Adding Sogo WebMailer #31

Merged
tanneberger merged 4 commits from sogo-test into main 2023-04-13 19:38:25 +02:00
4 changed files with 55 additions and 28 deletions

View file

@ -71,11 +71,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1680390120,
"narHash": "sha256-RyDJcG/7mfimadlo8vO0QjW22mvYH1+cCqMuigUntr8=",
"lastModified": 1681005198,
"narHash": "sha256-5LrnBeXR7Hv8OXh6eany7br4qBW+ZNl4LKf1CJu9zbg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c1e2efaca8d8a3db6a36f652765d6c6ba7bb8fae",
"rev": "e45cc0138829ad86e7ff17a76acf2d05e781e30a",
"type": "github"
},
"original": {
@ -87,11 +87,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1680334310,
"narHash": "sha256-ISWz16oGxBhF7wqAxefMPwFag6SlsA9up8muV79V9ck=",
"lastModified": 1681269223,
"narHash": "sha256-i6OeI2f7qGvmLfD07l1Az5iBL+bFeP0RHixisWtpUGo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "884e3b68be02ff9d61a042bc9bd9dd2a358f95da",
"rev": "87edbd74246ccdfa64503f334ed86fa04010bab9",
"type": "github"
},
"original": {
@ -116,11 +116,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1680404136,
"narHash": "sha256-06D8HJmRv4DdpEQGblMhx2Vm81SBWM61XBBIx7QQfo0=",
"lastModified": 1681209176,
"narHash": "sha256-wyQokPpkNZnsl/bVf8m1428tfA0hJ0w/qexq4EizhTc=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "b93eb910f768f9788737bfed596a598557e5625d",
"rev": "00d5fd73756d424de5263b92235563bc06f2c6e1",
"type": "github"
},
"original": {

View file

@ -1,12 +1,16 @@
{ config, pkgs, ... }:
let
SOGo-hostname = "mail.${config.fsr.domain}";
sogo-hostname = "mail.${config.fsr.domain}";
domain = config.fsr.domain;
pg-port = toString config.services.postgresql.port;
in
{
sops.secrets.ldap_search = {
owner = config.systemd.services.sogo.serviceConfig.User;
};
sops.secrets.postgres_sogo = {
owner = config.systemd.services.sogo.serviceConfig.User;
};
services = {
sogo = {
@ -20,30 +24,39 @@ in
UIDFieldName = uid;
baseDN = "ou = users, dc=ifsr, dc=de";
bindDN = "uid=search, ou=users, dc=ifsr, dc=de";
bindPassword = ${config.sops.secrets.ldap_search.path};
bindPassword = LDAP_SEARCH;
hostname = "ldap://localhost";
canAuthenticate = YES;
id = directory;
});
SOGoProfileURL = "postgresql://sogo:sogo@localhost:5432/sogo/sogo_user_profile";
SOGoFolderInfoURL = "postgreql://sogo:sogo@localhost:5432/sogo/sogo_folder_info";
OCSSessionsFolderURL = "postgresql://sogo:sogo@localhost:5432/sogo/sogo_sessions_folder";
SOGoProfileURL = "postgresql://sogo:POSTGRES_PASSWORD@localhost:${pg-port}/sogo/sogo_user_profile";
SOGoFolderInfoURL = "postgreql://sogo:POSTGRES_PASSWORD@localhost:${pg-port}/sogo/sogo_folder_info";
OCSSessionsFolderURL = "postgresql://sogo:POSTGRES_PASSWORD@localhost:${pg-port}/sogo/sogo_sessions_folder";
''; # Hier ist bindPassword noch nicht vollständig
vhostName = "${SOGo-hostname}";
configReplaces = {
"LDAP_SEARCH" = config.sops.secrets.ldap_search.path;
"POSTGRES_PASSWORD" = config.sops.secrets.postgres_sogo.path;
};
vhostName = "${sogo-hostname}";
timezone = "Europe/Berlin";
};
postgresql = {
ensureUsers = [{
name = "SOGo";
}];
ensureDatabases = [ "SOGo" ];
enable = true;
ensureUsers = [
{
name = "sogo";
ensurePermissions = {
"DATABASE sogo" = "ALL PRIVILEGES";
};
}
];
ensureDatabases = [ "sogo" ];
};
nginx = {
recommendedProxySettings = true;
virtualHosts."${SOGo-hostname}" = {
virtualHosts."${sogo-hostname}" = {
forceSSL = true;
enableACME = true;
locations = {
@ -52,10 +65,22 @@ in
proxyWebsockets = true;
};
};
};
};
};
};
systemd.services.sogo.after = [ "sogo-pgsetup.service" ];
systemd.services.sogo-pgsetup = {
description = "Prepare Sogo postgres database";
wantedBy = [ "multi-user.target" ];
after = [ "networking.target" "postgresql.service" ];
serviceConfig.Type = "oneshot";
path = [ pkgs.sudo config.services.postgresql.package ];
script = ''
sudo -u ${config.services.postgresql.superUser} psql -c "ALTER ROLE sogo WITH PASSWORD '$(cat ${config.sops.secrets.postgres_sogo.path})'"
'';
};
}

