Add manuela to Wireguard peers

Replace deprecated OnCalendar option with startAt
Update README
2021-07-31 21:49:57 +01:00 · 2021-07-30 21:53:58 +01:00 · 2021-07-30 21:41:43 +01:00 · 2021-07-24 18:01:20 +02:00
6 changed files with 47 additions and 74 deletions
--- a/README.org
+++ b/README.org
@@ -1,3 +1,17 @@
 * Unit
 Declarative configuration for the main server, using [[https://nixos.org][NixOS]]
 ** Modules
 The configuration is sliced into different files, per category:
 - ZFS pool configuration: hardware-configuration.nix
 - Network configuration: networking.nix
 - Synchronization and backup services: datasync.nix
 - Web services and reverse proxy: webstack.nix
 - Smartd: monitoring.nix
 - Systemd services and timers: periodic.nix
 - Virtual machines: virtualization.nix
 All the modules are imported in *configuration.nix*
--- a/configuration.nix
+++ b/configuration.nix
@@ -108,7 +108,6 @@
    ./modules/monitoring.nix
    ./modules/periodic.nix
    ./modules/webstack.nix
    ./modules/email.nix
  ];
 }
--- a/modules/email.nix
+++ b/modules/email.nix
@@ -1,30 +0,0 @@
 { config, pkgs, ... }:
 let release = "nixos-21.05";
 in {
  imports = [
    (builtins.fetchTarball {
      url =
        "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz";
      sha256 = "1fwhb7a5v9c98nzhf3dyqf3a5ianqh7k50zizj8v5nmj3blxw4pi";
    })
  ];
  # Mail server configuration
  mailserver = {
    enable = true;
    fqdn = "mail.coace.duckdns.org";
    domains = [ "coace.duckdns.org" ];
    loginAccounts = {
      "admin@coace.duckdns.org" = {
        hashedPasswordFile = "/vault/mail/accounts/admin";
        aliases = [ "postmaster@coace.duckdns.org" ];
      };
    };
    localDnsResolver = false;
    certificateScheme = 3;
    mailDirectory = "/vault/mail/content";
    dkimKeyDirectory = "/vault/mail/dkim";
  };
 }
--- a/modules/hardware-configuration.nix
+++ b/modules/hardware-configuration.nix
@@ -8,7 +8,7 @@
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
@@ -43,43 +43,23 @@
      fsType = "zfs";
    };
  fileSystems."/vault/frontend" =
    { device = "vault/frontend";
      fsType = "zfs";
    };
  fileSystems."/vault/VMs" =
    { device = "vault/VMs";
      fsType = "zfs";
    };
  fileSystems."/vault/code" =
    { device = "vault/code";
      fsType = "zfs";
    };
  fileSystems."/vault/backups" =
    { device = "vault/backups";
      fsType = "zfs";
    };
  fileSystems."/vault/config" =
    { device = "vault/config";
      fsType = "zfs";
    };
  fileSystems."/vault/nextcloud" =
    { device = "vault/nextcloud";
      fsType = "zfs";
    };
-  fileSystems."/vault/samba" =
+  fileSystems."/vault/code" =
-    { device = "vault/samba";
+    { device = "vault/code";
      fsType = "zfs";
    };
  fileSystems."/vault/VMs/legacy" =
    { device = "vault/VMs/legacy";
      fsType = "zfs";
    };
@@ -88,13 +68,8 @@
      fsType = "zfs";
    };
-  fileSystems."/vault/backups/documents" =
+  fileSystems."/vault/samba" =
-    { device = "vault/backups/documents";
+    { device = "vault/samba";
      fsType = "zfs";
    };
  fileSystems."/vault/backups/frontend" =
    { device = "vault/backups/frontend";
      fsType = "zfs";
    };
@@ -103,8 +78,28 @@
      fsType = "zfs";
    };
-  fileSystems."/vault/mail" =
+  fileSystems."/vault/backups/frontend" =
-    { device = "vault/mail";
+    { device = "vault/backups/frontend";
      fsType = "zfs";
    };
  fileSystems."/vault/backups/documents" =
    { device = "vault/backups/documents";
      fsType = "zfs";
    };
  fileSystems."/vault/config" =
    { device = "vault/config";
      fsType = "zfs";
    };
  fileSystems."/vault/VMs/legacy" =
    { device = "vault/VMs/legacy";
      fsType = "zfs";
    };
  fileSystems."/vault/frontend" =
    { device = "vault/frontend";
      fsType = "zfs";
    };
--- a/modules/networking.nix
+++ b/modules/networking.nix
@@ -103,6 +103,11 @@ in {
          publicKey = "5DU9ipxJcut2wKrUr3yQux9crzXMSW4ZeKWFLRpUc1I=";
          allowedIPs = [ "10.9.0.4/32" ];
        }
        # manuela
        {
          publicKey = "V+DaOya2hLuV6C9BeCkDyFqXpPAFq9jMAeg1dvQw/FI=";
          allowedIPs = [ "10.9.0.5/32" ];
        }
      ];
    };
  };
@@ -150,16 +155,6 @@ in {
      conf-file=/var/lib/dnsmasq/dnsmasq.blacklist.txt
      address=/coace.duckdns.org/10.0.1.3
      # Mail server records
      address=/mail.coace.duckdns.org/10.0.1.3
      host-record=mail.coace.duckdns.org,10.0.1.3
      mx-host=coace.duckdns.org,mail.coace.duckdns.org,10
      server=/47.61.216.88.in-addr.arpa/10.0.1.3
      ptr-record=47.61.216.88.in-addr.arpa,mail.coace.ducknds.org
      ptr-record=47.61.216.88.in-addr.arpa,coace.ducknds.org
      txt-record=coace.duckdns.org,"v=spf1 a:mail.coace.duckdns.org -all"
      txt-record=mail._domainkey.coace.duckdns.org,"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGGeUul/gHC0VMajW6ReX4LH1oo9s52ath/UsvwMdb5vuA0FSjlTellSeP944MkEUt+EY8d64NRrV06+RipeGKweZNNGRybdefvGW2LlmJX0I6MIA6SD3hRPA1CYoX0boHKMAyjrBAzqZmhAXRZNro2nO1H0hCaHriOSH1ru4CYQIDAQAB"
      txt-record=_dmarc.coace.duckdns.org,"v=DMARC1; p=none"
    '';
  };
--- a/modules/periodic.nix
+++ b/modules/periodic.nix
@@ -16,7 +16,7 @@ in {
      ls | xargs -P10 -I{} git -C {} pull --rebase
    '';
    serviceConfig.Type = "oneshot";
-    OnCalendar = "22:00:00";
+    startAt = "22:00:00";
  };
  # PostgreSQL daily backups
Author	SHA1	Message	Date
coolneng	634022d717	Add manuela to Wireguard peers	2021-07-31 21:49:57 +01:00
coolneng	b3b590dbf3	Replace deprecated OnCalendar option with startAt	2021-07-30 21:53:58 +01:00
coolneng	7083d475db	Update README	2021-07-30 21:41:43 +01:00
coolneng	2cf9053ca9	Revert "Deploy a mail server" This reverts commit `6d9a883361`.	2021-07-24 18:01:20 +02:00