diff --git a/flake.nix b/flake.nix index 48ea690..9f0c453 100755 --- a/flake.nix +++ b/flake.nix @@ -52,7 +52,6 @@ ./modules/course-management.nix ./modules/gitea.nix { - fsr.domain = "ifsr.de"; sops.defaultSopsFile = ./secrets/quitte.yaml; } ]; diff --git a/hosts/quitte/configuration.nix b/hosts/quitte/configuration.nix index e7f5df1..428e7fe 100644 --- a/hosts/quitte/configuration.nix +++ b/hosts/quitte/configuration.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ pkgs, ... }: { imports = @@ -15,7 +15,6 @@ #boot.supportedFilesystems = [ "zfs" ]; #boot.zfs.devNodes = "/dev/"; - networking.hostName = "quitte"; # Define your hostname. services.qemuGuest.enable = true; # Set your time zone. diff --git a/hosts/quitte/hardware-configuration.nix b/hosts/quitte/hardware-configuration.nix index 0bc9cf4..3c7c759 100644 --- a/hosts/quitte/hardware-configuration.nix +++ b/hosts/quitte/hardware-configuration.nix @@ -1,7 +1,7 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ config, lib, modulesPath, ... }: { imports = diff --git a/hosts/quitte/network.nix b/hosts/quitte/network.nix index 0ecb43f..858f70e 100644 --- a/hosts/quitte/network.nix +++ b/hosts/quitte/network.nix @@ -1,4 +1,4 @@ -{ pkgs, config, lib, ... }: +{ config, ... }: let wireguard_port = 51820; in @@ -11,7 +11,9 @@ in networking = { hostId = "a71c81fc"; - rdns = "quitte.ifsr.de"; + domain = "ifsr.de"; + hostName = "quitte"; + rDNS = config.networking.fqdn; enableIPv6 = true; useDHCP = true; interfaces.ens18.useDHCP = true; diff --git a/modules/bacula.nix b/modules/bacula.nix index 5ba772a..abb6c96 100644 --- a/modules/bacula.nix +++ b/modules/bacula.nix @@ -57,7 +57,7 @@ in ''; extraMessagesConfig = '' director = abel-dir = all, !skipped, !restored - mailcommand = "${bacula_package}/bin/bsmtp -f \"Bacula \" -s \"Bacula report" %r" + mailcommand = "${bacula_package}/bin/bsmtp -f \"Bacula \" -s \"Bacula report" %r" mail = root+backup = all, !skipped ''; director."abel-dir".password = "@${config.sops.secrets."bacula/password".path}"; diff --git a/modules/course-management.nix b/modules/course-management.nix index cd57bc7..88cbc3b 100644 --- a/modules/course-management.nix +++ b/modules/course-management.nix @@ -1,7 +1,6 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: let - # hostName = "kurse.${config.fsr.domain}"; - hostName = "kurse.ifsr.de"; + hostName = "kurse.${config.networking.domain}"; in { sops.secrets = @@ -22,15 +21,15 @@ in adminPassFile = config.sops.secrets."course-management/adminpass".path; admins = [{ name = "Root iFSR"; - email = "root@${config.fsr.domain}"; + email = "root@${config.networking.domain}"; }]; database = { ENGINE = "django.db.backends.postgresql"; NAME = "course-management"; }; email = lib.mkDefault { - fromEmail = "noreply@${config.fsr.domain}"; - serverEmail = "root@${config.fsr.domain}"; + fromEmail = "noreply@${config.networking.domain}"; + serverEmail = "root@${config.networking.domain}"; }; }; }; diff --git a/modules/ftp.nix b/modules/ftp.nix index 125643e..205ed7c 100644 --- a/modules/ftp.nix +++ b/modules/ftp.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: let - domain = "ftp.ifsr.de"; + domain = "ftp.${config.networking.domain}"; in { services.nginx.additionalModules = [ pkgs.nginxModules.fancyindex ]; diff --git a/modules/gitea.nix b/modules/gitea.nix index 0f5a21e..9924f61 100644 --- a/modules/gitea.nix +++ b/modules/gitea.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: let - domain = "git.${config.fsr.domain}"; + domain = "git.${config.networking.domain}"; giteaUser = "git"; in { @@ -38,7 +38,7 @@ in server = { PROTOCOL = "http+unix"; DOMAIN = domain; - SSH_DOMAIN = config.fsr.domain; + SSH_DOMAIN = config.networking.domain; ROOT_URL = "https://${domain}"; OFFLINE_MODE = true; # disable use of CDNs }; @@ -46,7 +46,7 @@ in service = { DISABLE_REGISTRATION = true; ENABLE_NOTIFY_MAIL = true; - NO_REPLY_ADDRESS = "noreply.