Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add ai mailer

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2025-03-02 03:41:42 +01:00
parent 3b043eaf6d
commit 9cfc423a38
9 changed files with 144 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/fw/channel
View File

@@ -1 +1 @@
https://channels.nixos.org/nixos-24.05
https://channels.nixos.org/nixos-24.11

5
hosts/fw/configuration.nix
View File

@@ -29,7 +29,9 @@
# microvm
./modules/microvm.nix
./modules/gitea-vm.nix
./modules/vscode-server.nix # Add VS Code Server microvm
# ./modules/vscode-server.nix # Add VS Code Server microvm
./modules/ai-mailer.nix
# web
./modules/web
@@ -74,6 +76,7 @@
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"mongodb"
"ai-mailer"
];
time.timeZone = "Europe/Vienna";

100
hosts/fw/modules/ai-mailer.nix Normal file
View File

@@ -0,0 +1,100 @@
{ config, pkgs, ... }:
{
users.users.ai-mailer = {
isSystemUser = true;
group = "ai-mailer";
home = "/var/lib/ai-mailer";
createHome = true;
description = "AI Mailer service user";
};
users.groups.ai-mailer = { };
environment.etc."ai-mailer/config.yaml" = {
mode = "0400";
user = "ai-mailer";
group = "ai-mailer";
text = ''
imap:
server: "imap.cloonar.com"
port: 993
username: "paraclub-test@cloonar.com"
password: "file://${config.sops.secrets.ai-mailer-imap-password.path}"
mailbox_in: "INBOX"
draft_box: "Drafts"
processed_box: "INBOX/Done"
use_tls: true
ai:
openrouter_api_key: "file://${config.sops.secrets.ai-mailer-openrouter-key.path}"
model: "deepseek/deepseek-r1-distill-llama-70b"
temperature: 0.3
max_tokens: 100000
context:
urls:
- "https://paraclub.cloonar.dev/de/"
- "https://paraclub.cloonar.dev/de/tandemfallschirmspringen/alle-infos/"
- "https://paraclub.cloonar.dev/de/tandemfallschirmspringen/kosten-tandemsprung/"
- "https://paraclub.cloonar.dev/de/ueber-uns/anfahrt/"
- "https://paraclub.cloonar.dev/de/tandemfallschirmspringen/faq/"
- "https://paraclub.cloonar.dev/de/ausbildung/uebersicht/"
- "https://paraclub.cloonar.dev/de/ausbildung/aff-ablauf/"
- "https://paraclub.cloonar.dev/de/ausbildung/kurstermine/"
- "https://paraclub.cloonar.dev/de/ausbildung/anmeldung/"
- "https://paraclub.cloonar.dev/de/ausbildung/kosten/"
polling:
interval: "30s"
logging:
level: "info"
file_path: "/var/log/ai-mailer.log"
'';
};
sops.secrets.ai-mailer-imap-password = {
owner = "ai-mailer";
};
sops.secrets.ai-mailer-openrouter-key = {
owner = "ai-mailer";
};
systemd.services.ai-mailer = {
description = "AI Mail Assistant Service";
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
User = "ai-mailer";
Group = "ai-mailer";
WorkingDirectory = "/var/lib/ai-mailer";
ExecStart = "${pkgs.ai-mailer}/bin/paraclub-ai-mailer -config /etc/ai-mailer/config.yaml";
Restart = "always";
RestartSec = "10s";
StateDirectory = "ai-mailer";
LogsDirectory = "ai-mailer";
RuntimeDirectory = "ai-mailer";
# Security settings
NoNewPrivileges = true;
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
CapabilityBoundingSet = "";
};
};
}

2
hosts/fw/modules/ddclient.nix
View File

@@ -2,7 +2,7 @@
{
services.ddclient = {
enable = true;
use = "if, if=wan";
usev4 = "if, if=wan";
protocol = "hetzner";
# server = "https://dns.hetzner.com/api/v1/";
username = "dominik.polakovics@cloonar.com";

6
hosts/fw/modules/dhcp4.nix
View File

@@ -22,6 +22,7 @@
renew-timer = 1000;
subnet4 = [
{
id = 96;
pools = [
{
pool = "${config.networkPrefix}.96.100 - ${config.networkPrefix}.96.240";
@@ -67,6 +68,7 @@
}
{
id = 97;
pools = [
{
pool = "${config.networkPrefix}.97.100 - ${config.networkPrefix}.97.240";
@@ -122,6 +124,7 @@
];
}
{
id = 101;
pools = [
{
pool = "${config.networkPrefix}.101.100 - ${config.networkPrefix}.101.240";
@@ -152,6 +155,7 @@
];
}
{
id = 99;
pools = [
{
pool = "${config.networkPrefix}.99.100 - ${config.networkPrefix}.99.240";
@@ -212,6 +216,7 @@
];
}
{
id = 254;
pools = [
{
pool = "${config.networkPrefix}.254.10 - ${config.networkPrefix}.254.254";
@@ -231,6 +236,7 @@
];
}
{
id = 100;
pools = [
{
pool = "${config.networkPrefix}.100.100 - ${config.networkPrefix}.100.240";

1
hosts/fw/modules/gitea.nix
View File

@@ -97,6 +97,7 @@ in
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
SHOW_REGISTRATION_BUTTON = false;
ENABLE_NOTIFY_MAIL = true;
REQUIRE_SIGNIN_VIEW = false;
};
mailer = {
ENABLED = true;

