flygrounder/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial commit

Browse source
This commit is contained in:
Artyom Belousov 2026-01-13 15:34:28 +03:00 committed by Артём Белоусов
commit b79d352847
37 changed files with 2191 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

195
hosts/server/configuration.nix Normal file
View file

@ -0,0 +1,195 @@
{ ... }:
let
myKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIArRfRumAbMcRypGundddfVg7t+VOwVeQ+HUQfI9AFbX flygrounder@home";
in
{
age.secrets.stalwart-admin-password = {
file = ../../secrets/stalwart-admin-password.age;
owner = "stalwart-mail";
};
users.users = {
flygrounder = {
openssh.authorizedKeys.keys = [
myKey
];
};
root = {
openssh.authorizedKeys.keys = [
myKey
];
};
};
home-manager.users.flygrounder.custom = {
catppuccin.enable = true;
cli.enable = true;
neovim.enable = true;
};
services = {
caddy = {
enable = true;
virtualHosts = {
"flygrounder.ru" = {
extraConfig = ''
reverse_proxy localhost:1234
'';
};
"mtg-bot.flygrounder.ru" = {
extraConfig = ''
reverse_proxy localhost:3000
'';
};
"syncthing.flygrounder.ru" = {
extraConfig = ''
reverse_proxy localhost:8384 {
header_up Host localhost
}
'';
};
"vaultwarden.flygrounder.ru" = {
extraConfig = ''
encode zstd gzip
reverse_proxy localhost:8222 {
header_up X-Real-IP {remote_host}
}
'';
};
"mail.flygrounder.ru" = {
extraConfig = ''
reverse_proxy localhost:8080
'';
};
};
};
stalwart = {
enable = true;
openFirewall = true;
settings = {
server = {
hostname = "mail.flygrounder.ru";
tls = {
enable = true;
implicit = true;
};
listener = {
smtp = {
protocol = "smtp";
bind = "0.0.0.0:25";
};
submissions = {
bind = "0.0.0.0:465";
protocol = "smtp";
tls.implicit = true;
};
imaps = {
bind = "0.0.0.0:993";
protocol = "imap";
tls.implicit = true;
};
jmap = {
bind = "127.0.0.1:8080";
protocol = "http";
};
};
};
certificate."default" = {
cert = "%{file:/var/lib/stalwart-mail/certs/mail.flygrounder.ru.crt}%";
private-key = "%{file:/var/lib/stalwart-mail/certs/mail.flygrounder.ru.key}%";
};
authentication.fallback-admin = {
user = "admin";
secret = "%{file:/run/agenix/stalwart-admin-password}%";
};
tracer."log" = {
type = "log";
path = "/var/log/stalwart-mail";
};
};
};
openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
};
};
vaultwarden = {
enable = true;
config = {
DOMAIN = "https://vaultwarden.flygrounder.ru";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
ROCKET_LOG = "critical";
};
};
};
systemd.paths.stalwart-certs = {
wantedBy = [ "multi-user.target" ];
pathConfig = {
PathModified = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.flygrounder.ru/mail.flygrounder.ru.crt";
};
};
systemd.services.stalwart-certs = {
after = [ "caddy.service" ];
before = [ "stalwart.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
};
script = ''
mkdir -p /var/lib/stalwart-mail/certs
cp -L /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.flygrounder.ru/mail.flygrounder.ru.crt /var/lib/stalwart-mail/certs/
cp -L /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.flygrounder.ru/mail.flygrounder.ru.key /var/lib/stalwart-mail/certs/
chown stalwart-mail:stalwart-mail /var/lib/stalwart-mail/certs/*
chmod 600 /var/lib/stalwart-mail/certs/*
'';
postStop = ''
if systemctl is-active --quiet stalwart.service; then
systemctl --no-block restart stalwart.service
fi
'';
};
systemd.services.stalwart.after = [ "stalwart-certs.service" ];
systemd.services.stalwart.requires = [ "stalwart-certs.service" ];
imports = [
./hardware-configuration.nix
./disko-config.nix
];
nix.settings.trusted-users = [ "flygrounder" ];
networking = {
firewall = {
allowedTCPPorts = [
80
443
25
465
993
];
};
nameservers = [
"1.1.1.1"
"8.8.8.8"
];
interfaces.ens3.ipv4.addresses = [
{
address = "62.109.27.62";
prefixLength = 32;
}
];
defaultGateway = {
address = "10.0.0.1";
interface = "ens3";
};
};
}