${config.fsr.domain}"; + NO_REPLY_ADDRESS = "noreply.${config.networking.domain}"; }; "service.explore".DISABLE_USERS_PAGE = true; openid = { @@ -55,7 +55,7 @@ in }; mailer = { ENABLED = true; - FROM = "\"iFSR Git\" "; + FROM = "\"iFSR Git\" "; SMTP_ADDR = "localhost"; SMTP_PORT = 25; }; diff --git a/modules/hedgedoc.nix b/modules/hedgedoc.nix index f811819..bbe2c47 100644 --- a/modules/hedgedoc.nix +++ b/modules/hedgedoc.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: let - domain = "pad.ifsr.de"; + domain = "pad.${config.networking.domain}"; template = pkgs.writeText "hedgedoc-template.md" '' --- tags: listed diff --git a/modules/hydra.nix b/modules/hydra.nix index 6f163b8..8a252d5 100644 --- a/modules/hydra.nix +++ b/modules/hydra.nix @@ -1,6 +1,6 @@ { config, ... }: let - domain = "hydra.ifsr.de"; + domain = "hydra.${config.networking.domain}"; in { sops.secrets."hydra_ldap_search" = { owner = "hydra"; group = "hydra"; mode = "440"; }; diff --git a/modules/kpp.nix b/modules/kpp.nix index 4d1aef5..262da76 100644 --- a/modules/kpp.nix +++ b/modules/kpp.nix @@ -1,6 +1,6 @@ { config, ... }: let - domain = "kpp.ifsr.de"; + domain = "kpp.${config.networking.domain}"; in { services.kpp = { diff --git a/modules/ldap/default.nix b/modules/ldap/default.nix index 933145d..98274df 100644 --- a/modules/ldap/default.nix +++ b/modules/ldap/default.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: let - domain = "auth.${config.fsr.domain}"; + domain = "auth.${config.networking.domain}"; seed = { groups = [ { @@ -55,7 +55,7 @@ in services.portunus = { enable = true; - package = pkgs.portunus.overrideAttrs (old: { + package = pkgs.portunus.overrideAttrs (_old: { patches = [ ./0001-update-user-validation-regex.patch ./0002-both-ldap-and-ldaps.patch diff --git a/modules/mail/default.nix b/modules/mail/default.nix index 7f07dac..992c796 100644 --- a/modules/mail/default.nix +++ b/modules/mail/default.nix @@ -1,8 +1,8 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, ... }: let - hostname = "mail.${config.fsr.domain}"; - domain = config.fsr.domain; - rspamd-domain = "rspamd.${config.fsr.domain}"; + hostname = "mail.${config.networking.domain}"; + domain = config.networking.domain; + rspamd-domain = "rspamd.${config.networking.domain}"; dovecot-ldap-args = pkgs.writeText "ldap-args" '' uris = ldap://localhost dn = uid=search, ou=users, dc=ifsr, dc=de @@ -84,8 +84,7 @@ in config = { home_mailbox = "Maildir/"; # hostname used in helo command. It is recommended to have this match the reverse dns entry - # smtp_helo_name = "x8d1e1ea9.agdsn.tu-dresden.de"; - smtp_helo_name = config.networking.rdns; + smtp_helo_name = config.networking.rDNS; smtp_use_tls = true; # smtp_tls_security_level = "encrypt"; smtpd_use_tls = true; @@ -177,69 +176,65 @@ in pkgs.dovecot_pigeonhole ]; extraConfig = '' - auth_username_format = %Ln - passdb { - driver = ldap - args = ${dovecot-ldap-args} - } - userdb { - driver = ldap - args = ${dovecot-ldap-args} - } - service auth { - unix_listener /var/lib/postfix/auth { - group = postfix - mode = 0660 - user = postfix - } - } - service managesieve-login { - inet_listener sieve { - port = 4190 - } - service_count = 1 - } + auth_username_format = %Ln + passdb { + driver = ldap + args = ${dovecot-ldap-args} + } + userdb { + driver = ldap + args = ${dovecot-ldap-args} + } + service auth { + unix_listener /var/lib/postfix/auth { + group = postfix + mode = 0660 + user = postfix + } + } + service managesieve-login { + inet_listener sieve { + port = 4190 + } + service_count = 1 + } - namespace inbox { - separator = / - inbox = yes - } + namespace inbox { + separator = / + inbox = yes + } - service lmtp { - unix_listener dovecot-lmtp { - group = postfix - mode = 0600 - user = postfix - } - client_limit = 1 - } + service lmtp { + unix_listener dovecot-lmtp { + group = postfix + mode = 0600 + user = postfix + } + client_limit = 1 + } - mail_plugins = $mail_plugins