Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Cloonar:536fc2b463f5a08d580b21fc4299db0c78edeec5
Branches Tags
Cloonar:master
..
compare: Cloonar:d199e5a4756b5ba7a15957678eaa07233d608e17
Branches Tags
Cloonar:master

1 Commits
536fc2b463 ... d199e5a475

Author SHA1 Message Date
Dominik Polakovics Polakovics
d199e5a475 change wireguard key for gpd win 4 2025-08-16 13:14:21 +02:00
8 changed files with 83 additions and 103 deletions
Expand all files Collapse all files

7
hosts/mail/modules/dovecot.nix
View File

@@ -189,15 +189,10 @@ in
managesieve_logout_format = bytes ( in=%i : out=%o )
}
lda_original_recipient_header = X-Original-To
plugin {
sieve_dir = /var/vmail/%d/%n/sieve/scripts/
sieve = /var/vmail/%d/%n/sieve/active-script.sieve
sieve_extensions = +vacation +vacation-seconds +editheader
sieve_vacation_use_original_recipient = yes
sieve_vacation_dont_check_recipient = yes
sieve_vacation_database = file:/var/vmail/%d/%n/sieve/vacation.db;
sieve_extensions = +vacation-seconds +editheader
sieve_vacation_min_period = 1min
fts = lucene

46
hosts/mail/modules/openldap.nix
View File

@@ -111,6 +111,52 @@ in {
];
};
"olcDatabase={3}mdb".attrs = {
objectClass = ["olcDatabaseConfig" "olcMdbConfig"];
olcDatabase = "{3}mdb";
olcDbDirectory = "/var/lib/openldap/data";
olcSuffix = "dc=ghetto,dc=at";
olcAccess = [
''
{0}to attrs=userPassword
by self write
by anonymous auth
by dn="cn=owncloud,ou=system,ou=users,dc=cloonar,dc=com" write
by dn="cn=authelia,ou=system,ou=users,dc=cloonar,dc=com" write
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * none
''
''
{1}to attrs=pgpPublicKey
by self write
by anonymous read
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
''
''
{2}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
''
];
};
"olcOverlay=memberof,olcDatabase={3}mdb".attrs = {
objectClass = [ "olcOverlayConfig" "olcMemberOf" ];
olcOverlay = "memberof";
olcMemberOfRefint = "TRUE";
};
"olcOverlay=ppolicy,olcDatabase={3}mdb".attrs = {
objectClass = [ "olcOverlayConfig" "olcPPolicyConfig" ];
olcOverlay = "ppolicy";
olcPPolicyHashCleartext = "TRUE";
};
"olcDatabase={4}mdb".attrs = {
objectClass = ["olcDatabaseConfig" "olcMdbConfig"];

1
hosts/nb/modules/desktop/default.nix
View File

@@ -38,7 +38,6 @@ in {
})
vscode
code-cursor
dracula-theme

32
hosts/nb/users/dominik.nix
View File

@@ -179,6 +179,38 @@ in
'';
};
/* Here goes the rest of your home-manager config, e.g. home.packages = [ pkgs.foo ]; */
# home.persistence."/nix/persist/user/dominik" = {
# allowOther = true;
# directories = [
# ".ApacheDirectoryStudio"
# ".config/Creality"
# ".config/github-copilot"
# ".config/libreoffice"
# ".config/Nextcloud"
# ".config/OrcaSlicer"
# ".config/rustdesk"
# ".config/rustdesk-epicenter"
# ".config/Signal"
# ".config/Signal-work"
# ".config/sops"
# ".config/VirtualBox"
# ".local/share/keyrings"
# ".local/share/Steam"
# ".mozilla"
# ".ssh"
# ".thunderbird"
# ".var"
# "cloud.cloonar.com"
# "nextcloud.cloonar.com"
# "cloud.epicenter.works"
# "OpenAudible"
# "VirtualBox VMs"
# "projects"
# "go"
# ];
# };
gtk = {
enable = true;
gtk2.extraConfig = ''

1
hosts/web-arm/configuration.nix
View File

@@ -35,7 +35,6 @@
./sites/autoconfig.cloonar.com.nix
./sites/feeds.cloonar.com.nix
./sites/webmail.cloonar.com.nix
./sites/vcard.cloonar.dev.nix
./sites/vcard.cloonar.com.nix

