From cc3d1e4d5eb0e287c8619b62fd449f30aa74afc1 Mon Sep 17 00:00:00 2001
From: Illia Chub <dragonhaze@localhost.localdomain>
Date: Mon, 21 Jun 2021 13:24:50 +0300
Subject: [PATCH 01/11] Added more advanced and flexible users management.
 Upgraded NixOS to 21.05

---
 nixos-infect | 27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/nixos-infect b/nixos-infect
index 9cafdd8..b7705f2 100755
--- a/nixos-infect
+++ b/nixos-infect
@@ -42,6 +42,7 @@ makeConf() {
     $network_import
     $NIXOS_IMPORT
     ./files.nix
+    ./users.nix
     ./mailserver/system/mailserver.nix
     ./mailserver/system/alps.nix
     ./vpn/ocserv.nix
@@ -92,7 +93,7 @@ makeConf() {
   };
   system.autoUpgrade.enable = true;
   system.autoUpgrade.allowReboot = false;
-  system.autoUpgrade.channel = https://nixos.org/channels/nixos-20.09-small;
+  system.autoUpgrade.channel = https://nixos.org/channels/nixos-21.05-small;
   nix = {
     optimise.automatic = true;
     gc = {
@@ -115,13 +116,6 @@ makeConf() {
       enable = true;
     };
   };
-  users.mutableUsers = false;
-  users.users = {
-    "$LUSER" = {
-      isNormalUser = true;
-      hashedPassword = "$HASHED_PASSWORD";
-    };
-  };
 }
 EOF
   # If you rerun this later, be sure to prune the filesSystems attr
@@ -173,6 +167,23 @@ EOF
         "f /var/cloudflareCredentials.ini 0440 nginx acmerecievers - \${cloudflareCredentials}"
       ];
 }
+EOF
+
+    cat > /etc/nixos/users.nix << EOF
+{ pkgs, ... }:
+{
+  users.mutableUsers = false;
+  users = { 
+    users = {
+      #begin
+      "$LUSER" = {
+        isNormalUser = true;
+        hashedPassword = "$HASHED_PASSWORD";
+      };
+      #end
+    };
+  };
+}
 EOF
 
     cat > /etc/nixos/mailserver/system/mailserver.nix << EOF

From ccea111f26ec01fe13b2454ff777c55cba4c537e Mon Sep 17 00:00:00 2001
From: Illia Chub <dragonhaze@localhost.localdomain>
Date: Wed, 23 Jun 2021 18:39:12 +0300
Subject: [PATCH 02/11] Updated SelfPrivacy REST API version

---
 nixos-infect | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos-infect b/nixos-infect
index b7705f2..9c6d38b 100755
--- a/nixos-infect
+++ b/nixos-infect
@@ -661,7 +661,7 @@ let
       version = "1.0";
       src = builtins.fetchGit {
         url = "https://git.selfprivacy.org/ilchub/selfprivacy-rest-api.git";
-        rev = "d7a6b3ca12d936165a4fc1c6265a2dfc3fd6229e";
+        rev = "2885fe4356cf257ba5d64b9bad091aceba104883";
       };
       propagatedBuildInputs = [ flask flask-restful pandas ];
       meta = {

From b660f8a9c061544a8e961309d258220735e8c8c9 Mon Sep 17 00:00:00 2001
From: Illia Chub <dragonhaze@localhost.localdomain>
Date: Wed, 7 Jul 2021 20:24:47 +0300
Subject: [PATCH 03/11] Removed module declaration

---
 nixos-infect | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/nixos-infect b/nixos-infect
index 9c6d38b..d5d8de0 100755
--- a/nixos-infect
+++ b/nixos-infect
@@ -48,7 +48,7 @@ makeConf() {
     ./vpn/ocserv.nix
     ./api/api.nix
     ./api/api-module.nix
-    ./social/pleroma-module.nix
+    #./social/pleroma-module.nix
     ./social/pleroma.nix
     ./letsencrypt/acme.nix
     ./letsencrypt/resolve.nix
@@ -203,6 +203,13 @@ EOF
     enablePAM = lib.mkForce true;
     showPAMFailure = lib.mkForce true;
   };
+
+  users.users = {
+    virtualMail = {
+      isNormalUser = false;
+    };
+  };
+
   mailserver = {
     enable = true;
     fqdn = "$DOMAIN";
@@ -314,6 +321,7 @@ EOF
   };
   users.users.restic = {
     isNormalUser = false;
+    isSystemUser = true;
   };
   environment.etc."restic/resticPasswd".text = ''
 $PASSWORD
@@ -733,6 +741,7 @@ cat > /etc/nixos/vpn/ocserv.nix << EOF
   };
   users.users.ocserv = {
     isNormalUser = false;
+    isSystemUser = true;
     extraGroups = [ "ocserv" "acmerecievers" ];
   };
   services.ocserv = {