listescape - plugin { - sieve_plugins = sieve_imapsieve sieve_extprograms - sieve_global_extensions = +vnd.dovecot.pipe - sieve_pipe_bin_dir = /etc/dovecot/sieve-pipe + plugin { + sieve_plugins = sieve_imapsieve sieve_extprograms + sieve_global_extensions = +vnd.dovecot.pipe + sieve_pipe_bin_dir = /etc/dovecot/sieve-pipe - # Spam: From elsewhere to Spam folder or flag changed in Spam folder - imapsieve_mailbox1_name = Spam - imapsieve_mailbox1_causes = COPY APPEND FLAG - imapsieve_mailbox1_before = file:/etc/dovecot/sieve/report-spam.sieve + # Spam: From elsewhere to Spam folder or flag changed in Spam folder + imapsieve_mailbox1_name = Spam + imapsieve_mailbox1_causes = COPY APPEND FLAG + imapsieve_mailbox1_before = file:/etc/dovecot/sieve/report-spam.sieve - # Ham: From Spam folder to elsewhere - imapsieve_mailbox2_name = * - imapsieve_mailbox2_from = Spam - imapsieve_mailbox2_causes = COPY - imapsieve_mailbox2_before = file:/etc/dovecot/sieve/report-ham.sieve - - # https://doc.dovecot.org/configuration_manual/plugins/listescape_plugin/ - listescape_char = "\\" - } + # Ham: From Spam folder to elsewhere + imapsieve_mailbox2_name = * + imapsieve_mailbox2_from = Spam + imapsieve_mailbox2_causes = COPY + imapsieve_mailbox2_before = file:/etc/dovecot/sieve/report-ham.sieve + } ''; }; opendkim = { enable = true; - domains = "csl:${config.fsr.domain}"; + domains = "csl:${config.networking.domain}"; selector = config.networking.hostName; configFile = pkgs.writeText "opendkim-config" '' UMask 0117 diff --git a/modules/mailman.nix b/modules/mailman.nix index 182dcc2..efaee90 100644 --- a/modules/mailman.nix +++ b/modules/mailman.nix @@ -7,10 +7,10 @@ services.mailman = { enable = true; serve.enable = true; - webHosts = [ "lists.${config.fsr.domain}" ]; + webHosts = [ "lists.${config.networking.domain}" ]; hyperkitty.enable = true; enablePostfix = true; - siteOwner = "mailman@${config.fsr.domain}"; + siteOwner = "mailman@${config.networking.domain}"; settings = { database = { class = "mailman.database.postgresql.PostgreSQLDatabase"; @@ -58,7 +58,7 @@ ]; ensureDatabases = [ "mailman" "mailmanweb" ]; }; - services.nginx.virtualHosts."lists.${config.fsr.domain}" = { + services.nginx.virtualHosts."lists.${config.networking.domain}" = { enableACME = true; forceSSL = true; }; diff --git a/modules/matrix.nix b/modules/matrix.nix index 120670f..4162020 100644 --- a/modules/matrix.nix +++ b/modules/matrix.nix @@ -1,7 +1,7 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, ... }: let - domainServer = "matrix.staging.ifsr.de"; - domainClient = "chat.staging.ifsr.de"; + domainServer = "matrix.staging.${config.networking.domain}"; + domainClient = "chat.staging.${config.networking.domain}"; clientConfig = { "m.homeserver" = { diff --git a/modules/mautrix-telegram.nix b/modules/mautrix-telegram.nix index 105a7a2..2b96d14 100644 --- a/modules/mautrix-telegram.nix +++ b/modules/mautrix-telegram.nix @@ -1,4 +1,4 @@ -{ config, options, lib, pkgs, ... }: +{ config, lib, pkgs, ... }: let homeserverDomain = config.services.matrix-synapse.settings.server_name; registrationFileSynapse = "/var/lib/matrix-synapse/telegram-registration.yaml"; diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 7a3bdf6..5c21be4 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -1,7 +1,7 @@ { config, pkgs, lib, ... }: let - domain = "nc.staging.ifsr.de"; - legacy_domain = "oc.ifsr.de"; + domain = "nc.staging.${config.networking.domain}"; + legacy_domain = "oc.