update email, setup backups
parent
bd925ad014
commit
56f9cba5bc
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -18,11 +18,9 @@ in
|
|||
imports = [
|
||||
../physical/hetznercloud.nix
|
||||
../roles/server.nix
|
||||
(builtins.fetchTarball {
|
||||
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz";
|
||||
sha256 = "03d49v8qnid9g9rha0wg2z6vic06mhp0b049s3whccn1axvs2zzx";
|
||||
})
|
||||
../modules/muflax-blog.nix
|
||||
../modules/muflax-blog.nix
|
||||
../services/backup.nix
|
||||
../services/email.nix
|
||||
];
|
||||
|
||||
system.stateVersion = "19.03";
|
||||
|
@ -34,20 +32,6 @@ in
|
|||
git = { enable = true; vhost = "git.yori.cc"; };
|
||||
muflax-church = { enable = true; vhost = "muflax.church"; };
|
||||
};
|
||||
mailserver = rec {
|
||||
enable = true;
|
||||
fqdn = "pennyworth.yori.cc";
|
||||
domains = [ "yori.cc" "yorickvanpelt.nl" ];
|
||||
loginAccounts = {
|
||||
"yorick@yori.cc" = {
|
||||
hashedPassword = (import ../secrets.nix).yorick_mailPassword;
|
||||
catchAll = domains;
|
||||
aliases = [ "@yori.cc" "@yorickvanpelt.nl" ];
|
||||
};
|
||||
};
|
||||
certificateScheme = 3;
|
||||
enableImapSsl = true;
|
||||
};
|
||||
|
||||
services.muflax-blog = {
|
||||
enable = true;
|
||||
|
@ -94,6 +78,7 @@ in
|
|||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
environment.noXlibs = true;
|
||||
users.users.yorick.packages = with pkgs; [
|
||||
python2 sshfs-fuse weechat
|
||||
python2 sshfs-fuse weechat ripgrep
|
||||
];
|
||||
|
||||
}
|
||||
|
|
|
@ -23,6 +23,13 @@
|
|||
"url": "https://github.com/nixos/nixos-hardware/archive/c242378e63b0ec334e964ac0c0fbbdd2b3e89ebf.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"nixos-mailserver": {
|
||||
"sha256": "1m8ylrxlkn8nrpsvnivg32ncba9jkfal8a9sjy840hpl1jlm5lc4",
|
||||
"type": "tarball",
|
||||
"url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/ee3d38a1570a1a9aa5e2daa3284d65a35d5e8864/nixos-mailserver-ee3d38a1570a1a9aa5e2daa3284d65a35d5e8864.tar.gz",
|
||||
"url_template": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/<version>/nixos-mailserver-<version>.tar.gz",
|
||||
"version": "ee3d38a1570a1a9aa5e2daa3284d65a35d5e8864"
|
||||
},
|
||||
"nixpkgs": {
|
||||
"branch": "nixos-unstable",
|
||||
"description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
|
||||
|
|
|
@ -0,0 +1,46 @@
|
|||
{ name, ... }:
|
||||
{
|
||||
deployment.keyys = [
|
||||
(../keys + "/${name}_borg_repo.key")
|
||||
(../keys + "/${name}_borg_ssh.key")
|
||||
];
|
||||
services.borgbackup.jobs.backup = {
|
||||
encryption = {
|
||||
# Keep the encryption key in the repo itself
|
||||
mode = "repokey-blake2";
|
||||
|
||||
# Password is used to decrypt the encryption key from the repo
|
||||
passCommand = "cat /root/keys/${name}_borg_repo.key";
|
||||
};
|
||||
environment = {
|
||||
# Make sure we're using Borg >= 1.0
|
||||
BORG_REMOTE_PATH = "borg1";
|
||||
|
||||
# SSH key is specific to the subaccount defined in the repo username
|
||||
BORG_RSH = "ssh -i /root/keys/${name}_borg_ssh.key";
|
||||
};
|
||||
|
||||
# Define schedule
|
||||
startAt = "hourly";
|
||||
|
||||
repo = "14337@ch-s012.rsync.net:${name}";
|
||||
paths = [ "/home" "/root" "/var/lib" ];
|
||||
|
||||
prune.keep = {
|
||||
# hourly backups for the past week
|
||||
within = "7d";
|
||||
|
||||
# daily backups for two weeks before that
|
||||
daily = 14;
|
||||
|
||||
# weekly backups for a month before that
|
||||
weekly = 4;
|
||||
|
||||
# monthly backups for 6 months before that
|
||||
monthly = 6;
|
||||
|
||||
# 2 years
|
||||
yearly = 2;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,26 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
sources = import ../nix/sources.nix;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
("${sources.nixos-mailserver}")
|
||||
];
|
||||
|
||||
mailserver = rec {
|
||||
enable = true;
|
||||
fqdn = "pennyworth.yori.cc";
|
||||
domains = [ "yori.cc" "yorickvanpelt.nl" ];
|
||||
loginAccounts = {
|
||||
"yorick@yori.cc" = {
|
||||
hashedPassword = (import ../secrets.nix).yorick_mailPassword;
|
||||
catchAll = domains;
|
||||
aliases = [ "@yori.cc" "@yorickvanpelt.nl" ];
|
||||
};
|
||||
};
|
||||
certificateScheme = 3;
|
||||
enableImapSsl = true;
|
||||
};
|
||||
|
||||
services.borgbackup.jobs.backup.paths = [ "/var/vmail" ];
|
||||
}
|
Loading…
Reference in New Issue