update email, setup backups
parent
bd925ad014
commit
56f9cba5bc
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -18,11 +18,9 @@ in
|
||||||
imports = [
|
imports = [
|
||||||
../physical/hetznercloud.nix
|
../physical/hetznercloud.nix
|
||||||
../roles/server.nix
|
../roles/server.nix
|
||||||
(builtins.fetchTarball {
|
../modules/muflax-blog.nix
|
||||||
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz";
|
../services/backup.nix
|
||||||
sha256 = "03d49v8qnid9g9rha0wg2z6vic06mhp0b049s3whccn1axvs2zzx";
|
../services/email.nix
|
||||||
})
|
|
||||||
../modules/muflax-blog.nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
system.stateVersion = "19.03";
|
system.stateVersion = "19.03";
|
||||||
|
@ -34,20 +32,6 @@ in
|
||||||
git = { enable = true; vhost = "git.yori.cc"; };
|
git = { enable = true; vhost = "git.yori.cc"; };
|
||||||
muflax-church = { enable = true; vhost = "muflax.church"; };
|
muflax-church = { enable = true; vhost = "muflax.church"; };
|
||||||
};
|
};
|
||||||
mailserver = rec {
|
|
||||||
enable = true;
|
|
||||||
fqdn = "pennyworth.yori.cc";
|
|
||||||
domains = [ "yori.cc" "yorickvanpelt.nl" ];
|
|
||||||
loginAccounts = {
|
|
||||||
"yorick@yori.cc" = {
|
|
||||||
hashedPassword = (import ../secrets.nix).yorick_mailPassword;
|
|
||||||
catchAll = domains;
|
|
||||||
aliases = [ "@yori.cc" "@yorickvanpelt.nl" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
certificateScheme = 3;
|
|
||||||
enableImapSsl = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.muflax-blog = {
|
services.muflax-blog = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -94,6 +78,7 @@ in
|
||||||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||||
environment.noXlibs = true;
|
environment.noXlibs = true;
|
||||||
users.users.yorick.packages = with pkgs; [
|
users.users.yorick.packages = with pkgs; [
|
||||||
python2 sshfs-fuse weechat
|
python2 sshfs-fuse weechat ripgrep
|
||||||
];
|
];
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,6 +23,13 @@
|
||||||
"url": "https://github.com/nixos/nixos-hardware/archive/c242378e63b0ec334e964ac0c0fbbdd2b3e89ebf.tar.gz",
|
"url": "https://github.com/nixos/nixos-hardware/archive/c242378e63b0ec334e964ac0c0fbbdd2b3e89ebf.tar.gz",
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||||
},
|
},
|
||||||
|
"nixos-mailserver": {
|
||||||
|
"sha256": "1m8ylrxlkn8nrpsvnivg32ncba9jkfal8a9sjy840hpl1jlm5lc4",
|
||||||
|
"type": "tarball",
|
||||||
|
"url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/ee3d38a1570a1a9aa5e2daa3284d65a35d5e8864/nixos-mailserver-ee3d38a1570a1a9aa5e2daa3284d65a35d5e8864.tar.gz",
|
||||||
|
"url_template": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/<version>/nixos-mailserver-<version>.tar.gz",
|
||||||
|
"version": "ee3d38a1570a1a9aa5e2daa3284d65a35d5e8864"
|
||||||
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"branch": "nixos-unstable",
|
"branch": "nixos-unstable",
|
||||||
"description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
|
"description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
|
||||||
|
|
|
@ -0,0 +1,46 @@
|
||||||
|
{ name, ... }:
|
||||||
|
{
|
||||||
|
deployment.keyys = [
|
||||||
|
(../keys + "/${name}_borg_repo.key")
|
||||||
|
(../keys + "/${name}_borg_ssh.key")
|
||||||
|
];
|
||||||
|
services.borgbackup.jobs.backup = {
|
||||||
|
encryption = {
|
||||||
|
# Keep the encryption key in the repo itself
|
||||||
|
mode = "repokey-blake2";
|
||||||
|
|
||||||
|
# Password is used to decrypt the encryption key from the repo
|
||||||
|
passCommand = "cat /root/keys/${name}_borg_repo.key";
|
||||||
|
};
|
||||||
|
environment = {
|
||||||
|
# Make sure we're using Borg >= 1.0
|
||||||
|
BORG_REMOTE_PATH = "borg1";
|
||||||
|
|
||||||
|
# SSH key is specific to the subaccount defined in the repo username
|
||||||
|
BORG_RSH = "ssh -i /root/keys/${name}_borg_ssh.key";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Define schedule
|
||||||
|
startAt = "hourly";
|
||||||
|
|
||||||
|
repo = "14337@ch-s012.rsync.net:${name}";
|
||||||
|
paths = [ "/home" "/root" "/var/lib" ];
|
||||||
|
|
||||||
|
prune.keep = {
|
||||||
|
# hourly backups for the past week
|
||||||
|
within = "7d";
|
||||||
|
|
||||||
|
# daily backups for two weeks before that
|
||||||
|
daily = 14;
|
||||||
|
|
||||||
|
# weekly backups for a month before that
|
||||||
|
weekly = 4;
|
||||||
|
|
||||||
|
# monthly backups for 6 months before that
|
||||||
|
monthly = 6;
|
||||||
|
|
||||||
|
# 2 years
|
||||||
|
yearly = 2;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,26 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
sources = import ../nix/sources.nix;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
("${sources.nixos-mailserver}")
|
||||||
|
];
|
||||||
|
|
||||||
|
mailserver = rec {
|
||||||
|
enable = true;
|
||||||
|
fqdn = "pennyworth.yori.cc";
|
||||||
|
domains = [ "yori.cc" "yorickvanpelt.nl" ];
|
||||||
|
loginAccounts = {
|
||||||
|
"yorick@yori.cc" = {
|
||||||
|
hashedPassword = (import ../secrets.nix).yorick_mailPassword;
|
||||||
|
catchAll = domains;
|
||||||
|
aliases = [ "@yori.cc" "@yorickvanpelt.nl" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
certificateScheme = 3;
|
||||||
|
enableImapSsl = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.borgbackup.jobs.backup.paths = [ "/var/vmail" ];
|
||||||
|
}
|
Loading…
Reference in New Issue