Compare commits
5 commits
63002031d6
...
9b59388c3c
Author | SHA1 | Date | |
---|---|---|---|
9b59388c3c | |||
3289e05101 | |||
6ccc263100 | |||
e85c6bb2c8 | |||
78f97dfcad |
18 changed files with 41 additions and 16 deletions
|
@ -1,5 +1,10 @@
|
|||
{ depot, ... }:
|
||||
|
||||
{
|
||||
services.bitwarden = {
|
||||
nodes.host = [ "VEGAS" ];
|
||||
nixos.host = ./host.nix;
|
||||
};
|
||||
|
||||
dns.records.keychain.target = [ depot.hours.VEGAS.interfaces.primary.addrPublic ];
|
||||
}
|
||||
|
|
|
@ -1,5 +1,10 @@
|
|||
{ depot, ... }:
|
||||
|
||||
{
|
||||
services.gitlab = {
|
||||
nodes.host = [ "VEGAS" ];
|
||||
nixos.host = ./host.nix;
|
||||
};
|
||||
|
||||
dns.records.git.target = [ depot.hours.VEGAS.interfaces.primary.addrPublic ];
|
||||
}
|
||||
|
|
|
@ -9,7 +9,7 @@ let
|
|||
owner = "gitlab";
|
||||
group = "gitlab";
|
||||
mode = "0400";
|
||||
file = ../../../../secrets/${name}.age;
|
||||
file = ../../../secrets/${name}.age;
|
||||
};
|
||||
|
||||
secrets = lib.mapAttrs (_: v: v.path) config.age.secrets;
|
|
@ -1,11 +1,6 @@
|
|||
{ depot, lib, ... }:
|
||||
{
|
||||
imports = [
|
||||
./imap.nix
|
||||
./opendkim.nix
|
||||
./postfix.nix
|
||||
];
|
||||
|
||||
{
|
||||
security.acme.certs."mail.${depot.lib.meta.domain}" = {
|
||||
dnsProvider = "exec";
|
||||
webroot = lib.mkForce null;
|
|
@ -1,6 +1,24 @@
|
|||
{ depot, ... }:
|
||||
|
||||
{
|
||||
services.mail = {
|
||||
nodes = {
|
||||
smtp = [ "VEGAS" ];
|
||||
imap = [ "VEGAS" ];
|
||||
};
|
||||
nixos = {
|
||||
smtp = [
|
||||
./postfix.nix
|
||||
./opendkim.nix
|
||||
./certificate.nix
|
||||
];
|
||||
imap = [
|
||||
./imap.nix
|
||||
./certificate.nix
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
dns.records = let
|
||||
inherit (depot.lib.meta) domain adminEmail;
|
||||
mailServerAddr = depot.hours.VEGAS.interfaces.primary.addrPublic;
|
||||
|
|
|
@ -32,7 +32,7 @@ let
|
|||
'';
|
||||
in {
|
||||
|
||||
age.secrets.dovecotLdapToken.file = ../../../../secrets/dovecot-ldap-token.age;
|
||||
age.secrets.dovecotLdapToken.file = ../../../secrets/dovecot-ldap-token.age;
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 143 993 ];
|
||||
|
|
@ -14,7 +14,7 @@ let
|
|||
in
|
||||
{
|
||||
age.secrets."postfix-ldap-mailboxes.cf" = {
|
||||
file = ../../../../secrets/postfix-ldap-mailboxes.age;
|
||||
file = ../../../secrets/postfix-ldap-mailboxes.age;
|
||||
owner = "postfix";
|
||||
group = "postfix";
|
||||
mode = "0400";
|
|
@ -1,6 +1,11 @@
|
|||
{ depot, ... }:
|
||||
|
||||
{
|
||||
services.sso = {
|
||||
nodes.host = [ "VEGAS" ];
|
||||
nixos.host = ./host.nix;
|
||||
};
|
||||
|
||||
dns.records = let
|
||||
ssoAddr = [ depot.hours.VEGAS.interfaces.primary.addrPublic ];
|
||||
in {
|
||||
|
|
|
@ -9,7 +9,7 @@ in
|
|||
links.keycloak.protocol = "http";
|
||||
|
||||
age.secrets.keycloak-dbpass = {
|
||||
file = ../../../../secrets/keycloak-dbpass.age;
|
||||
file = ../../../secrets/keycloak-dbpass.age;
|
||||
owner = "root";
|
||||
group = "root";
|
||||
mode = "0400";
|
|
@ -66,9 +66,11 @@ in
|
|||
services.wireguard = {
|
||||
nodes = {
|
||||
mesh = [ "checkmate" "grail" "thunderskin" "VEGAS" "prophet" ];
|
||||
storm = [ "VEGAS" ];
|
||||
};
|
||||
nixos = {
|
||||
mesh = ./mesh.nix;
|
||||
storm = ./storm.nix;
|
||||
};
|
||||
secrets.meshPrivateKey = {
|
||||
nodes = config.services.wireguard.nodes.mesh;
|
||||
|
|
|
@ -6,7 +6,7 @@ let
|
|||
in
|
||||
{
|
||||
age.secrets.wireguard-key-storm = {
|
||||
file = ../../../../secrets + "/wireguard-key-storm-${hostName}.age";
|
||||
file = ../../../secrets + "/wireguard-key-storm-${hostName}.age";
|
||||
mode = "0400";
|
||||
};
|
||||
|
|
@ -16,15 +16,10 @@
|
|||
|
||||
# Services
|
||||
./services/backbone-routing
|
||||
./services/bitwarden
|
||||
./services/cdn-shield
|
||||
./services/gitlab
|
||||
./services/jokes
|
||||
./services/mail
|
||||
./services/minecraft
|
||||
./services/sso
|
||||
./services/websites
|
||||
./services/wireguard-server
|
||||
depot.nixosModules.hyprspace
|
||||
depot.nixosModules.nix-builder
|
||||
|
||||
|
|
Loading…
Reference in a new issue