fixes for tf and mail

2026-02-09 04:19:19 -08:00 · 2025-12-04 02:44:38 -08:00 · 2025-12-04 02:44:38 -08:00 · 4c6f2aa34a
commit 4c6f2aa34a
parent cf9ec64e69
9 changed files with 145 additions and 35 deletions
--- a/flake.lock
+++ b/flake.lock
@ -2,7 +2,9 @@
  "nodes": {
    "arcexprs": {
      "inputs": {
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": [
+          "nixpkgs"
+        ]
      },
      "locked": {
        "lastModified": 1757028967,
@ -161,7 +163,7 @@
          "home-manager"
        ],
        "jovian": "jovian",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs",
        "rust-overlay": [
          "rust-overlay"
        ]
@ -223,7 +225,7 @@
        "flake-compat": "flake-compat",
        "flake-utils": "flake-utils",
        "nix-github-actions": "nix-github-actions_2",
-        "nixpkgs": "nixpkgs_3",
+        "nixpkgs": "nixpkgs_2",
        "stable": "stable"
      },
      "locked": {
@ -1310,7 +1312,7 @@
        "flake-parts": [
          "flake-parts"
        ],
-        "nixpkgs": "nixpkgs_4"
+        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
        "lastModified": 1764641206,
@ -1487,16 +1489,18 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1756487429,
-        "narHash": "sha256-dKmUp2Z5JS8exaYq4+2TnjzzLSyYMpCvCGaCxMAnD1I=",
+        "lastModified": 1764517877,
+        "narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "84fddb6f4ccf28d904b0d82d1878c36f94c6b629",
+        "rev": "2d293cbfa5a793b4c50d17c05ef9e385b90edf6c",
        "type": "github"
      },
      "original": {
-        "id": "nixpkgs",
-        "type": "indirect"
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
      }
    },
    "nixpkgs-lib": {
@ -1576,22 +1580,6 @@
      }
    },
    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1764517877,
-        "narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "2d293cbfa5a793b4c50d17c05ef9e385b90edf6c",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_3": {
      "locked": {
        "lastModified": 1750134718,
        "narHash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=",
@ -1607,7 +1595,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_4": {
+    "nixpkgs_3": {
      "locked": {
        "lastModified": 1764384123,
        "narHash": "sha256-UoliURDJFaOolycBZYrjzd9Cc66zULEyHqGFH3QHEq0=",
@ -1623,7 +1611,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_5": {
+    "nixpkgs_4": {
      "locked": {
        "lastModified": 1764642553,
        "narHash": "sha256-mvbFFzVBhVK1FjyPHZGMAKpNiqkr7k++xIwy+p/NQvA=",
@ -1644,7 +1632,7 @@
        "flake-parts": [
          "flake-parts"
        ],
-        "nixpkgs": "nixpkgs_5",
+        "nixpkgs": "nixpkgs_4",
        "nuschtosSearch": "nuschtosSearch",
        "systems": "systems_3"
      },
--- a/flake.nix
+++ b/flake.nix
@ -331,6 +331,7 @@
    arcexprs = {
      #url = "github:kittywitch/arcexprs/master";
      url = "github:arcnmx/nixexprs/master";
+      inputs.nixpkgs.follows = "nixpkgs";
    };
    base16 = {
      url = "github:arcnmx/base16.nix/flake";
--- a/home/profiles/shell/git.nix
+++ b/home/profiles/shell/git.nix
@ -4,7 +4,7 @@
  ...
 }: {
  home.packages = with pkgs; [
-    gitAndTools.git-remote-gcrypt
+    git-remote-gcrypt
    git-crypt
    git-revise
    radicle-tui
@ -16,7 +16,7 @@
    };
    git = {
      inherit (tree.home.user.data) userName userEmail;
-      package = pkgs.gitAndTools.gitFull;
+      package = pkgs.gitFull;
      enable = true;
      delta = {
        enable = true;
--- a/nixos/servers/mail/mail.nix
+++ b/nixos/servers/mail/mail.nix
@ -28,4 +28,21 @@
  };
  security.acme.acceptTerms = true;
  security.acme.defaults.email = "security@inskip.me";
+
+  services.roundcube = {
+    enable = true;
+    # this is the url of the vhost, not necessarily the same as the fqdn of
+    # the mailserver
+    hostName = "webmail.dork.dev";
+    extraConfig = ''
+      $config['imap_host'] = "ssl://${config.mailserver.fqdn}";
+      $config['smtp_host'] = "ssl://${config.mailserver.fqdn}";
+      $config['smtp_user'] = "%u";
+      $config['smtp_pass'] = "%p";
+    '';
+  };
+
+  services.nginx.enable = true;
+
+  networking.firewall.allowedTCPPorts = [80 443];
 }
--- a/tf/gmail.tf
+++ b/tf/gmail.tf
@ -13,13 +13,14 @@ module "inskip-gmail" {
  zone_name          = local.zones.inskip
  dkim               = local.dkims.inskip
 }
-/*module "dork-gmail" {
+module "dork-gmail" {
+  enable             = false
  source             = "./gmail_dns"
  cloudflare_api_key = var.cloudflare_api_key
  zone_id            = local.zone_ids.dork
  zone_name          = local.zones.dork
  dkim               = local.dkims.dork
-}*/
+}
 module "kittywitch-gmail" {
  source             = "./gmail_dns"
  cloudflare_api_key = var.cloudflare_api_key
--- a/tf/gmail_dns/main.tf
+++ b/tf/gmail_dns/main.tf
@ -1,4 +1,5 @@
 resource "cloudflare_record" "gmail_mx_1_aspmx" {
+  count    = var.enable ? 1 : 0
  name     = var.zone_name
  priority = 1
  proxied  = false
@ -9,6 +10,7 @@ resource "cloudflare_record" "gmail_mx_1_aspmx" {
 }

