kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

fixes for tf and mail

Browse source
This commit is contained in:
Kat Inskip 2025-12-04 02:44:38 -08:00
parent cf9ec64e69
commit 4c6f2aa34a
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
9 changed files with 145 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

44
flake.lock generated
View file

@ -2,7 +2,9 @@
"nodes": { "nodes": {
"arcexprs": { "arcexprs": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs" "nixpkgs": [
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1757028967, "lastModified": 1757028967,
@ -161,7 +163,7 @@
"home-manager" "home-manager"
], ],
"jovian": "jovian", "jovian": "jovian",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs",
"rust-overlay": [ "rust-overlay": [
"rust-overlay" "rust-overlay"
] ]
@ -223,7 +225,7 @@
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nix-github-actions": "nix-github-actions_2", "nix-github-actions": "nix-github-actions_2",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_2",
"stable": "stable" "stable": "stable"
}, },
"locked": { "locked": {
@ -1310,7 +1312,7 @@
"flake-parts": [ "flake-parts": [
"flake-parts" "flake-parts"
], ],
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1764641206, "lastModified": 1764641206,
@ -1487,16 +1489,18 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1756487429, "lastModified": 1764517877,
"narHash": "sha256-dKmUp2Z5JS8exaYq4+2TnjzzLSyYMpCvCGaCxMAnD1I=", "narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "84fddb6f4ccf28d904b0d82d1878c36f94c6b629", "rev": "2d293cbfa5a793b4c50d17c05ef9e385b90edf6c",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "owner": "NixOS",
"type": "indirect" "ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
} }
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
@ -1576,22 +1580,6 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1764517877,
"narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2d293cbfa5a793b4c50d17c05ef9e385b90edf6c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1750134718, "lastModified": 1750134718,
"narHash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=", "narHash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=",
@ -1607,7 +1595,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1764384123, "lastModified": 1764384123,
"narHash": "sha256-UoliURDJFaOolycBZYrjzd9Cc66zULEyHqGFH3QHEq0=", "narHash": "sha256-UoliURDJFaOolycBZYrjzd9Cc66zULEyHqGFH3QHEq0=",
@ -1623,7 +1611,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_5": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1764642553, "lastModified": 1764642553,
"narHash": "sha256-mvbFFzVBhVK1FjyPHZGMAKpNiqkr7k++xIwy+p/NQvA=", "narHash": "sha256-mvbFFzVBhVK1FjyPHZGMAKpNiqkr7k++xIwy+p/NQvA=",
@ -1644,7 +1632,7 @@
"flake-parts": [ "flake-parts": [
"flake-parts" "flake-parts"
], ],
"nixpkgs": "nixpkgs_5", "nixpkgs": "nixpkgs_4",
"nuschtosSearch": "nuschtosSearch", "nuschtosSearch": "nuschtosSearch",
"systems": "systems_3" "systems": "systems_3"
}, },

1
flake.nix
View file

@ -331,6 +331,7 @@
arcexprs = { arcexprs = {
#url = "github:kittywitch/arcexprs/master"; #url = "github:kittywitch/arcexprs/master";
url = "github:arcnmx/nixexprs/master"; url = "github:arcnmx/nixexprs/master";
inputs.nixpkgs.follows = "nixpkgs";
}; };
base16 = { base16 = {
url = "github:arcnmx/base16.nix/flake"; url = "github:arcnmx/base16.nix/flake";

4
home/profiles/shell/git.nix
View file

@ -4,7 +4,7 @@
... ...
}: { }: {
home.packages = with pkgs; [ home.packages = with pkgs; [
gitAndTools.git-remote-gcrypt git-remote-gcrypt
git-crypt git-crypt
git-revise git-revise
radicle-tui radicle-tui
@ -16,7 +16,7 @@
}; };
git = { git = {
inherit (tree.home.user.data) userName userEmail; inherit (tree.home.user.data) userName userEmail;
package = pkgs.gitAndTools.gitFull; package = pkgs.gitFull;
enable = true; enable = true;
delta = { delta = {
enable = true; enable = true;

