swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2026-04-15 05:39:11 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat[server]: add firezone
Some checks failed
Build and Deploy / build (push) Has been cancelled
Details
Build and Deploy / deploy (push) Has been cancelled
Details

Browse source
This commit is contained in:
Leon Schwarzäugl 2026-01-01 02:30:10 +01:00
parent 2d766e8246
commit 2ff914d49d
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
69 changed files with 2415 additions and 1132 deletions
Download patch file Download diff file Expand all files Collapse all files

16
modules/nixos/server/mailserver.nix
View file

@ -1,8 +1,8 @@
{ lib, config, globals, dns, confLib, ... }:
let
inherit (config.swarselsystems) sopsFile;
inherit (confLib.gen { name = "mailserver"; dir = "/var/lib/dovecot"; user = "virtualMail"; group = "virtualMail"; port = 443; }) serviceName serviceDir servicePort serviceUser serviceGroup serviceAddress serviceDomain serviceProxy proxyAddress4 proxyAddress6;
inherit (config.repo.secrets.local.mailserver) user1 alias1_1 alias1_2 alias1_3 alias1_4 user2 alias2_1 alias2_2 user3;
inherit (confLib.gen { name = "mailserver"; dir = "/var/lib/dovecot"; user = "virtualMail"; group = "virtualMail"; port = 443; }) serviceName serviceDir servicePort serviceUser serviceGroup serviceAddress serviceDomain proxyAddress4 proxyAddress6 isHome webProxy dnsServer;
inherit (config.repo.secrets.local.mailserver) user1 alias1_1 alias1_2 alias1_3 alias1_4 user2 alias2_1 alias2_2 alias2_3 user3;
baseDomain = globals.domains.main;
roundcubeDomain = config.repo.secrets.common.services.domains.roundcube;
@ -15,7 +15,7 @@ in
};
config = lib.mkIf config.swarselmodules.server.${serviceName} {
nodes.stoicclub.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
nodes.${dnsServer}.swarselsystems.server.dns.${globals.services.${serviceName}.baseDomain}.subdomainRecords = {
"${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host endpointAddress4 endpointAddress6;
"${globals.services.roundcube.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
};
@ -28,7 +28,7 @@ in
};
roundcube = {
domain = roundcubeDomain;
inherit proxyAddress4 proxyAddress6;
inherit proxyAddress4 proxyAddress6 isHome;
};
};
@ -60,6 +60,9 @@ in
openFirewall = true;
certificateScheme = "acme";
dmarcReporting.enable = true;
enableSubmission = true;
enableSubmissionSsl = true;
enableImapSsl = true;
loginAccounts = {
"${user1}@${baseDomain}" = {
@ -76,6 +79,7 @@ in
aliases = [
"${alias2_1}@${baseDomain}"
"${alias2_2}@${baseDomain}"
"${alias2_3}@${baseDomain}"
];
sendOnly = true;
};
@ -125,7 +129,7 @@ in
};
};
nodes.${serviceProxy}.services.nginx = {
nodes.${webProxy}.services.nginx = {
upstreams = {
${serviceName} = {
servers = {
@ -144,6 +148,8 @@ in
proxyPass = "https://${serviceName}";
extraConfig = ''
client_max_body_size 0;
proxy_ssl_server_name on;
proxy_ssl_name ${roundcubeDomain};
'';
};
};