View file

@ -1,6 +1,7 @@
postgres_keycloak: ENC[AES256_GCM,data:Vi0NLjpYDvFGIYYL/VPdgOqAS51KXQynBFlBjK64elU=,iv:JY65V7b8zWSX4aNEK5pD7iyxnqIr8jexcG3pIBNbmvg=,tag:auDyPClH1VbWbFoWWK5E9w==,type:str]
postgres_hedgedoc: ENC[AES256_GCM,data:PLsPSfAb/b4UyXVW5w/zKkIBySIuPceRx8TvoA1DNok=,iv:v2FtaaJME9Nf/nQNPtpGFwTOXVk5hx7JUc20WI6CpkI=,tag:7obCT3uIPkrYecsraxwWag==,type:str]
postgres_nextcloud: ENC[AES256_GCM,data:Lv0Ld3sf+hoUE2qrsf9qGSYf5aVLqm5GIbK2hEoR5Uc=,iv:/4hqMV42J37byJgZZGhMqsHNtutikcXhun2uk2HhsHY=,tag:+L4scIHq2nopBlr64KJgjA==,type:str]
postgres_sogo: ENC[AES256_GCM,data:CkHaLVcDuznmjXWNBDKzXdjMY8EkCg6ARHtVkZxNNgI=,iv:CpzmvN/caV+xozQnxEtR99ZJtMAdH5rSt3SHAKiHAIE=,tag:IeNR2z9FG+XepYwsYEHaoA==,type:str]
nextcloud_adminpass: ENC[AES256_GCM,data:EMvcFOGJz45P4nvJ5Yy4SziWa2pUWBqt4ZZdde6wegk=,iv:tG9bhB7HPprZMnfV/uC/v7fqmjQd5d4Oj5avOtK2/0A=,tag:8jBDpnahwQsXsD2Ivf6jDw==,type:str]
hedgedoc_session_secret: ENC[AES256_GCM,data:uz7KggZqeZ2eqiCnOcnYh2I1p5BBXTQbC8PUhB2kM2U=,iv:aJDHKCPkccCT/OF6AGZMfRESNmoV9muGHbuCUfLQhH8=,tag:uEVXylpE8MSebqRr+4mQOw==,type:str]
wg-fsr: ENC[AES256_GCM,data:0WViJp9fNKVxq8LsK5R0Ihn3r+S7CLBk5voKn55dABidlFSLpsA0q+KTxoY=,iv:rc4B8N2otqolSRLfpeRkIn7iNlED7XUjY//OCI2oQ5c=,tag:eWO6LniGnTd8KZ4pSyrR5A==,type:str]
@ -29,8 +30,8 @@ sops:
Z212K3JDWmRsZmVpdjBaUE1kL3phMm8K/x3Ssn0LEO7BfTUoOJQ6h88vlwA/AvQj
KsosHSWO7vsgqKPPO+OPbHV1y8OTAKubcrk5szTUWBNOvggIw3nWDA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-04-03T21:11:07Z"
mac: ENC[AES256_GCM,data:rRaRGEZ0OSuABW2Fh2bKIt9eu8XQf+fHGFYhYzENwl46KErNAtRuw1Zphx1xOBh6hTFcpfc2IzbuLlBtLN7SyL0Z7az2ze/ds1I8cnz08Q9sv/BgrcF6zYOdvd1XetwuQsGPIxKvi3FDr/KBET5DbXGS2TOw58VgeurUMAiuXU0=,iv:dfsXrOYHwmfvg9UtTPLtpgV/PaFOlzgEMNliwgzePww=,tag:vRvupS+FtwaaQvaKFyHGAA==,type:str]
lastmodified: "2023-04-03T21:29:19Z"
mac: ENC[AES256_GCM,data:rpUgxzTSUAHjCJKIvCXRGSiJF3G4LyTqQXL1x9yUeEe18WHEBWowllMF4S2sqKDU4WLwElCjz/vU8/W3HjrhHK8DHBRIw+7ztol7e3KZdiRJuj+3yazsxo34DkM4mMvA125llFJhhys3w+9WOrdlY9mVITv8uVfLbSYBDLZ6dAg=,iv:K7QXSE7YixdZcPAJo7vXkPvjFuOzkglIxHQefCFYHig=,tag:7gsDdVKLOvjfTQVU0orreA==,type:str]
pgp:
- created_at: "2022-11-18T16:37:48Z"
enc: |