16
hosts/web-arm/modules/blackbox-exporter.nix
View File

@@ -7,9 +7,7 @@ let
cfg = config.services.blackbox-exporter;
nginxVHosts = config.services.nginx.virtualHosts or {};
allDomains = (lib.attrNames nginxVHosts) ++ [
"foundry-vtt.cloonar.com"
];
allDomains = lib.attrNames nginxVHosts;
filteredDomains = builtins.filter (d: !builtins.elem d cfg.blacklistDomains) allDomains;
httpsDomains = lib.map (d: "https://${d}") filteredDomains;
domainsString = builtins.concatStringsSep "\n "
@@ -47,16 +45,8 @@ in {
# Configuration file for Blackbox Exporter
environment.etc."blackbox_exporter/blackbox.yml".text = ''
modules:
http_200_final:
http_2xx:
prober: http
http:
method: GET
follow_redirects: true
preferred_ip_protocol: "ip4" # <-- important: avoid blanket IPv6 failures
# optional: if you want to prefer v6 but fall back to v4, add:
# ip_protocol_fallback: true
valid_http_versions: ["HTTP/1.1", "HTTP/2.0"] # tidy, not required but nice
valid_status_codes: [200]
'';
# Add scrape config for VictoriaMetrics agent
@@ -65,7 +55,7 @@ in {
- job_name: "blackbox_http_all_domains"
metrics_path: "/probe"
params:
module: ["http_200_final"]
module: ["http_2xx"]
static_configs:
- targets:

5
hosts/web-arm/modules/grafana/alerting/websites/default.nix
View File

@@ -3,10 +3,7 @@
let
cfg = config.services.blackbox-exporter;
nginxVHosts = config.services.nginx.virtualHosts or {};
allDomains =
(lib.attrNames nginxVHosts) ++ [
"foundry-vtt.cloonar.com"
];
allDomains = lib.attrNames nginxVHosts;
filteredDomains = builtins.filter (d: !builtins.elem d cfg.blacklistDomains) allDomains;
httpsDomains = lib.map (d: "https://${d}") filteredDomains;
websiteAlertRules = lib.map (target:

78
hosts/web-arm/sites/webmail.cloonar.com.nix
View File

@@ -1,78 +0,0 @@
{ config, pkgs, lib, ... }:
let
domain = config.networking.domain;
roundcubeRoot = "${config.services.roundcube.package}/public_html";
# PHP-FPM socket created by the roundcube module (pool named "roundcube"):
fpmSocket = config.services.phpfpm.pools.roundcube.socket;
in
{
# DB for Roundcube (PostgreSQL shown; MariaDB works too)
services.postgresql = {
enable = true;
ensureDatabases = [ "roundcube" ];
ensureUsers = [
{ name = "roundcube"; ensureDBOwnership = true; }
];
};
services.roundcube = {
enable = true;
configureNginx = false; # <-- youll provide your own vhost
plugins = [ "managesieve" "archive" "zipdownload" ];
database = {
host = "localhost";
dbname = "roundcube";
username = "roundcube";
};
extraConfig = ''
// IMAP & SMTP
$config['imap_host'] = 'ssl://imap.${domain}:993';
$config['smtp_host'] = 'tls://mail.${domain}:587';
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
// ManageSieve (filters + vacation)
$config['managesieve_host'] = 'tls://imap.${domain}:4190';
'';
};
services.nginx = {
enable = true;
virtualHosts."webmail.${domain}" = {
forceSSL = true;
enableACME = true;
root = roundcubeRoot;
extraConfig = ''
client_max_body_size 50m;
'';
locations = {
# Serve static assets directly
"~* ^/(favicon\\.ico|robots\\.txt|browserconfig\\.xml)$".tryFiles = "$uri =404";
"~* ^/(assets|installer|public|skins|plugins)/" = {
tryFiles = "$uri =404";
};
# PHP entry points
"~ \\.php$" = {
extraConfig = ''
include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
fastcgi_pass unix:${fpmSocket};
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
'';
};
# Default: let Roundcube handle routing
"/" = {
tryFiles = "$uri /index.php?$query_string";
};
};
};
};
}