 resource "cloudflare_record" "gmail_mx_5_alt1" {
+  count    = var.enable ? 1 : 0
  name     = var.zone_name
  priority = 5
  proxied  = false
@ -19,6 +21,7 @@ resource "cloudflare_record" "gmail_mx_5_alt1" {
 }

 resource "cloudflare_record" "gmail_mx_5_alt2" {
+  count    = var.enable ? 1 : 0
  name     = var.zone_name
  priority = 5
  proxied  = false
@ -29,6 +32,7 @@ resource "cloudflare_record" "gmail_mx_5_alt2" {
 }

 resource "cloudflare_record" "gmail_mx_10_alt3" {
+  count    = var.enable ? 1 : 0
  name     = var.zone_name
  priority = 10
  proxied  = false
@ -38,6 +42,7 @@ resource "cloudflare_record" "gmail_mx_10_alt3" {
  zone_id  = var.zone_id
 }
 resource "cloudflare_record" "gmail_mx_10_alt4" {
+  count    = var.enable ? 1 : 0
  name     = var.zone_name
  priority = 10
  proxied  = false
@ -48,6 +53,7 @@ resource "cloudflare_record" "gmail_mx_10_alt4" {
 }

 resource "cloudflare_record" "gmail_dkim" {
+  count   = var.enable ? 1 : 0
  name    = "google._domainkey"
  proxied = false
  ttl     = 3600
@ -57,10 +63,11 @@ resource "cloudflare_record" "gmail_dkim" {
 }

 resource "cloudflare_record" "gmail_spf" {
+  count   = var.enable ? 1 : 0
  name    = var.zone_name
  proxied = false
  ttl     = 3600
  type    = "TXT"
  value   = "v=spf1 include:_spf.google.com -all"
  zone_id = var.zone_id
-}
+}
--- a/tf/gmail_dns/variables.tf
+++ b/tf/gmail_dns/variables.tf
@ -11,4 +11,9 @@ variable "dkim" {

 variable "zone_name" {
  type = string
-}
+}
+
+variable "enable" {
+  type    = bool
+  default = true
+}
--- a/tf/services.tf
+++ b/tf/services.tf
@ -88,6 +88,15 @@ resource "cloudflare_record" "music" {
  zone_id = local.zone_ids.kittywitch
 }