17
nixos/servers/mail/mail.nix
View file

@ -28,4 +28,21 @@
}; };
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
security.acme.defaults.email = "security@inskip.me"; security.acme.defaults.email = "security@inskip.me";
services.roundcube = {
enable = true;
# this is the url of the vhost, not necessarily the same as the fqdn of
# the mailserver
hostName = "webmail.dork.dev";
extraConfig = ''
$config['imap_host'] = "ssl://${config.mailserver.fqdn}";
$config['smtp_host'] = "ssl://${config.mailserver.fqdn}";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
};
services.nginx.enable = true;
networking.firewall.allowedTCPPorts = [80 443];
} }

5
tf/gmail.tf
View file

@ -13,13 +13,14 @@ module "inskip-gmail" {
zone_name = local.zones.inskip zone_name = local.zones.inskip
dkim = local.dkims.inskip dkim = local.dkims.inskip
} }
/*module "dork-gmail" { module "dork-gmail" {
enable = false
source = "./gmail_dns" source = "./gmail_dns"
cloudflare_api_key = var.cloudflare_api_key cloudflare_api_key = var.cloudflare_api_key
zone_id = local.zone_ids.dork zone_id = local.zone_ids.dork
zone_name = local.zones.dork zone_name = local.zones.dork
dkim = local.dkims.dork dkim = local.dkims.dork
}*/ }
module "kittywitch-gmail" { module "kittywitch-gmail" {
source = "./gmail_dns" source = "./gmail_dns"
cloudflare_api_key = var.cloudflare_api_key cloudflare_api_key = var.cloudflare_api_key

9
tf/gmail_dns/main.tf
View file

@ -1,4 +1,5 @@
resource "cloudflare_record" "gmail_mx_1_aspmx" { resource "cloudflare_record" "gmail_mx_1_aspmx" {
count = var.enable ? 1 : 0
name = var.zone_name name = var.zone_name
priority = 1 priority = 1
proxied = false proxied = false
@ -9,6 +10,7 @@ resource "cloudflare_record" "gmail_mx_1_aspmx" {
} }
resource "cloudflare_record" "gmail_mx_5_alt1" { resource "cloudflare_record" "gmail_mx_5_alt1" {
count = var.enable ? 1 : 0
name = var.zone_name name = var.zone_name
priority = 5 priority = 5
proxied = false proxied = false
@ -19,6 +21,7 @@ resource "cloudflare_record" "gmail_mx_5_alt1" {
} }
resource "cloudflare_record" "gmail_mx_5_alt2" { resource "cloudflare_record" "gmail_mx_5_alt2" {
count = var.enable ? 1 : 0
name = var.zone_name name = var.zone_name
priority = 5 priority = 5
proxied = false proxied = false
@ -29,6 +32,7 @@ resource "cloudflare_record" "gmail_mx_5_alt2" {
} }
resource "cloudflare_record" "gmail_mx_10_alt3" { resource "cloudflare_record" "gmail_mx_10_alt3" {
count = var.enable ? 1 : 0
name = var.zone_name name = var.zone_name
priority = 10 priority = 10
proxied = false proxied = false
@ -38,6 +42,7 @@ resource "cloudflare_record" "gmail_mx_10_alt3" {
zone_id = var.zone_id zone_id = var.zone_id
} }
resource "cloudflare_record" "gmail_mx_10_alt4" { resource "cloudflare_record" "gmail_mx_10_alt4" {
count = var.enable ? 1 : 0
name = var.zone_name name = var.zone_name
priority = 10 priority = 10
proxied = false proxied = false
@ -48,6 +53,7 @@ resource "cloudflare_record" "gmail_mx_10_alt4" {
} }
resource "cloudflare_record" "gmail_dkim" { resource "cloudflare_record" "gmail_dkim" {
count = var.enable ? 1 : 0
name = "google._domainkey" name = "google._domainkey"
proxied = false proxied = false
ttl = 3600 ttl = 3600
@ -57,10 +63,11 @@ resource "cloudflare_record" "gmail_dkim" {
} }
resource "cloudflare_record" "gmail_spf" { resource "cloudflare_record" "gmail_spf" {
count = var.enable ? 1 : 0
name = var.zone_name name = var.zone_name
proxied = false proxied = false
ttl = 3600 ttl = 3600
type = "TXT" type = "TXT"
value = "v=spf1 include:_spf.google.com -all" value = "v=spf1 include:_spf.google.com -all"
zone_id = var.zone_id zone_id = var.zone_id
} }

