2023-09-17 20:31:04 +02:00
27 changed files with 54 additions and 77 deletions
--- a/flake.nix
+++ b/flake.nix
@ -52,7 +52,6 @@
            ./modules/course-management.nix
            ./modules/gitea.nix
            {
              fsr.domain = "ifsr.de";
              sops.defaultSopsFile = ./secrets/quitte.yaml;
            }
          ];
--- a/hosts/quitte/configuration.nix
+++ b/hosts/quitte/configuration.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
 {
  imports =
@ -15,7 +15,6 @@
  #boot.supportedFilesystems = [ "zfs" ];
  #boot.zfs.devNodes = "/dev/";
  networking.hostName = "quitte"; # Define your hostname.
  services.qemuGuest.enable = true;
  # Set your time zone.
--- a/hosts/quitte/hardware-configuration.nix
+++ b/hosts/quitte/hardware-configuration.nix
@ -1,7 +1,7 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{ config, lib, modulesPath, ... }:
 {
  imports =
--- a/hosts/quitte/network.nix
+++ b/hosts/quitte/network.nix
@ -1,4 +1,4 @@
-{ pkgs, config, lib, ... }:
+{ config, ... }:
 let
  wireguard_port = 51820;
 in
@ -11,7 +11,9 @@ in
  networking = {
    hostId = "a71c81fc";
-    rdns = "quitte.ifsr.de";
+    domain = "ifsr.de";
    hostName = "quitte";
    rDNS = config.networking.fqdn;
    enableIPv6 = true;
    useDHCP = true;
    interfaces.ens18.useDHCP = true;
--- a/modules/bacula.nix
+++ b/modules/bacula.nix
@ -57,7 +57,7 @@ in
    '';
    extraMessagesConfig = ''
      director = abel-dir = all, !skipped, !restored
-      mailcommand = "${bacula_package}/bin/bsmtp -f \"Bacula <bacula@${config.fsr.domain}>\" -s \"Bacula report" %r"
+      mailcommand = "${bacula_package}/bin/bsmtp -f \"Bacula <bacula@${config.networking.domain}>\" -s \"Bacula report" %r"
      mail = root+backup = all, !skipped
    '';
    director."abel-dir".password = "@${config.sops.secrets."bacula/password".path}";
--- a/modules/course-management.nix
+++ b/modules/course-management.nix
@ -1,7 +1,6 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
 let
-  # hostName = "kurse.${config.fsr.domain}";
+  hostName = "kurse.${config.networking.domain}";
  hostName = "kurse.ifsr.de";
 in
 {
  sops.secrets =
@ -22,15 +21,15 @@ in
      adminPassFile = config.sops.secrets."course-management/adminpass".path;
      admins = [{
        name = "Root iFSR";
-        email = "root@${config.fsr.domain}";
+        email = "root@${config.networking.domain}";
      }];
      database = {
        ENGINE = "django.db.backends.postgresql";
        NAME = "course-management";
      };
      email = lib.mkDefault {
-        fromEmail = "noreply@${config.fsr.domain}";
+        fromEmail = "noreply@${config.networking.domain}";
-        serverEmail = "root@${config.fsr.domain}";
+        serverEmail = "root@${config.networking.domain}";
      };
    };
  };
--- a/modules/ftp.nix
+++ b/modules/ftp.nix
@ -1,6 +1,6 @@
 { config, pkgs, ... }:
 let
-  domain = "ftp.ifsr.de";
+  domain = "ftp.${config.networking.domain}";
 in
 {
  services.nginx.additionalModules = [ pkgs.nginxModules.fancyindex ];
--- a/modules/gitea.nix
+++ b/modules/gitea.nix
@ -1,6 +1,6 @@
 { config, lib, pkgs, ... }:
 let
-  domain = "git.${config.fsr.domain}";
+  domain = "git.${config.networking.domain}";
  giteaUser = "git";
 in
 {
@ -38,7 +38,7 @@ in
      server = {
        PROTOCOL = "http+unix";
        DOMAIN = domain;
-        SSH_DOMAIN = config.fsr.domain;
+        SSH_DOMAIN = config.networking.domain;
        ROOT_URL = "https://${domain}";
        OFFLINE_MODE = true; # disable use of CDNs
      };
@ -46,7 +46,7 @@ in
      service = {
        DISABLE_REGISTRATION = true;
        ENABLE_NOTIFY_MAIL = true;
-        NO_REPLY_ADDRESS = "noreply.${config.fsr.domain}";
+        NO_REPLY_ADDRESS = "noreply.${config.networking.domain}";
      };
      "service.explore".DISABLE_USERS_PAGE = true;
      openid = {
@ -55,7 +55,7 @@ in
      };
      mailer = {
        ENABLED = true;
-        FROM = "\"iFSR Git\" <git@${config.fsr.domain}>";
+        FROM = "\"iFSR Git\" <git@${config.networking.domain}>";
        SMTP_ADDR = "localhost";
