Skynet/nixos
7
1
Fork 0
Code Issues 45 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Merge branch 'main' of gitlab.com:c2842/computer_society/nixos

Browse source
This commit is contained in:
silver 2023-07-05 18:32:09 +01:00
commit 0d13f47f80
8 changed files with 94 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

53
applications/email.nix
View file

@ -1,6 +1,15 @@
{ config, pkgs, lib, ...}: with lib;
let
cfg = config.services.skynet_email;
# create teh new strings
create_filter_array = map (x: "(memberOf=cn=${x},ou=groups,${cfg.ldap.base})");
create_filter_join = (x: concatStringsSep "" x);
# thought you could escape racket?
create_filter = (groups: create_filter_join (create_filter_array groups) );
in {
imports = [
@ -31,7 +40,7 @@
domain = mkOption {
type = types.str;
default = "ulcompsoc.ie";
default = "skynet.ie";
description = lib.mdDoc "domaino";
};
@ -41,6 +50,19 @@
description = lib.mdDoc "mailserver subdomain";
};
groups = mkOption {
type = types.listOf types.str;
default = [
# general skynet users
"skynet-users"
# C&S folsk get access
"skynet-cns"
# skynet service accounts
"skynet-service"
];
description = lib.mdDoc "Groups we want to allow access to the email";
};
ldap = {
hosts = mkOption {
type = types.listOf types.str;
@ -69,7 +91,6 @@
};
};
};
config = mkIf cfg.enable {
@ -102,12 +123,8 @@
cfg.domain
];
#hierarchySeparator = "/";
# 100MB max size
messageSizeLimit = 100000000;
#localDnsResolver = false;
# 20MB max size
messageSizeLimit = 20000000;
ldap = {
enable = true;
@ -116,37 +133,25 @@
dn = cfg.ldap.bind_dn;
passwordFile = config.age.secrets.ldap_pw.path;
};
searchBase = cfg.ldap.searchBase;
searchScope = "sub";
dovecot = {
#userAttrs = "uidNumber=uid,gidNumber=gid,skMail=mail";
# use the set email account
#userFilter = "(&(memberOf=cn=skynet-users,ou=groups,${cfg.ldap.base}))(uid=%n))";
#userFilter = "(&(objectClass=posixAccount)(uid=%u))";
userFilter = "(skMail=%u)";
# "fix" until userAttrs is fixed
#passAttrs = ''uid=user,userPassword=password
#user_attrs = uidNumber=uid,gidNumber=gid,mail=/var/vmail/%u/%d
#'';
passFilter = "(skMail=%u)";
# accept emails in, but only allow access to paid up members
passFilter = "(&(|${create_filter cfg.groups})(skMail=%u))";
};
postfix = {
filter = "(skMail=%s)";
# these may be reversed???
# https://gist.github.com/calbrecht/bca39174f39a74e52a6d05bf630ad495
filter = "(|(skMail=%s)(uid=%s))";
uidAttribute = "skMail";
mailAttribute = "skMail";
};
};
# feckin spammers
rejectRecipients = [

3
applications/games/minecraft.nix
View file

@ -64,6 +64,7 @@
# gsoc.minecraft.games.skynet.ie
"gsoc.${cfg.domain.sub} CNAME ${cfg.host.name}"
"gsoc_abridged.${cfg.domain.sub} CNAME ${cfg.host.name}"
];
};
@ -107,7 +108,7 @@
ports = [ "25565:25565/tcp" ];
expose = [ "25565" ];
command = [
"--mapping=compsoc_classic.${short_domain}=mc_config:20000,compsoc.${short_domain}=mc_config:20001,gsoc.${short_domain}=mc_config:20002"
"--mapping=compsoc_classic.${short_domain}=mc_config:20000,compsoc.${short_domain}=mc_config:20001,gsoc.${short_domain}=mc_config:20002,gsoc.${short_domain}=mc_config:20002,gsoc_abridged.${short_domain}=mc_config:20003"
];
};

2
applications/restic.nix
View file

@ -39,7 +39,7 @@
{
name = value.config.services.skynet_backup.host.name;
value = base // {
repositoryFile = "${destination}/${value.config.services.skynet_backup.host.name}";
repositoryFile = "/etc/skynet/restic/${value.config.services.skynet_backup.host.name}";
backupPrepareCommand = ''
#!${pkgs.stdenv.shell}