7
tf/gmail_dns/variables.tf
View file

@ -11,4 +11,9 @@ variable "dkim" {
variable "zone_name" { variable "zone_name" {
type = string type = string
} }
variable "enable" {
type = bool
default = true
}

91
tf/services.tf
View file

@ -88,6 +88,15 @@ resource "cloudflare_record" "music" {
zone_id = local.zone_ids.kittywitch zone_id = local.zone_ids.kittywitch
} }
resource "cloudflare_record" "webmail" {
name = "webmail"
proxied = false
ttl = 3600
type = "CNAME"
value = "rinnosukeinskip.me"
zone_id = local.zone_ids.kittywitch
}
resource "cloudflare_record" "dork_mail_mx" { resource "cloudflare_record" "dork_mail_mx" {
name = "@" name = "@"
proxied = false proxied = false
@ -107,4 +116,86 @@ resource "cloudflare_record" "dork_mail_spf" {
zone_id = local.zone_ids.dork zone_id = local.zone_ids.dork
} }
resource "cloudflare_record" "dork_mail_dkim" {
name = "rinnosuke._domainkey"
proxied = false
ttl = 10800
type = "TXT"
value = "v=DKIM1; k=rsa; s=email; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfSxe5JNdrSyHoPuESnOles7KxP5NtHD60YZ7SXLANNkEb8/tSHmg4nGqLhqKrA7+gcrurjowibDYs4hAM/ozkMNch53n2ZVKRl1ExMSRAPlGl5ZNCGGYVuRQlTMGvek2tIp3GbxafGF6QWSG1sA63fI9pxGosf/qc3wX5gtHxmKB9jn1Q6d9SDuJN72StIRjl81zaJFQJswvKx5keNvbW9oOP/xBVFPbnNZq52f/MsIpo4R33Vk0CrFvj5lnEKh5t6Bx1XUpJnkzQE934h+x1B+ypLkAPpLw4VnbDBMNc/ZkGbfJuM9YsasoEYgeoAtWKkyJV2WKZfppo1pUtR7swIDAQAB"
zone_id = local.zone_ids.dork
}
resource "cloudflare_record" "dork_mail_dmarc" {
name = "_dmarc"
proxied = false
ttl = 10800
type = "TXT"
value = "v=DMARC1; p=none"
zone_id = local.zone_ids.dork
}
resource "cloudflare_record" "dork_mail_submission_autodiscover" {
name = "_submission._tcp"
proxied = false
ttl = 3600
type = "SRV"
data {
service = "_submissions"
proto = "_tcp"
priority = 5
weight = 0
port = 587
target = "rinnosuke.inskip.me"
}
zone_id = local.zone_ids.dork
}
resource "cloudflare_record" "dork_mail_submissions_autodiscover" {
name = "_submissions._tcp"
proxied = false
ttl = 3600
type = "SRV"
data {
service = "_submissions"
proto = "_tcp"
priority = 5
weight = 0
port = 465
target = "rinnosuke.inskip.me"
}
zone_id = local.zone_ids.dork
}
resource "cloudflare_record" "dork_mail_imap_autodiscover" {
name = "_imap._tcp"
proxied = false
ttl = 3600
type = "SRV"
data {
service = "_imap"
proto = "_tcp"
priority = 5
weight = 0
port = 143
target = "rinnosuke.inskip.me"
}
zone_id = local.zone_ids.dork
}
resource "cloudflare_record" "dork_mail_imaps_autodiscover" {
name = "_imaps._tcp"
proxied = false
ttl = 3600
type = "SRV"
data {
service = "_imaps"
proto = "_tcp"
priority = 5
weight = 0
port = 993
target = "rinnosuke.inskip.me"
}
zone_id = local.zone_ids.dork
}

2
tf/terraform.tfstate
View file

File diff suppressed because one or more lines are too long