From 9d6c8cc6384a9574e1e30dd1b39e0e180367d288 Mon Sep 17 00:00:00 2001 From: Illia Chub Date: Tue, 23 Mar 2021 14:51:28 +0200 Subject: [PATCH 1/9] Added mountpoint definition for volumes --- nixos-infect | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/nixos-infect b/nixos-infect index 0e1d2c5..a8a353d 100755 --- a/nixos-infect +++ b/nixos-infect @@ -127,7 +127,10 @@ EOF { imports = [ ]; boot.loader.grub.device = "$grubdev"; - fileSystems."/" = { device = "$rootfsdev"; fsType = "ext4"; }; + fileSystems = { + "/" = { device = "$rootfsdev"; fsType = "ext4"; }; + "/var" = { device = "/dev/sdb"; fsType = "ext4" }; + }; } EOF From cfdee451dd1f84094378d1a93d5f6b8046e4de2f Mon Sep 17 00:00:00 2001 From: Illia Chub Date: Wed, 31 Mar 2021 10:47:21 +0300 Subject: [PATCH 2/9] Added certificate resolution redundancy. Implemented nginx config reload on resolve success --- nixos-infect | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/nixos-infect b/nixos-infect index a8a353d..f61e0e7 100755 --- a/nixos-infect +++ b/nixos-infect @@ -48,6 +48,7 @@ makeConf() { ./social/pleroma-module.nix ./social/pleroma.nix ./letsencrypt/acme.nix + ./letsencrypt/resolve.nix ./backup/restic.nix ./passmgr/bitwarden.nix ./webserver/nginx.nix @@ -254,6 +255,27 @@ EOF }; }; } +EOF + cat > /etc/nixos/letsencrypt/resolve.nix << EOF +{ pkgs, ... }: +{ + systemd = { + services = { + "acme-$DOMAIN" = { + serviceConfig = { + StartLimitBurst = 5; + StartLimitIntervalSec = 5; + Restart = "on-failure"; + }; + }; + "nginx-config-reload" = { + serviceConfig = { + After = [ "acme-$DOMAIN.service" ]; + }; + }; + }; + }; +} EOF cat > /etc/nixos/backup/restic.nix << EOF @@ -311,6 +333,7 @@ EOF { services.nginx = { enable = true; + enableReload = true; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; From 5d2b8a69245fa36612306abe24d2f4c757aaaf52 Mon Sep 17 00:00:00 2001 From: Illia Chub Date: Wed, 31 Mar 2021 12:03:07 +0300 Subject: [PATCH 3/9] Fixed syntax error during volume configuration --- nixos-infect | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos-infect b/nixos-infect index f61e0e7..ee6a940 100755 --- a/nixos-infect +++ b/nixos-infect @@ -130,7 +130,7 @@ EOF boot.loader.grub.device = "$grubdev"; fileSystems = { "/" = { device = "$rootfsdev"; fsType = "ext4"; }; - "/var" = { device = "/dev/sdb"; fsType = "ext4" }; + "/var" = { device = "/dev/sdb"; fsType = "ext4"; }; }; } EOF From 16434502d0f3c32564713185cfeaf9b564198292 Mon Sep 17 00:00:00 2001 From: Illia Chub Date: Fri, 9 Apr 2021 16:46:32 +0300 Subject: [PATCH 4/9] Added Webmail service --- nixos-infect | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/nixos-infect b/nixos-infect index ee6a940..4082940 100755 --- a/nixos-infect +++ b/nixos-infect @@ -42,6 +42,7 @@ makeConf() { $NIXOS_IMPORT ./files.nix ./mailserver/system/mailserver.nix + ./mailserver/system/alps.nix ./vpn/ocserv.nix ./api/api.nix ./api/api-module.nix @@ -1053,6 +1054,57 @@ config :pleroma, :http_security, config :pleroma, configurable_from_database: false +EOF + +cat > /etc/nixos/mailserver/system/alps.nix << EOF +{ pkgs, lib, fetchgit, buildGoModule, ... }: { + nixpkgs.overlays = + [ (self: super: { alps = self.callPackage ./alps-package.nix { }; }) ]; + + systemd.services = { + alps = { + path = [ pkgs.alps pkgs.coreutils ]; + serviceConfig = { + ExecStart = + "\${pkgs.alps}/bin/alps -theme sourcehut imaps://$DOMAIN:993 smtps://$DOMAIN:465"; + WorkingDirectory = "\${pkgs.alps}/bin"; + }; + }; + }; +} +EOF + +cat > /etc/nixos/mailserver/system/alps-package.nix << EOF +{ lib, fetchgit, buildGoModule, ... }: +buildGoModule rec { + pname = "alps"; + version = "v1.0.0"; # latest available tag at the moment + + src = fetchGit { + url = "https://git.selfprivacy.org/ilchub/selfprivacy-alps"; + rev = "dc2109ca2fdabfbda5d924faa4947f5694d5d758"; + }; + + vendorSha256 = "0bqg0qjam4mvh07wfil6l5spz32mk5a7kfxxnwfyva805pzmn6dk"; + + deleteVendor = false; + runVend = true; + + buildPhase = '' + go build ./cmd/alps + ''; + + installPhase = '' + mkdir -p $out/bin + cp -r * $out/bin + ''; + + meta = with lib; { + description = "Webmail application for the dovecot/postfix mailserver"; + homepage = "https://git.selfprivacy.org/ilchub/selfprivacy-alps"; + license = licenses.mit; + }; +} EOF [[ -n "$doNetConf" ]] && makeNetworkingConf || true From 868f506c99c05a6457d8d2a7639c598c49cd80b6 Mon Sep 17 00:00:00 2001 From: Illia Chub Date: Fri, 9 Apr 2021 16:48:30 +0300 Subject: [PATCH 5/9] Fixed special character escaping for webmail package --- nixos-infect | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos-infect b/nixos-infect index 4082940..f7a54fb 100755 --- a/nixos-infect +++ b/nixos-infect @@ -1095,8 +1095,8 @@ buildGoModule rec { ''; installPhase = '' - mkdir -p $out/bin - cp -r * $out/bin + mkdir -p \$out/bin + cp -r * \$out/bin ''; meta = with lib; { From 3e75d5ef4ae4905590cc8d4c31a2784eff0fe4ae Mon Sep 17 00:00:00 2001 From: Illia Chub Date: Fri, 9 Apr 2021 16:54:35 +0300 Subject: [PATCH 6/9] Unfiltered ports, required for SMTP/IMAP SSL --- nixos-infect | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos-infect b/nixos-infect index f7a54fb..8134782 100755 --- a/nixos-infect +++ b/nixos-infect @@ -64,7 +64,7 @@ makeConf() { networking = { hostName = "$(hostname)"; firewall = { - allowedTCPPorts = lib.mkForce [ 22 25 80 143 443 587 8443 ]; + allowedTCPPorts = lib.mkForce [ 22 25 80 143 443 465 587 993 8443 ]; allowedUDPPorts = lib.mkForce [ 8443 ]; }; }; From 19f2d0117d577e136327cf237a44f4066a0361a7 Mon Sep 17 00:00:00 2001 From: Illia Chub Date: Fri, 16 Apr 2021 01:33:45 +0300 Subject: [PATCH 7/9] Fixed Pleroma deployment error --- nixos-infect | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos-infect b/nixos-infect index 8134782..9f3e622 100755 --- a/nixos-infect +++ b/nixos-infect @@ -993,7 +993,7 @@ cat > /etc/nixos/social/pleroma.nix << EOF initialScript = "/etc/setup.psql"; }; }; - environment.etc."pleroma_setup.psql".text = '' + environment.etc."setup.psql".text = '' CREATE USER pleroma WITH ENCRYPTED PASSWORD '$DB_PASSWORD'; CREATE DATABASE pleroma OWNER pleroma; \\c pleroma; @@ -1013,7 +1013,7 @@ import Config config :pleroma, Pleroma.Web.Endpoint, url: [host: "social.$DOMAIN", scheme: "https", port: 443], - http: [ip: {127, 0, 0, 1}, port: 4000], + http: [ip: {127, 0, 0, 1}, port: 4000] #secret_key_base: "", #signing_salt: "" @@ -1038,7 +1038,7 @@ config :pleroma, Pleroma.Repo, hostname: "localhost", pool_size: 10 -config :web_push_encryption, :vapid_details, +#config :web_push_encryption, :vapid_details, #subject: "", #public_key: "", #private_key: "" From 29ffe7ffb53602835ea3a4736a3792f375108fdc Mon Sep 17 00:00:00 2001 From: Illia Chub Date: Fri, 16 Apr 2021 12:54:27 +0300 Subject: [PATCH 8/9] Upgraded Pleroma OTP to 2.3.0 --- nixos-infect | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos-infect b/nixos-infect index 9f3e622..72f3bd4 100755 --- a/nixos-infect +++ b/nixos-infect @@ -785,11 +785,11 @@ stdenv.mkDerivation { # https://git.pleroma.social/pleroma/pleroma/-/tree/stable src = { aarch64-linux = fetchurl { - url = "https://git.pleroma.social/pleroma/pleroma/-/jobs/175288/artifacts/download"; - sha256 = "107kp5zqwq1lixk1cwkx4v7zpm0h248xzlm152aj36ghb43j2snw"; + url = "https://git.pleroma.social/pleroma/pleroma/-/jobs/182392/artifacts/download"; + sha256 = "1drpd6xh7m2damxi5impb8jwvjl6m3qv5yxynl12i8g66vi3rbwf"; }; x86_64-linux = fetchurl { - url = "https://git.pleroma.social/pleroma/pleroma/-/jobs/175284/artifacts/download"; + url = "https://git.pleroma.social/pleroma/pleroma/-/jobs/182388/artifacts/download"; sha256 = "1c6l04gga9iigm249ywwcrjg6wzy8iiid652mws3j9dnl71w2sim"; }; }."\${stdenv.hostPlatform.system}"; From bf09bfd3a8de3056e239182be7cfe73eae51d337 Mon Sep 17 00:00:00 2001 From: Illia Chub Date: Fri, 16 Apr 2021 12:55:13 +0300 Subject: [PATCH 9/9] Incremented Pleroma package version --- nixos-infect | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos-infect b/nixos-infect index 72f3bd4..39742a5 100755 --- a/nixos-infect +++ b/nixos-infect @@ -778,7 +778,7 @@ cat > /etc/nixos/social/pleroma-package.nix << EOF }: stdenv.mkDerivation { pname = "pleroma-otp"; - version = "2.2.2"; + version = "2.3.0"; # To find the latest binary release stable link, have a look at # the CI pipeline for the latest commit of the stable branch