View file

@ -2,6 +2,7 @@ wg-fsr: ENC[AES256_GCM,data:lowgrdHM,iv:DueIQ7nAFo/5NJrjvMwiUIYBtQ0xks1/DEfQDzgD
postgres_keycloak: ENC[AES256_GCM,data:dHuqrGcrJUE5GZhhWG5a4Ko=,iv:bvbyDXhkovtX5BQKw36WTGyUl3KR0Df2fB5qmMWbqqU=,tag:95XJCjKJjrITsHXK8ABF6A==,type:str]
postgres_hedgedoc: ENC[AES256_GCM,data:XWbf3F1b00RBFS9NXytzVkQ=,iv:dTbRUncYKsqOh0y0MTEJCpPcwfvROkIiO8v9OxZiHPU=,tag:YUxAkmbYKbGdGbIMS/8mOw==,type:str]
postgres_nextcloud: ENC[AES256_GCM,data:ySjpkMh1/6JuU2JwjlJcXh0D,iv:7CWZPjX7NZt4v1V3vbm42Iw7glz5/9F4TK9GUqTNsl8=,tag:701TSuhzyR4AnDHB4bG48Q==,type:str]
postgres_sogo: ENC[AES256_GCM,data:L2n5FxSQ6PPaLecmcg==,iv:9aykDfFp5Ysqpi14J7Aj0w3yeLYHVFdnx7fxCvLqK80=,tag:22VqPcPp/Y57FKM0RmSiiA==,type:str]
nextcloud_adminpass: ENC[AES256_GCM,data:G3FcJIAl0HmpCu4JAXQOZPmWCg==,iv:Bgk7j3EfD9a73hDe93hpzH2uZUcssgVPMxr3nEWvUvQ=,tag:ngBZEBSQHBlWr62dcQdvHA==,type:str]
hedgedoc_session_secret: ENC[AES256_GCM,data:wi2hWcIAU2u2t0hJkSUBI5pp2T29V/M=,iv:Iph099lne6cH6V1gnobcGZl/mfJZiw1bFJMdSTiVsxE=,tag:xGI+S3Uygzmdnmd0l1kCaQ==,type:str]
wg-seckey: ENC[AES256_GCM,data:wuDmkZgUzzK5,iv:sa2I3qVkXWddcZlItfmKj3K5vT10WE/knoVOaA/HrIQ=,tag:SzGnDifhyol63eQKeJevcA==,type:str]
@ -29,8 +30,8 @@ sops:
MERVUkh2ck9YWnJ5TXJDVmxpem1kTXMKCeOyjV/se1nRXsi15m/3i48hP7As6SEk
ygtLt+UueHStX/b/OzrXk8IC5dj/mARGIJI5S61IKln6SZFbJGT6cQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-04-03T21:11:24Z"
mac: ENC[AES256_GCM,data:SheawpXSXX7pWeGwpZkQa4deAI9tdq4hb/Ms2L5TrjimD3CFA+tBGnwZZat7VR/4UQ+8AsReShZwYZR9vhP90NAjlODjaL3GU3bo5+WGT0jfLyEdPmmSnQsv8n2jipKWPZLb6GNBLYNF06p43KyKi7Vl7ie2KSDt6BonZqEo89Q=,iv:Z45sHZv/eIfBf7uE8Vyv7mRdsrdJPj13EoKrSKjW8C0=,tag:PfWEUmLtC6t1gKXJj8y/+Q==,type:str]
lastmodified: "2023-04-03T21:29:36Z"
mac: ENC[AES256_GCM,data:tsnXkf9D/EzNozBWEK8fca0S+vSc4fH0y9KXpjlYtcFkgjSjvuwnlo2tH3stdEAo5odHO/rsW29uCvCDomTHwMUeKWmD7NdUAVbBuUNfl6pl6gll9p+9yfTB5lZH9QpFGnC/6ANbwhLN7vBO5ZCRbfpl5hlIN4iQ25GyiPZ/GCM=,iv:2YWxDXfsonj+Td/ZeEBKZYuDpGktEVYw1LBPxqIyofA=,tag:aaX98g7PtGh5Ob81EWmHcA==,type:str]
pgp:
- created_at: "2022-11-18T16:37:58Z"
enc: |