${config.networking.domain}"; in { sops.secrets = { diff --git a/modules/nginx.nix b/modules/nginx.nix index f320fa9..45cb296 100644 --- a/modules/nginx.nix +++ b/modules/nginx.nix @@ -29,7 +29,7 @@ acceptTerms = true; defaults = { #server = "https://acme-staging-v02.api.letsencrypt.org/directory"; - email = "root@ifsr.de"; + email = "root@${config.networking.domain}"; }; }; security.pam.services.nginx.text = '' diff --git a/modules/options.nix b/modules/options.nix index afe02eb..8a24876 100644 --- a/modules/options.nix +++ b/modules/options.nix @@ -1,17 +1,5 @@ -{ config, lib, ... }: with lib; { - options.fsr = { - enable_office_bloat = mkOption { - type = types.bool; - default = false; - description = "install heavy office bloat like texlive, okular, ..."; - }; - domain = mkOption { - type = types.str; - default = "ifsr.de"; - description = "under which top level domain the services should run"; - }; - }; - options.networking.rdns = mkOption { +{ lib, ... }: with lib; { + options.networking.rDNS = mkOption { type = types.str; default = networking.fqdn; description = "The reverse dns record known to be set for this host."; diff --git a/modules/padlist.nix b/modules/padlist.nix index ccd6890..53b2557 100644 --- a/modules/padlist.nix +++ b/modules/padlist.nix @@ -1,7 +1,7 @@ # php pad lister tool written by jonas { pkgs, config, lib, ... }: let - domain = "list.pad.ifsr.de"; + domain = "list.pad.${config.networking.domain}"; in { services.phpfpm.pools.padlist = { diff --git a/modules/sogo.nix b/modules/sogo.nix index a8a2fd3..8b2490b 100644 --- a/modules/sogo.nix +++ b/modules/sogo.nix @@ -1,7 +1,6 @@ -{ config, pkgs, lib, ... }: +{ config, lib, ... }: let - sogo-hostname = "mail.${config.fsr.domain}"; - domain = config.fsr.domain; + sogo-hostname = "mail.${config.networking.domain}"; in { sops.secrets = { diff --git a/modules/sops.nix b/modules/sops.nix index 837fa32..d34979f 100644 --- a/modules/sops.nix +++ b/modules/sops.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ ... }: { sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.age.generateKey = false; diff --git a/modules/stream.nix b/modules/stream.nix index 064e7d5..3227e45 100644 --- a/modules/stream.nix +++ b/modules/stream.nix @@ -1,10 +1,9 @@ -{ pkgs, config, ... }: +{ config, ... }: { services = { nginx = { virtualHosts = { - # "stream.${config.fsr.domain}" = { - "stream.ifsr.de" = { + "stream.${config.networking.domain}" = { enableACME = true; forceSSL = true; locations."/" = @@ -17,13 +16,6 @@ }; }; }; - #streamConfig = '' - # server { - # listen 1935; - # proxy_pass [::1]:1935; - # proxy_buffer_size 32k; - #} - #''; }; owncast = { enable = true; diff --git a/modules/userdir.nix b/modules/userdir.nix index a0d9322..16a8d27 100644 --- a/modules/userdir.nix +++ b/modules/userdir.nix @@ -1,6 +1,6 @@ -{ config, lib, pkgs, ... }: +{ config, ... }: let - domain = "users.${config.fsr.domain}"; + domain = "users.${config.networking.domain}"; port = 8083; apacheUser = config.services.httpd.user; in diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix index 041021c..3ec5e09 100644 --- a/modules/vaultwarden.nix +++ b/modules/vaultwarden.nix @@ -1,6 +1,6 @@ { config, ... }: let - domain = "vault.ifsr.de"; + domain = "vault.${config.networking.domain}"; in { sops.secrets."vaultwarden_env".owner = "vaultwarden"; @@ -16,7 +16,7 @@ in smtpHost = "127.0.0.1"; smtpPort = 25; smtpSSL = false; - smtpFrom = "noreply@${config.fsr.domain}"; + smtpFrom = "noreply@${config.networking.domain}"; smtpFromName = "iFSR Vaultwarden"; }; }; diff --git a/modules/website.nix b/modules/website.nix index c3d24c4..d6e8339 100644 --- a/modules/website.nix +++ b/modules/website.nix @@ -31,13 +31,13 @@ in services.nginx = { - virtualHosts."www.${config.fsr.domain}" = { + virtualHosts."www.${config.networking.domain}" = { enableACME = true; forceSSL = true; locations."/".return = "301 $scheme://ifsr.de$request_uri"; }; - virtualHosts."${config.fsr.domain}" = { + virtualHosts."${config.networking.domain}" = { enableACME = true; forceSSL = true; root = "/srv/web/ifsrde"; diff --git a/modules/wiki.nix b/modules/wiki.nix index c67297c..1c82037 100644 --- a/modules/wiki.nix +++ b/modules/wiki.nix @@ -1,6 +1,6 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, ... }: let - domain = "wiki.ifsr.de"; + domain = "wiki.${config.networking.domain}"; listenPort = 8080; in {