From a74faa6bada7f4596ba17cce57647dfd58abf5a2 Mon Sep 17 00:00:00 2001
From: Illia Chub <mail@ilchub.net>
Date: Mon, 26 Jul 2021 11:34:51 +0300
Subject: [PATCH 04/11] Fixed path for the SelfPrivacy API service

---
 nixos-infect | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)
 mode change 100755 => 100644 nixos-infect

diff --git a/nixos-infect b/nixos-infect
old mode 100755
new mode 100644
index d5d8de0..bbef1bb
--- a/nixos-infect
+++ b/nixos-infect
@@ -207,6 +207,7 @@ EOF
   users.users = {
     virtualMail = {
       isNormalUser = false;
+      isSystemUser = true;
     };
   };
 
@@ -648,6 +649,7 @@ cat > /etc/nixos/api/api.nix << EOF
 
   users.users."selfprivacy-api" = {
     isNormalUser = false;
+    isSystemUser = true;
     extraGroups = [ "opendkim" ];
   };
   users.groups."selfprivacy-api" = {
@@ -712,18 +714,11 @@ in
       environment = {
         PYTHONUNBUFFERED = "1";
       };
-      path = [ "/var/" "/var/dkim/" ];
+      path = [ "/var/" "/var/dkim/" pkgs.coreutils pkgs.gnutar pkgs.xz.bin pkgs.gzip pkgs.gitMinimal pkgs.config.nix.package.out ];
       after = [ "network-online.target" ];
       wantedBy = [ "network-online.target" ];
       serviceConfig = {
         User = "root";
-        PrivateDevices = "true";
-        ProtectKernelTunables = "true";
-        ProtectKernelModules = "true";
-        LockPersonality = "true";
-        RestrictRealtime = "true";
-        SystemCallFilter = "@system-service @network-io @signal";
-        SystemCallErrorNumber = "EPERM";
         ExecStart = "\${selfprivacy-api}/bin/main.py";
         Restart = "always";
         RestartSec = "5";

From dae617f654ee9b630811931fddc3eaa35cfd4b25 Mon Sep 17 00:00:00 2001
From: Illia Chub <mail@ilchub.net>
Date: Mon, 26 Jul 2021 12:37:02 +0300
Subject: [PATCH 05/11] Removed user type definition for virtualMail

---
 nixos-infect | 1 -
 1 file changed, 1 deletion(-)

diff --git a/nixos-infect b/nixos-infect
index bbef1bb..8897190 100644
--- a/nixos-infect
+++ b/nixos-infect
@@ -206,7 +206,6 @@ EOF
 
   users.users = {
     virtualMail = {
-      isNormalUser = false;
       isSystemUser = true;
     };
   };

From a31abd94c10182d81f7aabaa740d12324ffe69e0 Mon Sep 17 00:00:00 2001
From: Illia Chub <mail@ilchub.net>
Date: Mon, 26 Jul 2021 12:41:17 +0300
Subject: [PATCH 06/11] Removed user type definition for virtualMail

---
 nixos-infect | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos-infect b/nixos-infect
index 8897190..a820f70 100644
--- a/nixos-infect
+++ b/nixos-infect
@@ -206,7 +206,7 @@ EOF
 
   users.users = {
     virtualMail = {
-      isSystemUser = true;
+      isNormalUser = false;
     };
   };
 

From 506e1c3b5bce7909f9895be3f5a030b396630bda Mon Sep 17 00:00:00 2001
From: Illia Chub <mail@ilchub.net>
Date: Mon, 26 Jul 2021 12:45:57 +0300
Subject: [PATCH 07/11] Upgraded SNM framework version

---
 nixos-infect | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nixos-infect b/nixos-infect
index a820f70..32d32f1 100644
--- a/nixos-infect
+++ b/nixos-infect
@@ -192,10 +192,10 @@ EOF
   imports = [
     (builtins.fetchTarball {
       # Pick a commit from the branch you are interested in
-      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/99f843de/nixos-mailserver-99f843de.tar.gz";
+      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/5675b122/nixos-mailserver-5675b122.tar.gz";
 
