From eb91a3beaf79a7cd0f6a855b342463045e8dd59a Mon Sep 17 00:00:00 2001 From: Emelie Graven Date: Tue, 23 Nov 2021 15:29:23 +0100 Subject: [PATCH] Add mail server --- stable/config/common/services/nginx.nix | 2 +- stable/config/hosts/mail/services/restic.nix | 38 +++----------------- unstable/config/common/services/nginx.nix | 2 +- unstable/config/sources/nix/sources.json | 12 +++---- unstable/deploy/default.nix | 2 +- 5 files changed, 13 insertions(+), 43 deletions(-) diff --git a/stable/config/common/services/nginx.nix b/stable/config/common/services/nginx.nix index 60f4b8f..ed902f3 100644 --- a/stable/config/common/services/nginx.nix +++ b/stable/config/common/services/nginx.nix @@ -1,7 +1,7 @@ { ... }: { services.nginx = { - #enable = true; + enable = true; # Use recommended settings recommendedGzipSettings = true; diff --git a/stable/config/hosts/mail/services/restic.nix b/stable/config/hosts/mail/services/restic.nix index 083e4cc..2425166 100644 --- a/stable/config/hosts/mail/services/restic.nix +++ b/stable/config/hosts/mail/services/restic.nix @@ -3,45 +3,15 @@ { services.restic.backups = { - "gitea" = { - paths = [ "/var/lib/gitea" ]; - repository = "sftp:restic@despondos.nao.sh:/etheria/backup/wind/gitea"; + "mail" = { + paths = [ "/var/vmail" ]; + repository = "sftp:restic@despondos.nao.sh:/etheria/backup/mail/mail"; initialize = true; pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ]; timerConfig = { "OnCalendar" = "02:15"; }; extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ]; passwordFile = builtins.toString config.secrets.files.restic_pass.file; - user = "gitea"; - }; - "postgres" = { - paths = [ "/var/lib/postgresql/backup" ]; - repository = "sftp:restic@despondos.nao.sh:/etheria/backup/wind/postgres"; - initialize = true; - pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ]; - timerConfig = { "OnCalendar" = "03:00"; }; - extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ]; - passwordFile = builtins.toString config.secrets.files.restic_pass.file; - user = "postgres"; - }; - "synapse" = { - paths = [ "/var/lib/matrix-synapse" ]; - repository = "sftp:restic@despondos.nao.sh:/etheria/backup/wind/synapse"; - initialize = true; - pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ]; - timerConfig = { "OnCalendar" = "03:30"; }; - extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ]; - passwordFile = builtins.toString config.secrets.files.restic_pass.file; - user = "matrix-synapse"; - }; - "vaultwarden" = { - paths = [ "/var/lib/bitwarden_rs" ]; - repository = "sftp:restic@despondos.nao.sh:/etheria/backup/wind/vaultwarden"; - initialize = true; - pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ]; - timerConfig = { "OnCalendar" = "23:45"; }; - extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ]; - passwordFile = builtins.toString config.secrets.files.restic_pass.file; - user = "vaultwarden"; + user = "virtualMail"; }; }; } diff --git a/unstable/config/common/services/nginx.nix b/unstable/config/common/services/nginx.nix index ed902f3..89a13a4 100644 --- a/unstable/config/common/services/nginx.nix +++ b/unstable/config/common/services/nginx.nix @@ -24,7 +24,7 @@ #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; # Minimize information leaked to other domains - add_header 'Referrer-Policy' 'origin-when-cross-origin'; + add_header 'Referrer-Policy' 'same-origin'; # Disable embedding as a frame add_header X-Frame-Options DENY; diff --git a/unstable/config/sources/nix/sources.json b/unstable/config/sources/nix/sources.json index 62a9554..946ef40 100644 --- a/unstable/config/sources/nix/sources.json +++ b/unstable/config/sources/nix/sources.json @@ -17,10 +17,10 @@ "homepage": "", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "4045d5f43aff4440661d8912fc6e373188d15b5b", - "sha256": "1f07p7awpxwg8f9ps5ncvnpkh9ny3aj2n28gqqhafdk9i6f9zkfi", + "rev": "08cda8e3a5a4e685af525e5a589dfeb74267d505", + "sha256": "0bf3mbss7c3lyf5h8g1vwjbs0cg4h0c8ixbaz1kv24ahyy8n61y3", "type": "tarball", - "url": "https://github.com/NixOS/nixos-hardware/archive/4045d5f43aff4440661d8912fc6e373188d15b5b.tar.gz", + "url": "https://github.com/NixOS/nixos-hardware/archive/08cda8e3a5a4e685af525e5a589dfeb74267d505.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "nixpkgs": { @@ -29,10 +29,10 @@ "homepage": "", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0b239a479cd2c6246195f76244d0939845f82634", - "sha256": "0p1x6zmsh5yfz0xrkvi9nrymznnaz8l46srib271bzmcbbd2fb21", + "rev": "d00918ccaf7e1532d35db2f1e3d44db3da39b851", + "sha256": "0ynxk7vacv8nljkr60f1sdyh0a65lb6w8kzv5m30hy2qba7samrf", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/0b239a479cd2c6246195f76244d0939845f82634.tar.gz", + "url": "https://github.com/NixOS/nixpkgs/archive/d00918ccaf7e1532d35db2f1e3d44db3da39b851.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "nixus": { diff --git a/unstable/deploy/default.nix b/unstable/deploy/default.nix index 3fdc041..ee07e2e 100644 --- a/unstable/deploy/default.nix +++ b/unstable/deploy/default.nix @@ -1,5 +1,5 @@ let - sources = import ../unstable/config/sources; + sources = import ../config/sources; in import "${sources.nixus}" {} ({ config, ... }: { defaults = { name, ... }: {