96
+++ b/96
@ -42,12 +42,14 @@ makeConf() {
    $NIXOS_IMPORT
    ./files.nix
    ./mailserver/system/mailserver.nix
+    ./mailserver/system/alps.nix
    ./vpn/ocserv.nix
    ./api/api.nix
    ./api/api-module.nix
    ./social/pleroma-module.nix
    ./social/pleroma.nix
    ./letsencrypt/acme.nix
+    ./letsencrypt/resolve.nix
    ./backup/restic.nix
    ./passmgr/bitwarden.nix
    ./webserver/nginx.nix
@ -62,7 +64,7 @@ makeConf() {
  networking = {
    hostName = "$(hostname)";
    firewall = {
-      allowedTCPPorts = lib.mkForce [ 22 25 80 143 443 587 8443 ];
+      allowedTCPPorts = lib.mkForce [ 22 25 80 143 443 465 587 993 8443 ];
      allowedUDPPorts = lib.mkForce [ 8443 ];
    };
  };
@ -127,7 +129,10 @@ EOF
 {
  imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
  boot.loader.grub.device = "$grubdev";
-  fileSystems."/" = { device = "$rootfsdev"; fsType = "ext4"; };
+  fileSystems = {
+    "/" = { device = "$rootfsdev"; fsType = "ext4"; };
+    "/var" = { device = "/dev/sdb"; fsType = "ext4"; };
+  };
 }
 EOF

@ -251,6 +256,27 @@ EOF
    };
  };
 }
+EOF
+    cat > /etc/nixos/letsencrypt/resolve.nix << EOF
+{ pkgs, ... }:
+{
+  systemd = {
+    services = {
+      "acme-$DOMAIN" = {
+        serviceConfig = {
+          StartLimitBurst = 5;
+          StartLimitIntervalSec = 5;
+          Restart = "on-failure";
+        };
+      };
+      "nginx-config-reload" = {
+        serviceConfig = {
+          After = [ "acme-$DOMAIN.service" ];
+        };
+      };
+    };
+  };
+}
 EOF

    cat > /etc/nixos/backup/restic.nix << EOF
@ -308,6 +334,7 @@ EOF
 {
  services.nginx = {
    enable = true;
+    enableReload = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
@ -751,18 +778,18 @@ cat > /etc/nixos/social/pleroma-package.nix << EOF
 }:
 stdenv.mkDerivation {
  pname = "pleroma-otp";
-  version = "2.2.2";
+  version = "2.3.0";

  # To find the latest binary release stable link, have a look at
  # the CI pipeline for the latest commit of the stable branch
  # https://git.pleroma.social/pleroma/pleroma/-/tree/stable
  src = {
    aarch64-linux = fetchurl {
-      url = "https://git.pleroma.social/pleroma/pleroma/-/jobs/175288/artifacts/download";
-      sha256 = "107kp5zqwq1lixk1cwkx4v7zpm0h248xzlm152aj36ghb43j2snw";
+      url = "https://git.pleroma.social/pleroma/pleroma/-/jobs/182392/artifacts/download";
+      sha256 = "1drpd6xh7m2damxi5impb8jwvjl6m3qv5yxynl12i8g66vi3rbwf";
    };
    x86_64-linux = fetchurl {
-      url = "https://git.pleroma.social/pleroma/pleroma/-/jobs/175284/artifacts/download";
+      url = "https://git.pleroma.social/pleroma/pleroma/-/jobs/182388/artifacts/download";
      sha256 = "1c6l04gga9iigm249ywwcrjg6wzy8iiid652mws3j9dnl71w2sim";
    };
  }."\${stdenv.hostPlatform.system}";
@ -966,7 +993,7 @@ cat > /etc/nixos/social/pleroma.nix << EOF
      initialScript = "/etc/setup.psql";
    };
  };
-  environment.etc."pleroma_setup.psql".text = ''
+  environment.etc."setup.psql".text = ''
 CREATE USER pleroma WITH ENCRYPTED PASSWORD '$DB_PASSWORD';
 CREATE DATABASE pleroma OWNER pleroma;
 \\c pleroma;
@ -986,7 +1013,7 @@ import Config

 config :pleroma, Pleroma.Web.Endpoint,
   url: [host: "social.$DOMAIN", scheme: "https", port: 443],
-   http: [ip: {127, 0, 0, 1}, port: 4000],
+   http: [ip: {127, 0, 0, 1}, port: 4000]
   #secret_key_base: "",
   #signing_salt: ""

@ -1011,7 +1038,7 @@ config :pleroma, Pleroma.Repo,
  hostname: "localhost",
  pool_size: 10

-config :web_push_encryption, :vapid_details,
+#config :web_push_encryption, :vapid_details,
  #subject: "",
  #public_key: "",
  #private_key: ""
@ -1027,6 +1054,57 @@ config :pleroma, :http_security,

 config :pleroma, configurable_from_database: false

+EOF
+
+cat > /etc/nixos/mailserver/system/alps.nix << EOF
+{ pkgs, lib, fetchgit, buildGoModule, ... }: {
+  nixpkgs.overlays =
+    [ (self: super: { alps = self.callPackage ./alps-package.nix { }; }) ];
+
+  systemd.services = {
+    alps = {
+      path = [ pkgs.alps pkgs.coreutils ];
+      serviceConfig = {
+        ExecStart =
+          "\${pkgs.alps}/bin/alps -theme sourcehut imaps://$DOMAIN:993 smtps://$DOMAIN:465";
+        WorkingDirectory = "\${pkgs.alps}/bin";
+      };
+    };
+  };
+}
+EOF
+
+cat > /etc/nixos/mailserver/system/alps-package.nix << EOF
+{ lib, fetchgit, buildGoModule, ... }:
+buildGoModule rec {
+  pname = "alps";
+  version = "v1.0.0"; # latest available tag at the moment
+
+  src = fetchGit {
+    url = "https://git.selfprivacy.org/ilchub/selfprivacy-alps";
+    rev = "dc2109ca2fdabfbda5d924faa4947f5694d5d758";
+  };
+
+  vendorSha256 = "0bqg0qjam4mvh07wfil6l5spz32mk5a7kfxxnwfyva805pzmn6dk";
+
+  deleteVendor = false;
+  runVend = true;
+
+  buildPhase = ''
+    go build ./cmd/alps
+  '';
+
+  installPhase = ''
+    mkdir -p \$out/bin
+    cp -r * \$out/bin
+  '';
+
+  meta = with lib; {
+    description = "Webmail application for the dovecot/postfix mailserver";
+    homepage = "https://git.selfprivacy.org/ilchub/selfprivacy-alps";
+    license = licenses.mit;
+  };
+}
 EOF

  [[ -n "$doNetConf" ]] && makeNetworkingConf || true