m

6 files changed, 100 insertions, 9 deletions

diff --git a/flake.nix b/flake.nix
index e0a9af7..f2ac92f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -109,6 +109,11 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    openai-codex = {
+      url = "github:openai/codex";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     # quickshell = {
     #   # remove ?ref=v0.1.0 to track the master branch
     #   url = "git+https://git.outfoxxed.me/outfoxxed/quickshell?ref=v0.1.0";
diff --git a/hosts/cloud/hetzner/configuration.nix b/hosts/cloud/hetzner/configuration.nix
index 73ca07e..a432391 100644
--- a/hosts/cloud/hetzner/configuration.nix
+++ b/hosts/cloud/hetzner/configuration.nix
@@ -14,6 +14,7 @@
     ../users.nix
     ../packages.nix
     ../../server.nix
+    ./mail.nix
   ];
   boot = {
     loader.grub = {
diff --git a/hosts/cloud/hetzner/mail.nix b/hosts/cloud/hetzner/mail.nix
new file mode 100644
index 0000000..deab818
--- /dev/null
+++ b/hosts/cloud/hetzner/mail.nix
@@ -0,0 +1,82 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  environment.etc = {
+    "stalwart/mail-pw1".text = "poguo";
+    "stalwart/mail-pw2".text = "shahezai";
+    "stalwart/admin-pw".text = "chengchun";
+    "stalwart/acme-secret".text = "caomushen";
+  };
+
+  services.stalwart-mail = {
+    enable = true;
+    package = pkgs.stalwart-mail;
+    openFirewall = true;
+    settings = {
+      server = {
+        hostname = "mail.urbit.cloud";
+        tls = {
+          enable = true;
+          implicit = true;
+        };
+        listener = {
+          smtp = {
+            protocol = "smtp";
+            bind = "[::]:25";
+          };
+          submissions = {
+            bind = "[::]:465";
+            protocol = "smtp";
+          };
+          imaps = {
+            bind = "[::]:993";
+            protocol = "imap";
+          };
+          jmap = {
+            bind = "[::]:88888";
+            url = "https://mail.urbit.cloud";
+            protocol = "jmap";
+          };
+          management = {
+            bind = ["127.0.0.1:8888"];
+            protocol = "http";
+          };
+        };
+      };
+      lookup.default = {
+        hostname = "mail.urbit.cloud";
+        domain = "urbit.cloud";
+      };
+      session.auth = {
+        mechanisms = "[plain]";
+        directory = "'in-memory'";
+      };
+      storage.directory = "in-memory";
+      session.rcpt.directory = "'in-memory'";
+      queue.outbound.next-hop = "'local'";
+      directory."in-memory" = {
+        type = "memory";
+        principals = [
+          {
+            class = "individual";
+            name = "User 1";
+            secret = "%{file:/etc/stalwart/mail-pw1}%";
+            email = ["polwex@urbit.cloud"];
+          }
+          {
+            class = "individual";
+            name = "postmaster";
+            secret = "%{file:/etc/stalwart/mail-pw1}%";
+            email = ["postmaster@urbit.cloud"];
+          }
+        ];
+      };
+      authentication.fallback-admin = {
+        user = "admin";
+        secret = "%{file:/etc/stalwart/admin-pw}%";
+      };
+    };
+  };
+}
diff --git a/hosts/cloud/sortug/gitea.nix b/hosts/cloud/sortug/gitea.nix
index f86ab5d..05f304c 100644
--- a/hosts/cloud/sortug/gitea.nix
+++ b/hosts/cloud/sortug/gitea.nix
@@ -26,11 +26,13 @@
     adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICbdwmBis6Ss6xuDFvIsBE4foQfYECgl0pR60sIzLNtV";
   };
   services.cgit.y = {
-    # user = "gitolite";
     enable = true;
-    extraConfig = ''
-      robots=noindex
-    '';
+    user = "gitolite";
+    group = "gitolite";
+    # extraConfig = ''
+    #   robots=noindex, nofollow
+    # logo=/var/lib/sortug-logo.png
+    # '';
     scanPath = "/var/lib/gitolite/repositories";
     nginx = {
       virtualHost = "git.sortug.com";
diff --git a/hosts/cloud/sortug/nginx.nix b/hosts/cloud/sortug/nginx.nix
index 5c129fb..86bc03e 100644
--- a/hosts/cloud/sortug/nginx.nix
+++ b/hosts/cloud/sortug/nginx.nix
@@ -16,12 +16,11 @@
       # root = "/home/y/www";
     };
     virtualHosts."git.sortug.com" = {
+      # basicAuth = {yuanshikai = "seegit";};
+      proxyPass = "http://127.0.0.1:3000";
+      proxyWebsockets = true; # needed if you need to use WebSocket
       enableACME = true;
       forceSSL = true;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:3000";
-        proxyWebsockets = true; # needed if you need to use WebSocket
-      };
     };
     virtualHosts."ai.sortug.com" = {
       enableACME = true;
diff --git a/hosts/pkgs.nix b/hosts/pkgs.nix
index ea9e916..b31d6ae 100644
--- a/hosts/pkgs.nix
+++ b/hosts/pkgs.nix
@@ -68,7 +68,9 @@
       # aider-chat
       # inputs.yek.packages.x86_64-linux.default
       # python312Packages.google-generativeai
-      codex
+      # codex
+      # inputs.openai-codex.packages.x86_64-linux.codex-rs
+      # inputs.openai-codex.packages.x86_64-linux.codex-cli
       claude-code
       nushell
     ]