diff options
Diffstat (limited to 'hosts/cloud')
| -rw-r--r-- | hosts/cloud/hetzner/configuration.nix | 1 | ||||
| -rw-r--r-- | hosts/cloud/hetzner/mail.nix | 82 | ||||
| -rw-r--r-- | hosts/cloud/sortug/gitea.nix | 59 | ||||
| -rw-r--r-- | hosts/cloud/sortug/mail.nix | 1 | ||||
| -rw-r--r-- | hosts/cloud/sortug/nginx.nix | 7 |
5 files changed, 124 insertions, 26 deletions
diff --git a/hosts/cloud/hetzner/configuration.nix b/hosts/cloud/hetzner/configuration.nix index 73ca07e..a432391 100644 --- a/hosts/cloud/hetzner/configuration.nix +++ b/hosts/cloud/hetzner/configuration.nix @@ -14,6 +14,7 @@ ../users.nix ../packages.nix ../../server.nix + ./mail.nix ]; boot = { loader.grub = { diff --git a/hosts/cloud/hetzner/mail.nix b/hosts/cloud/hetzner/mail.nix new file mode 100644 index 0000000..deab818 --- /dev/null +++ b/hosts/cloud/hetzner/mail.nix @@ -0,0 +1,82 @@ +{ + config, + pkgs, + ... +}: { + environment.etc = { + "stalwart/mail-pw1".text = "poguo"; + "stalwart/mail-pw2".text = "shahezai"; + "stalwart/admin-pw".text = "chengchun"; + "stalwart/acme-secret".text = "caomushen"; + }; + + services.stalwart-mail = { + enable = true; + package = pkgs.stalwart-mail; + openFirewall = true; + settings = { + server = { + hostname = "mail.urbit.cloud"; + tls = { + enable = true; + implicit = true; + }; + listener = { + smtp = { + protocol = "smtp"; + bind = "[::]:25"; + }; + submissions = { + bind = "[::]:465"; + protocol = "smtp"; + }; + imaps = { + bind = "[::]:993"; + protocol = "imap"; + }; + jmap = { + bind = "[::]:88888"; + url = "https://mail.urbit.cloud"; + protocol = "jmap"; + }; + management = { + bind = ["127.0.0.1:8888"]; + protocol = "http"; + }; + }; + }; + lookup.default = { + hostname = "mail.urbit.cloud"; + domain = "urbit.cloud"; + }; + session.auth = { + mechanisms = "[plain]"; + directory = "'in-memory'"; + }; + storage.directory = "in-memory"; + session.rcpt.directory = "'in-memory'"; + queue.outbound.next-hop = "'local'"; + directory."in-memory" = { + type = "memory"; + principals = [ + { + class = "individual"; + name = "User 1"; + secret = "%{file:/etc/stalwart/mail-pw1}%"; + email = ["polwex@urbit.cloud"]; + } + { + class = "individual"; + name = "postmaster"; + secret = "%{file:/etc/stalwart/mail-pw1}%"; + email = ["postmaster@urbit.cloud"]; + } + ]; + }; + authentication.fallback-admin = { + user = "admin"; + secret = "%{file:/etc/stalwart/admin-pw}%"; + }; + }; + }; +} diff --git a/hosts/cloud/sortug/gitea.nix b/hosts/cloud/sortug/gitea.nix index a25773a..05f304c 100644 --- a/hosts/cloud/sortug/gitea.nix +++ b/hosts/cloud/sortug/gitea.nix @@ -1,27 +1,42 @@ -{ config, ...}: -{ - services.gitea = { +{...}: { + # services.gitea = { + # enable = true; + # user = "git"; + # appName = "Sortug Git"; + # settings.server = { + # domain = "git.sortug.com"; + # ROOT_URL = "https://git.sortug.com/"; + # SSH_PORT = 5522; + # }; + # lfs.enable = true; + # }; + + # users.users = { + # git = { + # description = "Gitea Service"; + # home = "/var/lib/gitea"; + # useDefaultShell = true; + # group = "gitea"; + # isSystemUser = true; + # }; + # }; + + services.gitolite = { enable = true; - user = "git"; - appName = "Sortug Git"; - settings.server = { - domain = "git.sortug.com"; - ROOT_URL = "https://git.sortug.com/"; - SSH_PORT = 5522; - }; - lfs.enable = true; + adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICbdwmBis6Ss6xuDFvIsBE4foQfYECgl0pR60sIzLNtV"; }; - - users.users = { - git = { - description = "Gitea Service"; - home = "/var/lib/gitea"; - useDefaultShell = true; - group = "gitea"; - isSystemUser = true; + services.cgit.y = { + enable = true; + user = "gitolite"; + group = "gitolite"; + # extraConfig = '' + # robots=noindex, nofollow + # logo=/var/lib/sortug-logo.png + # ''; + scanPath = "/var/lib/gitolite/repositories"; + nginx = { + virtualHost = "git.sortug.com"; + location = "/"; }; }; - - - } diff --git a/hosts/cloud/sortug/mail.nix b/hosts/cloud/sortug/mail.nix index ef10866..68a960a 100644 --- a/hosts/cloud/sortug/mail.nix +++ b/hosts/cloud/sortug/mail.nix @@ -6,6 +6,7 @@ # services.dovecot2.sieve.extensions = ["fileinto"]; mailserver = { enable = true; + stateVersion = 1; fqdn = "mail.sortug.com"; domains = ["sortug.com" "yago.onl"]; # workaround diff --git a/hosts/cloud/sortug/nginx.nix b/hosts/cloud/sortug/nginx.nix index 5c129fb..86bc03e 100644 --- a/hosts/cloud/sortug/nginx.nix +++ b/hosts/cloud/sortug/nginx.nix @@ -16,12 +16,11 @@ # root = "/home/y/www"; }; virtualHosts."git.sortug.com" = { + # basicAuth = {yuanshikai = "seegit";}; + proxyPass = "http://127.0.0.1:3000"; + proxyWebsockets = true; # needed if you need to use WebSocket enableACME = true; forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:3000"; - proxyWebsockets = true; # needed if you need to use WebSocket - }; }; virtualHosts."ai.sortug.com" = { enableACME = true; |