Compare commits

..

5 commits

18 changed files with 41 additions and 16 deletions

View file

@ -1,5 +1,10 @@
{ depot, ... }:
{
services.bitwarden = {
nodes.host = [ "VEGAS" ];
nixos.host = ./host.nix;
};
dns.records.keychain.target = [ depot.hours.VEGAS.interfaces.primary.addrPublic ];
}

View file

@ -1,5 +1,10 @@
{ depot, ... }:
{
services.gitlab = {
nodes.host = [ "VEGAS" ];
nixos.host = ./host.nix;
};
dns.records.git.target = [ depot.hours.VEGAS.interfaces.primary.addrPublic ];
}

View file

@ -9,7 +9,7 @@ let
owner = "gitlab";
group = "gitlab";
mode = "0400";
file = ../../../../secrets/${name}.age;
file = ../../../secrets/${name}.age;
};
secrets = lib.mapAttrs (_: v: v.path) config.age.secrets;

View file

@ -1,11 +1,6 @@
{ depot, lib, ... }:
{
imports = [
./imap.nix
./opendkim.nix
./postfix.nix
];
{
security.acme.certs."mail.${depot.lib.meta.domain}" = {
dnsProvider = "exec";
webroot = lib.mkForce null;

View file

@ -1,6 +1,24 @@
{ depot, ... }:
{
services.mail = {
nodes = {
smtp = [ "VEGAS" ];
imap = [ "VEGAS" ];
};
nixos = {
smtp = [
./postfix.nix
./opendkim.nix
./certificate.nix
];
imap = [
./imap.nix
./certificate.nix
];
};
};
dns.records = let
inherit (depot.lib.meta) domain adminEmail;
mailServerAddr = depot.hours.VEGAS.interfaces.primary.addrPublic;

View file

@ -32,7 +32,7 @@ let
'';
in {
age.secrets.dovecotLdapToken.file = ../../../../secrets/dovecot-ldap-token.age;
age.secrets.dovecotLdapToken.file = ../../../secrets/dovecot-ldap-token.age;
networking.firewall.allowedTCPPorts = [ 143 993 ];

View file

@ -14,7 +14,7 @@ let
in
{
age.secrets."postfix-ldap-mailboxes.cf" = {
file = ../../../../secrets/postfix-ldap-mailboxes.age;
file = ../../../secrets/postfix-ldap-mailboxes.age;
owner = "postfix";
group = "postfix";
mode = "0400";

View file

@ -1,6 +1,11 @@
{ depot, ... }:
{
services.sso = {
nodes.host = [ "VEGAS" ];
nixos.host = ./host.nix;
};
dns.records = let
ssoAddr = [ depot.hours.VEGAS.interfaces.primary.addrPublic ];
in {

View file

@ -9,7 +9,7 @@ in
links.keycloak.protocol = "http";
age.secrets.keycloak-dbpass = {
file = ../../../../secrets/keycloak-dbpass.age;
file = ../../../secrets/keycloak-dbpass.age;
owner = "root";
group = "root";
mode = "0400";

View file

@ -66,9 +66,11 @@ in
services.wireguard = {
nodes = {
mesh = [ "checkmate" "grail" "thunderskin" "VEGAS" "prophet" ];
storm = [ "VEGAS" ];
};
nixos = {
mesh = ./mesh.nix;
storm = ./storm.nix;
};
secrets.meshPrivateKey = {
nodes = config.services.wireguard.nodes.mesh;

View file

@ -6,7 +6,7 @@ let
in
{
age.secrets.wireguard-key-storm = {
file = ../../../../secrets + "/wireguard-key-storm-${hostName}.age";
file = ../../../secrets + "/wireguard-key-storm-${hostName}.age";
mode = "0400";
};

View file

@ -16,15 +16,10 @@
# Services
./services/backbone-routing
./services/bitwarden
./services/cdn-shield
./services/gitlab
./services/jokes
./services/mail
./services/minecraft
./services/sso
./services/websites
./services/wireguard-server
depot.nixosModules.hyprspace
depot.nixosModules.nix-builder