blake/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add postfix

Browse Source
This commit is contained in:
blake
2025-10-19 13:59:06 -05:00
parent 7b11dbdcfa
commit 6ca265e97b
5 changed files with 113 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
modules/homelab/.default.nix.template.nix
View File

@@ -3,15 +3,12 @@
config,
lib,
...
}:
let
}: let
service = "";
cfg = config.modules.services.${service};
cfg = config.homelab.${service};
sec = config.sops.secrets;
homelab = config.homelab;
in
{
in {
options.modules.services.${service} = {
enable = lib.mkEnableOption "enables ${service}";
@@ -44,7 +41,6 @@ in
};
config = lib.mkIf cfg.enable {
# declare ${service} group
users.groups.${service} = {
gid = lib.mkForce cfg.ids;
@@ -58,7 +54,7 @@ in
home = cfg.data_dir;
createHome = true;
group = service;
extraGroups = [ "media" ];
extraGroups = ["media"];
};
# enable the ${service} service
@@ -85,7 +81,7 @@ in
# add to caddy for reverse proxy
services.caddy.virtualHosts."${cfg.url}" = {
serverAliases = [ "${service}.${homelab.public_domain}" ];
serverAliases = ["${service}.${homelab.public_domain}"];
extraConfig = ''
tls /etc/ssl/blakedheld.xyz.crt /etc/ssl/blakedheld.xyz.key
reverse_proxy 127.0.0.1:${toString cfg.port}
@@ -118,9 +114,9 @@ in
# };
# add to backups
system.backups.baks = {
homelab.backups.baks = {
${service} = {
paths = [ cfg.data_dir ];
paths = [cfg.data_dir];
};
};
};

1
modules/homelab/default.nix
View File

@@ -44,6 +44,7 @@ in
./motd
./backups
./glance
./postfix
./caddy
./home/zigbee2mqtt
./vaultwarden

100
modules/homelab/postfix/default.nix Normal file
View File

@@ -0,0 +1,100 @@
{
pkgs,
config,
lib,
...
}: let
service = "postfix";
cfg = config.homelab.${service};
sec = config.sops.secrets;
homelab = config.homelab;
in {
options.modules.services.${service} = {
enable = lib.mkEnableOption "enables ${service}";
# set port options
port = lib.mkOption {
type = lib.types.int;
default = 587;
description = "set port for ${service} (default: ${toString cfg.port}";
};
url = lib.mkOption {
type = lib.types.str;
default = "${service}.${homelab.base_domain}";
description = "set domain for ${service}";
};
data_dir = lib.mkOption {
type = lib.types.str;
default = "/var/lib/${service}";
description = "set data directory for ${service}";
};
ids = lib.mkOption {
type = lib.types.int;
default = cfg.port;
description = "set uid and pid of ${service} user (matches port by default)";
};
backup = lib.mkOption {
type = lib.types.bool;
default = true;
description = "enable backups for ${service}";
};
};
config = lib.mkIf cfg.enable {
# declare ${service} group
# users.groups.${service} = {
# gid = lib.mkForce cfg.ids;
# };
#
# # declare ${service} user
# users.users.${service} = {
# description = "${service} server user";
# uid = lib.mkForce cfg.ids;
# isSystemUser = true;
# home = cfg.data_dir;
# createHome = true;
# group = service;
# extraGroups = [];
# };
# enable the ${service} service
services.postfix = {
enable = true;
relayHost = "smtp.gmail.com";
relayPort = cfg.port;
config = {
smtp_use_tls = "yes";
smtp_sasl_auth_enable = "yes";
smtp_sasl_security_options = "";
smtp_sasl_password_maps = "texthash:${config.sops.secrets."postfix_passwd".path}";
# optional: Forward mails to root (e.g. from cron jobs, smartd)
# to me privately and to my work email:
virtual_alias_maps = "inline:{ {root=me@blakedheld.xyz, throwedspam@gmail.com} }";
};
};
# override umask to make permissions work out
# systemd.services.${service}.serviceConfig = {
# UMask = lib.mkForce "0007";
# User = service;
# Group = service;
#};
# open firewall
networking.firewall.allowedTCPPorts = [ cfg.port ];
sops.secrets = {
"${service}_passwd" = {
owner = config.services.postfix.user;
group = config.services.postfix.group;
};
};
# add to backups
homelab.backups.baks = {
${service} = {
paths = [cfg.data_dir];
};
};
};
}