steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

nix/os,CFB4ED74: add mailserver container

Browse source
This commit is contained in:
steveej 2019-01-28 15:50:31 +01:00
parent 9f807aa838
commit 8f0b7550aa
3 changed files with 154 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

141
nix/os/containers/mailserver.nix Normal file
View file

@ -0,0 +1,141 @@
{ ... } @ args:
let
passwords = import ../../variables/passwords.crypt.nix;
in args // {
config = { pkgs, ... }: {
imports = [
../profiles/common/user.nix
];
networking.firewall.enable = false;
services.dovecot2 = {
enable = true;
modules = [ pkgs.dovecot_pigeonhole ];
protocols = [ "sieve" ];
enableImap = true;
enableLmtp = true;
enablePAM = true;
showPAMFailure = true;
mailLocation = "maildir:~/.maildir";
sslServerCert = "/etc/secrets/server.pem";
sslServerKey = "/etc/secrets/server.key";
#configFile = "/etc/dovecot/dovecot2_manual.conf";
extraConfig = ''
auth_mechanisms = cram-md5 digest-md5
auth_verbose = yes
passdb {
driver = passwd-file
args = scheme=CRYPT username_format=%u /etc/dovecot/users
}
'';
};
environment.etc."dovecot/users".text = ''
steveej:${passwords.email.steveej}
'';
systemd.services.steveej-getmail-stefanjunker = {
enable = true;
wantedBy = [ "multi-user.target" ];
serviceConfig.User = "steveej";
serviceConfig.Group = "users";
description = "Getmail service";
path = [ pkgs.getmail ];
script = let
rc = pkgs.writeText "mailATstefanjunker.de.getmail.rc" ''
[options]
verbose = 1
read_all = 0
delete_after = 30
[retriever]
type = SimpleIMAPSSLRetriever
server = ssl0.ovh.net
port = 993
username = mail@stefanjunker.de
password = ${passwords.email.mailStefanjunkerDe}
mailboxes = ('INBOX',)
[destination]
type = Maildir
path = ~/.maildir/
'';
in ''
getmail --rcfile=${rc} --idle=INBOX
'';
};
systemd.services.steveej-getmail-webde = {
enable = true;
wantedBy = [ "multi-user.target" ];
serviceConfig.User = "steveej";
serviceConfig.Group = "users";
description = "Getmail service";
path = [ pkgs.getmail ];
serviceConfig.RestartSec = 900;
serviceConfig.Restart = "always";
script = let
rc = pkgs.writeText "schtifATweb.de.getmail.rc" ''
[options]
verbose = 1
read_all = 0
delete_after = 30
[retriever]
type = SimpleIMAPSSLRetriever
server = imap.web.de
port = 993
username = schtif
password = ${passwords.email.schtifATwebDe}
mailboxes = ('INBOX',)
[destination]
type = Maildir
path = ~/.maildir/
'';
in ''
getmail --rcfile=${rc}
'';
};
};
autoStart = true;
bindMounts = {
"/etc/secrets/" = {
hostPath = "/var/lib/container-volumes/mailserver/etc-secrets";
isReadOnly = false;
};
"/home" = {
hostPath = "/var/lib/container-volumes/mailserver/home";
isReadOnly = false;
};
};
privateNetwork = true ;
forwardPorts = [
{
# imaps
containerPort = 993;
hostPort = 993;
protocol = "tcp";
}
{
# sieve
containerPort = 4190;
hostPort = 4190;
protocol = "tcp";
}
];
}

13
nix/os/devices/CFB4ED74/system.nix
View file

@ -29,6 +29,12 @@ in {
interface = "eth0"; interface = "eth0";
}; };
networking.nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
externalInterface = "eth0";
};
# Kubernetes # Kubernetes
# services.kubernetes.roles = ["master" "node"]; # services.kubernetes.roles = ["master" "node"];
@ -57,4 +63,11 @@ in {
ip link set $iface down ip link set $iface down
done done
''; '';
containers = {
mailserver = import ../../containers/mailserver.nix {
hostAddress = "192.168.100.10";
localAddress = "192.168.100.11";
};
};
} }

BIN
nix/variables/passwords.crypt.nix
View file

Binary file not shown.