From 8f0b7550aa9d61f17df6384f8f1c2a4f30f6d3db Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 28 Jan 2019 15:50:31 +0100 Subject: [PATCH] nix/os,CFB4ED74: add mailserver container --- nix/os/containers/mailserver.nix | 141 +++++++++++++++++++++++++++++ nix/os/devices/CFB4ED74/system.nix | 13 +++ nix/variables/passwords.crypt.nix | Bin 283 -> 500 bytes 3 files changed, 154 insertions(+) create mode 100644 nix/os/containers/mailserver.nix diff --git a/nix/os/containers/mailserver.nix b/nix/os/containers/mailserver.nix new file mode 100644 index 0000000..afc16b4 --- /dev/null +++ b/nix/os/containers/mailserver.nix @@ -0,0 +1,141 @@ +{ ... } @ args: + +let + passwords = import ../../variables/passwords.crypt.nix; + +in args // { + config = { pkgs, ... }: { + imports = [ + ../profiles/common/user.nix + ]; + + networking.firewall.enable = false; + + services.dovecot2 = { + enable = true; + + modules = [ pkgs.dovecot_pigeonhole ]; + protocols = [ "sieve" ]; + + enableImap = true; + enableLmtp = true; + enablePAM = true; + showPAMFailure = true; + mailLocation = "maildir:~/.maildir"; + sslServerCert = "/etc/secrets/server.pem"; + sslServerKey = "/etc/secrets/server.key"; + + #configFile = "/etc/dovecot/dovecot2_manual.conf"; + extraConfig = '' + auth_mechanisms = cram-md5 digest-md5 + auth_verbose = yes + + passdb { + driver = passwd-file + args = scheme=CRYPT username_format=%u /etc/dovecot/users + } + + ''; + + }; + + environment.etc."dovecot/users".text = '' + steveej:${passwords.email.steveej} + ''; + + systemd.services.steveej-getmail-stefanjunker = { + enable = true; + wantedBy = [ "multi-user.target" ]; + serviceConfig.User = "steveej"; + serviceConfig.Group = "users"; + description = "Getmail service"; + path = [ pkgs.getmail ]; + script = let + rc = pkgs.writeText "mailATstefanjunker.de.getmail.rc" '' + [options] + verbose = 1 + read_all = 0 + delete_after = 30 + + [retriever] + type = SimpleIMAPSSLRetriever + server = ssl0.ovh.net + port = 993 + username = mail@stefanjunker.de + password = ${passwords.email.mailStefanjunkerDe} + mailboxes = ('INBOX',) + + [destination] + type = Maildir + path = ~/.maildir/ + ''; + in '' + getmail --rcfile=${rc} --idle=INBOX + ''; + }; + + systemd.services.steveej-getmail-webde = { + enable = true; + wantedBy = [ "multi-user.target" ]; + serviceConfig.User = "steveej"; + serviceConfig.Group = "users"; + description = "Getmail service"; + path = [ pkgs.getmail ]; + serviceConfig.RestartSec = 900; + serviceConfig.Restart = "always"; + script = let + rc = pkgs.writeText "schtifATweb.de.getmail.rc" '' + [options] + verbose = 1 + read_all = 0 + delete_after = 30 + + [retriever] + type = SimpleIMAPSSLRetriever + server = imap.web.de + port = 993 + username = schtif + password = ${passwords.email.schtifATwebDe} + mailboxes = ('INBOX',) + + [destination] + type = Maildir + path = ~/.maildir/ + ''; + in '' + getmail --rcfile=${rc} + ''; + }; + }; + + autoStart = true; + + bindMounts = { + "/etc/secrets/" = { + hostPath = "/var/lib/container-volumes/mailserver/etc-secrets"; + isReadOnly = false; + }; + + "/home" = { + hostPath = "/var/lib/container-volumes/mailserver/home"; + isReadOnly = false; + }; + }; + + privateNetwork = true ; + forwardPorts = [ + { + # imaps + containerPort = 993; + hostPort = 993; + protocol = "tcp"; + } + + { + # sieve + containerPort = 4190; + hostPort = 4190; + protocol = "tcp"; + } + ]; +} diff --git a/nix/os/devices/CFB4ED74/system.nix b/nix/os/devices/CFB4ED74/system.nix index 257996d..9aab114 100644 --- a/nix/os/devices/CFB4ED74/system.nix +++ b/nix/os/devices/CFB4ED74/system.nix @@ -29,6 +29,12 @@ in { interface = "eth0"; }; + networking.nat = { + enable = true; + internalInterfaces = [ "ve-+" ]; + externalInterface = "eth0"; + }; + # Kubernetes # services.kubernetes.roles = ["master" "node"]; @@ -57,4 +63,11 @@ in { ip link set $iface down done ''; + + containers = { + mailserver = import ../../containers/mailserver.nix { + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.11"; + }; + }; } diff --git a/nix/variables/passwords.crypt.nix b/nix/variables/passwords.crypt.nix index 2ff89f73359171e1e0f5e91f79a8da423d56eaaf..e84fce153f4f96fd82f183bf849816de49518059 100644 GIT binary patch literal 500 zcmZQ@_Y83kiVO&0kY7<+{O`!2le&Jr;=A`+q~5vZo4MxpKa05w_Guo@IT~`HaKXwm z8`>CoDx`ze{;lN8f4Sg?X8x|WqV{Dx31`>+k_~^uen~$okK^y3FG)#47bgC@!1X2W zgLGTDf9Ch@b9Fo$UcOshVxd#^-LuLq_f!6q?Lo@PcmHd(Z7$+eSu>k6LFIU@_@}*r z8#GRKsC^B!&6k&mp5B`%-+A(07uPQ1Q?660z6;CFED&2DedG!MG@;KoPR^T5yqHc{JgABj<{o zLjLI0Z*10``*AU#;qc|%b9G`(Tnr?feObGhQ*{>$+P~L(Hp%D5gZ)-B+&=uV;koC! zO^QoCSbf$Pk7t7Cnf<%}^(5TUYyFm_+fcnF)PyxqmH*@xsaDpTpA7yz4hj6xtFgqg z>c{s>tr6+k+5BZ)ONGyfcb(bgeK<-ez3dCue$!qNhTEnSWZZq6Qwqzjmzvvcb*kex z(@Hw}$oihM)9U&O*ZS6$Yv;cyl}P*jpG7&}ts{1s`HQOe2^b%7 literal 283 zcmZQ@_Y83kiVO&0n3Axr(@Z2lCHbBItZBM0O}W=<-RTbf8E~$IUB-67E6pE!Pwv&c zaqRx}??)ECJ$mqpW!&YMZTFZ?CZ7{cRDT`4wj{4>^Sm`#{SArfAI?sA6jYzuxE1zsy)xlWY_6_0Ru>a%#RJ203N-BZ`DyykJ5|v zOBQc;SuA%X-FoHc?Jsf_{><7Cki7SNbLE=lF8?=e_#!(Y|E&3TjV84?r8%;?-gP(F zoYqXay?NHj-c9xj8FQDtdofY+)OyXvg{-^G(<1DjW|T}+WuIdxr9JViRb9mYLdGTg uG9IdBGwJ)JE4OP^oxF84t*oI