+resource "cloudflare_record" "webmail" {
+  name    = "webmail"
+  proxied = false
+  ttl     = 3600
+  type    = "CNAME"
+  value   = "rinnosukeinskip.me"
+  zone_id = local.zone_ids.kittywitch
+}
+
 resource "cloudflare_record" "dork_mail_mx" {
  name     = "@"
  proxied  = false
@ -107,4 +116,86 @@ resource "cloudflare_record" "dork_mail_spf" {
  zone_id = local.zone_ids.dork
 }

+resource "cloudflare_record" "dork_mail_dkim" {
+  name    = "rinnosuke._domainkey"
+  proxied = false
+  ttl     = 10800
+  type    = "TXT"
+  value   = "v=DKIM1; k=rsa; s=email; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfSxe5JNdrSyHoPuESnOles7KxP5NtHD60YZ7SXLANNkEb8/tSHmg4nGqLhqKrA7+gcrurjowibDYs4hAM/ozkMNch53n2ZVKRl1ExMSRAPlGl5ZNCGGYVuRQlTMGvek2tIp3GbxafGF6QWSG1sA63fI9pxGosf/qc3wX5gtHxmKB9jn1Q6d9SDuJN72StIRjl81zaJFQJswvKx5keNvbW9oOP/xBVFPbnNZq52f/MsIpo4R33Vk0CrFvj5lnEKh5t6Bx1XUpJnkzQE934h+x1B+ypLkAPpLw4VnbDBMNc/ZkGbfJuM9YsasoEYgeoAtWKkyJV2WKZfppo1pUtR7swIDAQAB"
+  zone_id = local.zone_ids.dork
+}

+resource "cloudflare_record" "dork_mail_dmarc" {
+  name    = "_dmarc"
+  proxied = false
+  ttl     = 10800
+  type    = "TXT"
+  value   = "v=DMARC1; p=none"
+  zone_id = local.zone_ids.dork
+}
+
+resource "cloudflare_record" "dork_mail_submission_autodiscover" {
+  name    = "_submission._tcp"
+  proxied = false
+  ttl     = 3600
+  type    = "SRV"
+
+  data {
+    service  = "_submissions"
+    proto    = "_tcp"
+    priority = 5
+    weight   = 0
+    port     = 587
+    target   = "rinnosuke.inskip.me"
+  }
+  zone_id = local.zone_ids.dork
+}
+resource "cloudflare_record" "dork_mail_submissions_autodiscover" {
+  name    = "_submissions._tcp"
+  proxied = false
+  ttl     = 3600
+  type    = "SRV"
+
+  data {
+    service  = "_submissions"
+    proto    = "_tcp"
+    priority = 5
+    weight   = 0
+    port     = 465
+    target   = "rinnosuke.inskip.me"
+  }
+  zone_id = local.zone_ids.dork
+}
+
+resource "cloudflare_record" "dork_mail_imap_autodiscover" {
+  name    = "_imap._tcp"
+  proxied = false
+  ttl     = 3600
+  type    = "SRV"
+
+  data {
+    service  = "_imap"
+    proto    = "_tcp"
+    priority = 5
+    weight   = 0
+    port     = 143
+    target   = "rinnosuke.inskip.me"
+  }
+  zone_id = local.zone_ids.dork
+}
+resource "cloudflare_record" "dork_mail_imaps_autodiscover" {
+  name    = "_imaps._tcp"
+  proxied = false
+  ttl     = 3600
+  type    = "SRV"
+
+  data {
+    service  = "_imaps"
+    proto    = "_tcp"
+    priority = 5
+    weight   = 0
+    port     = 993
+    target   = "rinnosuke.inskip.me"
+  }
+  zone_id = local.zone_ids.dork
+}
--- a/tf/terraform.tfstate
+++ b/tf/terraform.tfstate