phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2025-12-25 05:36:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add Roundcube

Browse source
This commit is contained in:
Paul-Henri Froidmont 2021-12-27 16:39:22 +01:00
parent 5f36ab8644
commit 8404e17a2f
Signed by: phfroidmont
GPG key ID: BE948AFD7E7873BE
9 changed files with 72 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/mailserver.nix
View file

@ -23,7 +23,9 @@
enable = true;
fqdn = "mail.banditlair.com";
domains = [ "banditlair.com" "froidmont.org" "falbo.fr" ];
enableManageSieve = true;
mailDirectory = "/nix/var/data/vmail";
sieveDirectory = "/nix/var/data/sieve";
lmtpSaveToDetailMailbox = "no";
loginAccounts = {
"paultrial@banditlair.com" = {

3
modules/nextcloud.nix
View file

@ -11,7 +11,6 @@ in
sops.secrets = {
sshfsKey = {
key = "sshfs_keys/private";
restartUnits = [ "var-lib-nextcloud-data.mount" ];
};
nextcloudDbPassword = {
owner = config.users.users.nextcloud.name;
@ -30,7 +29,7 @@ in
];
systemd.services.nextcloud-data-sshfs = {
wantedBy = [ "multi-user.target" ];
wantedBy = [ "multi-user.target" "nextcloud-setup.service" ];
before = [ "phpfpm-nextcloud.service" ];
restartIfChanged = false;
serviceConfig = {

10
modules/postgresql.nix
View file

@ -7,12 +7,14 @@
initialScript = pkgs.writeText "postgres-init.sql" ''
CREATE ROLE "synapse";
CREATE ROLE "nextcloud";
CREATE ROLE "roundcube";
'';
enableTCPIP = true;
identMap = ''
root_as_others root postgres
root_as_others root synapse
root_as_others root nextcloud
root_as_others root roundcube
'';
authentication = ''
local all postgres peer
@ -32,6 +34,11 @@
key = "nextcloud/db_password";
restartUnits = [ "postgresql-setup.service" ];
};
roundcubeDbPassword = {
owner = config.services.postgresql.superUser;
key = "roundcube/db_password";
restartUnits = [ "postgresql-setup.service" ];
};
};
systemd.services.postgresql-setup = let pgsql = config.services.postgresql; in
@ -50,11 +57,14 @@
}
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'synapse'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "synapse" OWNER "synapse" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'nextcloud'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "nextcloud" OWNER "nextcloud"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'roundcube'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "roundcube" OWNER "roundcube"'
synapse_password="$(<'${config.sops.secrets.synapseDbPassword.path}')"
PSQL -tAc "ALTER ROLE synapse WITH PASSWORD '$synapse_password'"
nextcloud_password="$(<'${config.sops.secrets.nextcloudDbPassword.path}')"
PSQL -tAc "ALTER ROLE nextcloud WITH PASSWORD '$nextcloud_password'"
roundcube_password="$(<'${config.sops.secrets.roundcubeDbPassword.path}')"
PSQL -tAc "ALTER ROLE roundcube WITH PASSWORD '$roundcube_password'"
'';
serviceConfig = {

42
modules/roundcube.nix Normal file
View file

@ -0,0 +1,42 @@
{ pkgs, lib, config, ... }:
{
sops.secrets = {
pgPassFile = {
owner = "nginx";
key = "roundcube/pg_pass_file";
};
dbPassword = {
owner = "nginx";
key = "roundcube/db_password";
};
};
services.roundcube = {
enable = true;
plugins = [ "managesieve" ];
dicts = with pkgs.aspellDicts; [ en fr de ];
hostName = "webmail.banditlair.com";
database = {
host = "10.0.1.11";
username = "roundcube";
dbname = "roundcube";
passwordFile = config.sops.secrets.pgPassFile.path;
};
extraConfig = ''
# This override is required as a workaround for the nixpkgs config because we need a plain password instead of a pgpass file
$password = file_get_contents('${config.sops.secrets.dbPassword.path}');
$config['db_dsnw'] = 'pgsql://roundcube:' . $password . '@10.0.1.11/roundcube';
$config['default_host'] = 'ssl://mail.banditlair.com:993';
$config['smtp_server'] = 'ssl://%h';
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
$config['identities_level'] = 0;
$config['managesieve_host'] = 'tls://%h';
$config['managesieve_auth_type'] = 'PLAIN';
'';
};
}