       # And set its hash
-      sha256 = "1af7phs8a2j26ywsm5mfhzvqmy0wdsph7ajs9s65c4r1bfq646fw";
+      sha256 = "1fwhb7a5v9c98nzhf3dyqf3a5ianqh7k50zizj8v5nmj3blxw4pi";
     })
   ];
 

From 46e734e8d6b37ee1eba940706cba463792c4c2d9 Mon Sep 17 00:00:00 2001
From: Illia Chub <mail@ilchub.net>
Date: Mon, 26 Jul 2021 12:49:20 +0300
Subject: [PATCH 08/11] Changed memcached port value type from string to
 integer

---
 nixos-infect | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos-infect b/nixos-infect
index 32d32f1..b14a122 100644
--- a/nixos-infect
+++ b/nixos-infect
@@ -474,7 +474,7 @@ EOF
       enable = true;
       user = "memcached";
       listen = "127.0.0.1";
-      port = "11211";
+      port = 11211;
       maxMemory = 64;
       maxConnections = 1024;
     };

From b62159d77aee033004d3d75a9a42a0c42c2105f7 Mon Sep 17 00:00:00 2001
From: Illia Chub <mail@ilchub.net>
Date: Mon, 26 Jul 2021 12:53:46 +0300
Subject: [PATCH 09/11] Added required binaries to the API service PATH
 variable

---
 nixos-infect | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos-infect b/nixos-infect
index b14a122..382b12b 100644
--- a/nixos-infect
+++ b/nixos-infect
@@ -713,7 +713,7 @@ in
       environment = {
         PYTHONUNBUFFERED = "1";
       };
-      path = [ "/var/" "/var/dkim/" pkgs.coreutils pkgs.gnutar pkgs.xz.bin pkgs.gzip pkgs.gitMinimal pkgs.config.nix.package.out ];
+      path = [ "/var/" "/var/dkim/" pkgs.coreutils pkgs.gnutar pkgs.xz.bin pkgs.gzip pkgs.gitMinimal config.nix.package.out pkgs.nixos-rebuild ];
       after = [ "network-online.target" ];
       wantedBy = [ "network-online.target" ];
       serviceConfig = {

From 005337d8d6fcf0bb917fe6653c15bd4556ced2df Mon Sep 17 00:00:00 2001
From: Illia Chub <mail@ilchub.net>
Date: Mon, 26 Jul 2021 13:13:25 +0300
Subject: [PATCH 10/11] Major fixes to server networking

---
 nixos-infect | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/nixos-infect b/nixos-infect
index 382b12b..90c3bd0 100644
--- a/nixos-infect
+++ b/nixos-infect
@@ -69,6 +69,7 @@ makeConf() {
       allowedTCPPorts = lib.mkForce [ 22 25 80 143 443 465 587 993 8443 ];
       allowedUDPPorts = lib.mkForce [ 8443 ];
     };
+    nameservers = [ "1.1.1.1" "1.0.0.1" ];
   };
   time.timeZone = "Europe/Uzhgorod";
   i18n.defaultLocale = "en_GB.UTF-8";
@@ -710,9 +711,11 @@ in
 
     systemd.services.selfprivacy-api = {
       description = "API Server used to control system from the mobile application";
-      environment = {
+      environment = config.nix.envVars // {
+        inherit (config.environment.sessionVariables) NIX_PATH;
+        HOME = "/root";
         PYTHONUNBUFFERED = "1";
-      };
+      } // config.networking.proxy.envVars;
       path = [ "/var/" "/var/dkim/" pkgs.coreutils pkgs.gnutar pkgs.xz.bin pkgs.gzip pkgs.gitMinimal config.nix.package.out pkgs.nixos-rebuild ];
       after = [ "network-online.target" ];
       wantedBy = [ "network-online.target" ];

From f07aea04bc6840bdfa7d393d036fb67e67985796 Mon Sep 17 00:00:00 2001
From: Illia Chub <mail@ilchub.net>
Date: Mon, 26 Jul 2021 13:36:40 +0300
Subject: [PATCH 11/11] Updated REST API version

---
 nixos-infect | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos-infect b/nixos-infect
index 90c3bd0..f7f1a3b 100644
--- a/nixos-infect
+++ b/nixos-infect
@@ -671,7 +671,7 @@ let
       version = "1.0";
       src = builtins.fetchGit {
         url = "https://git.selfprivacy.org/ilchub/selfprivacy-rest-api.git";
-        rev = "2885fe4356cf257ba5d64b9bad091aceba104883";
+        rev = "0980039a67c32a128a96ac73c98fc87aad64674b";
       };
       propagatedBuildInputs = [ flask flask-restful pandas ];
       meta = {