8
hosts/fw/secrets.yaml
View File

@@ -7,6 +7,8 @@ wg_epicenter_works_key: ENC[AES256_GCM,data:LeLjfwfaz+loWyHYRgIMIPzHzlOnhl9tluKc
wg_epicenter_works_psk: ENC[AES256_GCM,data:Den3NDWdP013Or6/2Vll1igUahuRSNW4hu+nDa5vkr93bbveQTaWFT4TD4U=,iv:r3UsD3+3lUIP2X3Grti7wpXTQBXtu1/MdrycEmpZfsI=,tag:ghbAcxmjGVOe9jCZsmFzjA==,type:str]
wg_ghetto_at_key: ENC[AES256_GCM,data:OIHmoy3SpIi9aefZnZ1PzpyHbEso18ceoTULf2eQkx1rJbaxC6PD1lma7eQ=,iv:u0eFjHHOBzPTmBvBEQsYY5flcBayiAQKd6e7RyiPwJI=,tag:731C9wvv8bA5fuuQq+weVQ==,type:str]
gitea-mailer-password: ENC[AES256_GCM,data:M4qCWNt1oQVJzxThIjocm2frwuVMyx+69TBpke25RwxJxEQnvHL1CM579OVroTm7+gGE/oOJqAwDIepfiDtyM1xm,iv:jayFZMbu3uDimS/rIKZSeoU0MsYwWp880iEMs1oQE4k=,tag:qGDncRkyuCWaELhcxUrqtQ==,type:str]
ai-mailer-imap-password: ENC[AES256_GCM,data:T3V9hS24fwzj1Lx2Za508fYiw8r/GmEDAaX1tGSGQCgcVfxnQ6kfncoGPEU0CGL6Vw==,iv:Z/5LxQpcWwu7U11wtXYlQ/papepm5tzgMhE2heFE7to=,tag:EESXRY7WXpus2q/vd19vbw==,type:str]
ai-mailer-openrouter-key: ENC[AES256_GCM,data:PCe8kt/M+7g087AKzYMY2H5WO4L+NGkHLsh47fMK36kz+Ju5kd/kpmM4GQcDbI3LgWm/P+T0/mv7kGGOL6KLmBFaFmGV/88cGw==,iv:ruVftGvnv+PX1Zd92tfOezpyaMbYrqCrexelyPUYFMc=,tag:z4JVUCfz/frehar6y+fOlQ==,type:str]
gitea-runner: ENC[AES256_GCM,data:NYG3qRLiMjmfA+oHYBXBbxpuX2ZjB/VgvLaS7yr5kJeDN/NukB/B3OZcEfsUWgbBS5IsLENESngWTFmK4W3htN4lSqdg/g4UsUr20beNov+pbyPN05rkBYmSCZZFwZ1L9POEE4GF4LuuoNpDlWIw0mrA8oV8MoI4W5QS2IGranBTIQQaYXU5TEGYa4XMVo4oC75iuH6DIq1KD6OgFAfMhm/wlbP8CP/Iaw2K8CNPxktk93pm3OSmggf22Z4JPEnvV25sc9iBkxLkDk9FXYFys0g=,iv:UzL5ncVOC/loJwcFSG1QJHnzLp3il4Hf3qDwLWxrIlo=,tag:w0Zn/E+02KyAsPXZdOLrew==,type:str]
gitea-runner-token: ENC[AES256_GCM,data:HpBjLS10w78ihbnAUrlCRGvwrXLBYKH5v/P7XggoUSWLoAazSVQArABxaK7PJas=,iv:q3Y6jV0gmug06O0EYqGVyIJ4AvMGr2ydwY17YKxo0Qw=,tag:Ws5HLbdaeYGGXzDZW/FX4w==,type:str]
home-assistant-ldap: ENC[AES256_GCM,data:uZEPbSnkgQYSd8ev6FD8TRHWWr+vusadtMcvP7KKL2AZAV0h1hga5fODN6I5u0DNL9hq2pNM+FwU0E/svWLRww==,iv:IhmUgSu34NaAY+kUZehx40uymydUYYAyte1aGqQ33/8=,tag:BKFCJPr7Vz4EG78ry/ZD7g==,type:str]
@@ -57,8 +59,8 @@ sops:
WXJpUUxadERyYUExRFMzNzBXaUVET3cKG9ZwWy5YvTr/BAw/i+ZJos5trwRvaW5j
eV/SHiEteZZtCuCVFAp3iolE/mJyu97nA2yFwWaLN86h+/xkOJsdqA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-20T21:39:00Z"
mac: ENC[AES256_GCM,data:JCFvFwSqnAQCOB76n5pfQsdsaod8bBiVZ2VY+WWBDWi84gQByhqy808E2ZZJSJ1/amUi8dNBeOPNWZIGdieuWJyatrqjWziAl7gXx5u35i77sS6hAD+G/Fc/elgRbjc0VIbplZ7UxBmwo3vkVpI4RqQiQv63MvKHI+TkoY8vFUM=,iv:uy50x8FqqDW7hCLZeHfhFB/dxa3N6kM2Vj9waAZJngg=,tag:Wt1FG0kW4VFZ2fvvAC0T4A==,type:str]
lastmodified: "2025-03-01T22:14:10Z"
mac: ENC[AES256_GCM,data:UWwjvi8jLNgu4l7ldMYtkAATm3y5+BSxbCuPN/e1OC4/3ULYJndqFLfTOMpqQbj2+uHo3onelK4f0MAJuSH0oUx58CclkNBBLE0RXafxbowa7kJtTNDfTboJNqH7rFmhGhqCtHAOOpKBuowqoOUHP5BtzZfucra0Q/pIJt5lma0=,iv:iJEW/mTbizioPSN8G+WqHSipx8P6VCDrVG/Cmk+MBUc=,tag:L4OkeKec5AZdCrpUrnqcOA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.9.4