dachxy/nix-conf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Squash merge mail-server into main

Browse source
This commit is contained in:
DACHXY 2025-05-04 03:09:03 +08:00
parent e2c5206369
commit bb3f1b222e
4 changed files with 57 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
system/dev/dn-server/default.nix
View file

@ -18,6 +18,7 @@
./services.nix ./services.nix
./nginx.nix ./nginx.nix
./step-ca.nix ./step-ca.nix
./mail-server.nix
../../modules/presets/minimal.nix ../../modules/presets/minimal.nix
../../modules/bluetooth.nix ../../modules/bluetooth.nix
../../modules/cuda.nix ../../modules/cuda.nix

49
system/dev/dn-server/mail-server.nix Normal file
View file

@ -0,0 +1,49 @@
{
config,
settings,
...
}:
with builtins;
let
interfaces = config.networking.wireguard.interfaces;
allowedIPs = concatLists [
(concatLists (map (interface: interfaces.${interface}.ips) (attrNames interfaces)))
[
"127.0.0.1"
]
];
fqdn = config.networking.fqdn;
# fqdn = "dn-server.daccc.info";
in
{
networking.firewall.allowedTCPPorts = [ 25 ];
services.postfix = {
enable = true;
hostname = fqdn;
origin = fqdn;
networks = allowedIPs;
destination = [
"localhost"
"localhost.${fqdn}"
fqdn
];
postmasterAlias = "root";
rootAlias = settings.personal.username;
extraAliases = ''
mailer-daemon: postmaster
nobody: root
hostmaster: root
usenet: root
news: root
webmaster: root
www: root
ftp: root
abuse: root
noc: root
security: root
'';
};
}

1
system/dev/dn-server/networking.nix
View file

@ -1,6 +1,7 @@
{ ... }: { ... }:
{ {
networking = { networking = {
domain = "net.dn";
networkmanager.enable = true; networkmanager.enable = true;
enableIPv6 = true; enableIPv6 = true;
firewall = { firewall = {

10
system/dev/dn-server/services.nix
View file

@ -68,7 +68,7 @@ let
ip = "10.0.0.1/24"; ip = "10.0.0.1/24";
interface = "wg0"; interface = "wg0";
port = 51820; port = 51820;
domain = "net.dn"; domain = config.networking.domain;
range = "10.0.0.0/24"; range = "10.0.0.0/24";
full = "10.0.0.1/25"; full = "10.0.0.1/25";
restrict = "10.0.0.128/25"; restrict = "10.0.0.128/25";
@ -80,7 +80,7 @@ let
interface = "wg1"; interface = "wg1";
port = 51821; port = 51821;
masterIP = "10.10.0.1"; masterIP = "10.10.0.1";
masterHostname = "api-kube.net.dn"; masterHostname = "api-kube.${config.networking.domain}";
masterAPIServerPort = 6443; masterAPIServerPort = 6443;
}; };
@ -368,6 +368,7 @@ in
serverIP = getCleanAddress personal.ip; serverIP = getCleanAddress personal.ip;
kubeIP = getCleanAddress kube.ip; kubeIP = getCleanAddress kube.ip;
origin = "${personal.domain}."; origin = "${personal.domain}.";
hostname = config.networking.hostName;
in in
pkgs.writeText "db.${personal.domain}" '' pkgs.writeText "db.${personal.domain}" ''
$ORIGIN ${origin} $ORIGIN ${origin}
@ -387,7 +388,7 @@ in
nextcloud IN A ${serverIP} nextcloud IN A ${serverIP}
pre-nextcloud IN A ${serverIP} pre-nextcloud IN A ${serverIP}
ca IN A ${serverIP} ca IN A ${serverIP}
server IN A ${serverIP} ${hostname} IN A ${serverIP}
mail IN A ${serverIP} mail IN A ${serverIP}
api-kube IN A ${kubeIP} api-kube IN A ${kubeIP}
${dnsRecords} ${dnsRecords}
@ -406,6 +407,7 @@ in
let let
serverIP = getSubAddress personal.ip; serverIP = getSubAddress personal.ip;
mailIP = getSubAddress personal.ip; mailIP = getSubAddress personal.ip;
hostname = config.networking.hostName;
in in
pkgs.writeText "${getReverseFilename personal.ip}" '' pkgs.writeText "${getReverseFilename personal.ip}" ''
$TTL 86400 $TTL 86400
@ -418,7 +420,7 @@ in
IN NS dns.${personal.domain}. IN NS dns.${personal.domain}.
${serverIP} IN PTR dns.${personal.domain}. ${serverIP} IN PTR dns.${personal.domain}.
${serverIP} IN PTR server.${personal.domain}. ${serverIP} IN PTR ${hostname}.${personal.domain}.
${serverIP} IN PTR nextcloud.${personal.domain}. ${serverIP} IN PTR nextcloud.${personal.domain}.
${serverIP} IN PTR pre-nextcloud.${personal.domain}. ${serverIP} IN PTR pre-nextcloud.${personal.domain}.
${serverIP} IN PTR ca.${personal.domain}. ${serverIP} IN PTR ca.${personal.domain}.