diff --git a/nix/os/containers/mailserver.nix b/nix/os/containers/mailserver.nix new file mode 100644 index 0000000..afc16b4 --- /dev/null +++ b/nix/os/containers/mailserver.nix @@ -0,0 +1,141 @@ +{ ... } @ args: + +let + passwords = import ../../variables/passwords.crypt.nix; + +in args // { + config = { pkgs, ... }: { + imports = [ + ../profiles/common/user.nix + ]; + + networking.firewall.enable = false; + + services.dovecot2 = { + enable = true; + + modules = [ pkgs.dovecot_pigeonhole ]; + protocols = [ "sieve" ]; + + enableImap = true; + enableLmtp = true; + enablePAM = true; + showPAMFailure = true; + mailLocation = "maildir:~/.maildir"; + sslServerCert = "/etc/secrets/server.pem"; + sslServerKey = "/etc/secrets/server.key"; + + #configFile = "/etc/dovecot/dovecot2_manual.conf"; + extraConfig = '' + auth_mechanisms = cram-md5 digest-md5 + auth_verbose = yes + + passdb { + driver = passwd-file + args = scheme=CRYPT username_format=%u /etc/dovecot/users + } + + ''; + + }; + + environment.etc."dovecot/users".text = '' + steveej:${passwords.email.steveej} + ''; + + systemd.services.steveej-getmail-stefanjunker = { + enable = true; + wantedBy = [ "multi-user.target" ]; + serviceConfig.User = "steveej"; + serviceConfig.Group = "users"; + description = "Getmail service"; + path = [ pkgs.getmail ]; + script = let + rc = pkgs.writeText "mailATstefanjunker.de.getmail.rc" '' + [options] + verbose = 1 + read_all = 0 + delete_after = 30 + + [retriever] + type = SimpleIMAPSSLRetriever + server = ssl0.ovh.net + port = 993 + username = mail@stefanjunker.de + password = ${passwords.email.mailStefanjunkerDe} + mailboxes = ('INBOX',) + + [destination] + type = Maildir + path = ~/.maildir/ + ''; + in '' + getmail --rcfile=${rc} --idle=INBOX + ''; + }; + + systemd.services.steveej-getmail-webde = { + enable = true; + wantedBy = [ "multi-user.target" ]; + serviceConfig.User = "steveej"; + serviceConfig.Group = "users"; + description = "Getmail service"; + path = [ pkgs.getmail ]; + serviceConfig.RestartSec = 900; + serviceConfig.Restart = "always"; + script = let + rc = pkgs.writeText "schtifATweb.de.getmail.rc" '' + [options] + verbose = 1 + read_all = 0 + delete_after = 30 + + [retriever] + type = SimpleIMAPSSLRetriever + server = imap.web.de + port = 993 + username = schtif + password = ${passwords.email.schtifATwebDe} + mailboxes = ('INBOX',) + + [destination] + type = Maildir + path = ~/.maildir/ + ''; + in '' + getmail --rcfile=${rc} + ''; + }; + }; + + autoStart = true; + + bindMounts = { + "/etc/secrets/" = { + hostPath = "/var/lib/container-volumes/mailserver/etc-secrets"; + isReadOnly = false; + }; + + "/home" = { + hostPath = "/var/lib/container-volumes/mailserver/home"; + isReadOnly = false; + }; + }; + + privateNetwork = true ; + forwardPorts = [ + { + # imaps + containerPort = 993; + hostPort = 993; + protocol = "tcp"; + } + + { + # sieve + containerPort = 4190; + hostPort = 4190; + protocol = "tcp"; + } + ]; +} diff --git a/nix/os/devices/CFB4ED74/system.nix b/nix/os/devices/CFB4ED74/system.nix index 257996d..9aab114 100644 --- a/nix/os/devices/CFB4ED74/system.nix +++ b/nix/os/devices/CFB4ED74/system.nix @@ -29,6 +29,12 @@ in { interface = "eth0"; }; + networking.nat = { + enable = true; + internalInterfaces = [ "ve-+" ]; + externalInterface = "eth0"; + }; + # Kubernetes # services.kubernetes.roles = ["master" "node"]; @@ -57,4 +63,11 @@ in { ip link set $iface down done ''; + + containers = { + mailserver = import ../../containers/mailserver.nix { + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.11"; + }; + }; } diff --git a/nix/variables/passwords.crypt.nix b/nix/variables/passwords.crypt.nix index 2ff89f7..e84fce1 100644 Binary files a/nix/variables/passwords.crypt.nix and b/nix/variables/passwords.crypt.nix differ