services/{keycloak,glauth}: init

2026-02-09 12:29:19 -08:00 · 2021-09-04 22:57:01 +01:00 · 2021-09-04 22:57:01 +01:00 · d64087e160
commit d64087e160
parent d0e82242d5
9 changed files with 311 additions and 29 deletions
--- a/config/services/mail/default.nix
+++ b/config/services/mail/default.nix
@ -4,6 +4,7 @@ with lib;

 let
  domains = [ "kittywitch" "dork" ];
+  users = [ "gitea" "kat" "keycloak" ];
 in
 {
  imports = [ sources.nixos-mailserver.outPath ];
@ -13,7 +14,8 @@ in
      nameValuePair "mail-${field}-hash" {
        path = "secrets/mail-kittywitch";
        field = "${field}-hash";
-      }) [ "gitea" "kat" ]
+      })
+    users
  ++ map
    (domain:
      nameValuePair "mail-domainkey-${domain}" {
@ -22,7 +24,7 @@ in
      })
    domains);

-  deploy.tf.dns.records = lib.mkMerge (map
+  deploy.tf.dns.records = mkMerge (map
    (domain:
      let
        zoneGet = domain: if domain == "dork" then "dork.dev." else config.network.dns.zone;
@ -55,18 +57,14 @@ in
      })
    domains);

-  secrets.files = {
-    mail-kat-hash = {
-      text = ''
-        ${tf.variables.mail-kat-hash.ref}
-      '';
-    };
-    mail-gitea-hash = {
-      text = ''
-        ${tf.variables.mail-gitea-hash.ref}
-      '';
-    };
-  };
+  secrets.files = listToAttrs (map
+    (user:
+      nameValuePair "mail-${user}-hash" {
+        text = ''
+          ${tf.variables.mail-kat-hash.ref}
+        '';
+      })
+    users);

  mailserver = {
    enable = true;
@ -85,15 +83,19 @@ in
    virusScanning = false;

    # nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
-    loginAccounts = {
-      "kat@kittywit.ch" = {
-        hashedPasswordFile = config.secrets.files.mail-kat-hash.path;
-        aliases = [ "postmaster@kittywit.ch" ];
-        catchAll = [ "kittywit.ch" "dork.dev" ];
-      };
-      "gitea@kittywit.ch" = {
-        hashedPasswordFile = config.secrets.files.mail-gitea-hash.path;
-      };
-    };
+    loginAccounts = mkMerge [
+      (listToAttrs (map
+        (user:
+          nameValuePair "${user}@kittywit.ch" {
+            hashedPasswordFile = config.secrets.files."mail-${user}-hash".path;
+          })
+        users))
+      {
+        "kat@kittywit.ch" = {
+          aliases = [ "postmaster@kittywit.ch" ];
+          catchAll = [ "kittywit.ch" "dork.dev" ];
+        };
+      }
+    ];
  };
 }