        SMTP_PORT = 25;
      };
--- a/modules/hedgedoc.nix
+++ b/modules/hedgedoc.nix
@ -1,6 +1,6 @@
 { config, pkgs, lib, ... }:
 let
-  domain = "pad.ifsr.de";
+  domain = "pad.${config.networking.domain}";
  template = pkgs.writeText "hedgedoc-template.md" ''
    ---
    tags: listed
--- a/modules/hydra.nix
+++ b/modules/hydra.nix
@ -1,6 +1,6 @@
 { config, ... }:
 let
-  domain = "hydra.ifsr.de";
+  domain = "hydra.${config.networking.domain}";
 in
 {
  sops.secrets."hydra_ldap_search" = { owner = "hydra"; group = "hydra"; mode = "440"; };
--- a/modules/kpp.nix
+++ b/modules/kpp.nix
@ -1,6 +1,6 @@
 { config, ... }:
 let
-  domain = "kpp.ifsr.de";
+  domain = "kpp.${config.networking.domain}";
 in
 {
  services.kpp = {
--- a/modules/ldap/default.nix
+++ b/modules/ldap/default.nix
@ -1,6 +1,6 @@
 { config, lib, pkgs, ... }:
 let
-  domain = "auth.${config.fsr.domain}";
+  domain = "auth.${config.networking.domain}";
  seed = {
    groups = [
      {
@ -55,7 +55,7 @@ in
  services.portunus = {
    enable = true;
-    package = pkgs.portunus.overrideAttrs (old: {
+    package = pkgs.portunus.overrideAttrs (_old: {
      patches = [
        ./0001-update-user-validation-regex.patch
        ./0002-both-ldap-and-ldaps.patch
--- a/modules/mail/default.nix
+++ b/modules/mail/default.nix
@ -1,8 +1,8 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, ... }:
 let
-  hostname = "mail.${config.fsr.domain}";
+  hostname = "mail.${config.networking.domain}";
-  domain = config.fsr.domain;
+  domain = config.networking.domain;
-  rspamd-domain = "rspamd.${config.fsr.domain}";
+  rspamd-domain = "rspamd.${config.networking.domain}";
  dovecot-ldap-args = pkgs.writeText "ldap-args" ''
    uris = ldap://localhost
    dn = uid=search, ou=users, dc=ifsr, dc=de
@ -84,8 +84,7 @@ in
      config = {
        home_mailbox = "Maildir/";
        # hostname used in helo command. It is recommended to have this match the reverse dns entry
-        # smtp_helo_name = "x8d1e1ea9.agdsn.tu-dresden.de";
+        smtp_helo_name = config.networking.rDNS;
        smtp_helo_name = config.networking.rdns;
        smtp_use_tls = true;
        # smtp_tls_security_level = "encrypt";
        smtpd_use_tls = true;
@ -235,7 +234,7 @@ in
    };
    opendkim = {
      enable = true;
-      domains = "csl:${config.fsr.domain}";
+      domains = "csl:${config.networking.domain}";
      selector = config.networking.hostName;
      configFile = pkgs.writeText "opendkim-config" ''
        UMask 0117
--- a/modules/mailman.nix
+++ b/modules/mailman.nix
@ -7,10 +7,10 @@
  services.mailman = {
    enable = true;
    serve.enable = true;
-    webHosts = [ "lists.${config.fsr.domain}" ];
+    webHosts = [ "lists.${config.networking.domain}" ];
    hyperkitty.enable = true;
    enablePostfix = true;
-    siteOwner = "mailman@${config.fsr.domain}";
+    siteOwner = "mailman@${config.networking.domain}";
    settings = {
      database = {
        class = "mailman.database.postgresql.PostgreSQLDatabase";
@ -58,7 +58,7 @@
    ];
    ensureDatabases = [ "mailman" "mailmanweb" ];
  };
-  services.nginx.virtualHosts."lists.${config.fsr.domain}" = {
+  services.nginx.virtualHosts."lists.${config.networking.domain}" = {
    enableACME = true;
    forceSSL = true;
  };
--- a/modules/matrix.nix
+++ b/modules/matrix.nix
@ -1,7 +1,7 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, ... }:
 let
-  domainServer = "matrix.staging.ifsr.de";
+  domainServer = "matrix.staging.${config.networking.domain}";
-  domainClient = "chat.staging.ifsr.de";
+  domainClient = "chat.staging.${config.networking.domain}";
  clientConfig = {
    "m.homeserver" = {
--- a/modules/mautrix-telegram.nix
+++ b/modules/mautrix-telegram.nix
@ -1,4 +1,4 @@
-{ config, options, lib, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 let
  homeserverDomain = config.services.matrix-synapse.settings.server_name;
  registrationFileSynapse = "/var/lib/matrix-synapse/telegram-registration.yaml";
--- a/modules/nextcloud.nix
+++ b/modules/nextcloud.nix
@ -1,7 +1,7 @@
 { config, pkgs, lib, ... }:
 let
-  domain = "nc.staging.ifsr.de";
+  domain = "nc.staging.${config.networking.domain}";
-  legacy_domain = "oc.ifsr.de";
+  legacy_domain = "oc.${config.networking.domain}";
 in
 {
  sops.secrets = {
--- a/modules/nginx.nix
+++ b/modules/nginx.nix
@ -29,7 +29,7 @@
    acceptTerms = true;
    defaults = {
      #server = "https://acme-staging-v02.api.letsencrypt.org/directory";
-      email = "root@ifsr.de";
+      email = "root@${config.networking.domain}";
    };
  };
  security.pam.services.nginx.text = ''
--- a/modules/options.nix
+++ b/modules/options.nix
@ -1,17 +1,5 @@
-{ config, lib, ... }: with lib; {
+{ lib, ... }: with lib; {
-  options.fsr = {
+  options.networking.rDNS = mkOption {
    enable_office_bloat = mkOption {
      type = types.bool;
      default = false;
      description = "install heavy office bloat like texlive, okular, ...";
    };
    domain = mkOption {
      type = types.str;
      default = "ifsr.de";
      description = "under which top level domain the services should run";
    };
  };
  options.networking.rdns = mkOption {
    type = types.str;
    default = networking.fqdn;
    description = "The reverse dns record known to be set for this host.";
--- a/modules/padlist.nix
+++ b/modules/padlist.nix
@ -1,7 +1,7 @@
 # php pad lister tool written by jonas
 { pkgs, config, lib, ... }:
 let
-  domain = "list.pad.ifsr.de";
+  domain = "list.pad.${config.networking.domain}";
 in
 {
  services.phpfpm.pools.padlist = {
--- a/modules/sogo.nix
+++ b/modules/sogo.nix
@ -1,7 +1,6 @@
-{ config, pkgs, lib, ... }:
+{ config, lib, ... }:
 let
-  sogo-hostname = "mail.${config.fsr.domain}";
+  sogo-hostname = "mail.${config.networking.domain}";
  domain = config.fsr.domain;
 in
 {
  sops.secrets = {
--- a/modules/sops.nix
+++ b/modules/sops.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ ... }:
 {
  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
  sops.age.generateKey = false;
--- a/modules/stream.nix
+++ b/modules/stream.nix
@ -1,10 +1,9 @@
-{ pkgs, config, ... }:
+{ config, ... }:
 {
  services = {
    nginx = {
      virtualHosts = {
-        # "stream.${config.fsr.domain}" = {
+        "stream.${config.networking.domain}" = {
        "stream.ifsr.de" = {
          enableACME = true;
          forceSSL = true;
          locations."/" =
@ -17,13 +16,6 @@
            };
        };
      };
      #streamConfig = ''
      #  server {
      #  listen            1935;
      #  proxy_pass        [::1]:1935;
      #  proxy_buffer_size 32k;
      #}
      #'';
    };
    owncast = {
      enable = true;
--- a/modules/userdir.nix
+++ b/modules/userdir.nix
@ -1,6 +1,6 @@
-{ config, lib, pkgs, ... }:
+{ config, ... }:
 let
-  domain = "users.${config.fsr.domain}";
+  domain = "users.${config.networking.domain}";
  port = 8083;
  apacheUser = config.services.httpd.user;
 in
--- a/modules/vaultwarden.nix
+++ b/modules/vaultwarden.nix
@ -1,6 +1,6 @@
 { config, ... }:
 let
-  domain = "vault.ifsr.de";
+  domain = "vault.${config.networking.domain}";
 in
 {
  sops.secrets."vaultwarden_env".owner = "vaultwarden";
@ -16,7 +16,7 @@ in
      smtpHost = "127.0.0.1";
      smtpPort = 25;
      smtpSSL = false;
-      smtpFrom = "noreply@${config.fsr.domain}";
+      smtpFrom = "noreply@${config.networking.domain}";
      smtpFromName = "iFSR Vaultwarden";
    };
  };
--- a/modules/website.nix
+++ b/modules/website.nix
@ -31,13 +31,13 @@ in
  services.nginx = {
-    virtualHosts."www.${config.fsr.domain}" = {
+    virtualHosts."www.${config.networking.domain}" = {
      enableACME = true;
      forceSSL = true;
      locations."/".return = "301 $scheme://ifsr.de$request_uri";
    };
-    virtualHosts."${config.fsr.domain}" = {
+    virtualHosts."${config.networking.domain}" = {
      enableACME = true;
      forceSSL = true;
      root = "/srv/web/ifsrde";
--- a/modules/wiki.nix
+++ b/modules/wiki.nix
@ -1,6 +1,6 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, ... }:
 let
-  domain = "wiki.ifsr.de";
+  domain = "wiki.${config.networking.domain}";
  listenPort = 8080;
 in
 {