Skip to content

Commit

Permalink
chore: porting mail and git to new server
Browse files Browse the repository at this point in the history
  • Loading branch information
@orzklv
orzklv committed Dec 1, 2024
1 parent 8dd2b3d commit 60cd98b
Show file tree
Hide file tree
Showing 6 changed files with 256 additions and 13 deletions.
11 changes: 7 additions & 4 deletions data/zones/gulag.uz.zone
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,10 @@ $TTL 86400
@ IN NS ns2.kolyma.uz.

; Entry points
@ IN A 65.109.61.35
@ IN AAAA 2a01:4f9:5a:5110::
www IN A 65.109.61.35
www IN AAAA 2a01:4f9:5a:5110::
@ IN A 167.235.96.40
@ IN AAAA 2a01:4f8:2190:2914::
www IN A 167.235.96.40
www IN AAAA 2a01:4f8:2190:2914::

old IN A 65.109.61.35
old IN AAAA 2a01:4f9:5a:5110::
8 changes: 2 additions & 6 deletions data/zones/kolyma.uz.zone
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,8 @@ ns5 IN AAAA 2a01:4f8:2190:2914::
; Mail server (Stalwart)
@ IN MX 10 mail.kolyma.uz.
@ IN TXT "v=spf1 mx ra=postmaster -all"
mail IN A 5.9.66.12
mail IN AAAA 2a01:4f8:161:714c::
mail IN A 167.235.96.40
mail IN AAAA 2a01:4f8:2190:2914::
mail IN TXT "v=spf1 a ra=postmaster -all"
autoconfig IN CNAME mail.kolyma.uz.
autodiscover IN CNAME mail.kolyma.uz.
Expand Down Expand Up @@ -64,10 +64,6 @@ www IN AAAA 2a01:4f9:3070:322c::
www IN A 65.109.74.214
www IN AAAA 2a01:4f9:3071:31ce::

; Git (GitLab)
git IN A 65.109.61.35
git IN AAAA 2a01:4f9:5a:5110::

; CDN Hosting (Caddy)
cdn IN A 5.9.66.12
cdn IN AAAA 2a01:4f8:161:714c::
Expand Down
2 changes: 1 addition & 1 deletion nixos/kolyma-2/services/gitlab.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ in

services.gitlab = {
enable = true;
host = "gulag.uz";
host = "old.gulag.uz";
databasePasswordFile = config.sops.secrets."git/database".path;
initialRootPasswordFile = config.sops.secrets."git/root".path;
secrets = {
Expand Down
71 changes: 71 additions & 0 deletions nixos/kolyma-5/services/gitlab.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
{ config, pkgs, ... }:
let
secret-management = {
owner = config.services.gitlab.user;
};
in
{
sops.secrets = {
"git/db" = secret-management;
"git/otp" = secret-management;
"git/root" = secret-management;
"git/secret" = secret-management;
"git/database" = secret-management;
"mail/users/git" = secret-management;
};

services.gitlab = {
enable = true;
host = "gulag.uz";
databasePasswordFile = config.sops.secrets."git/database".path;
initialRootPasswordFile = config.sops.secrets."git/root".path;
secrets = {
dbFile = config.sops.secrets."git/db".path;
otpFile = config.sops.secrets."git/otp".path;
secretFile = config.sops.secrets."git/secret".path;
jwsFile = pkgs.runCommand "oidcKeyBase" { } "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
};

# Sending mail via Kolyma's SMTP
smtp = {
# Enabling smtp mailing
enable = true;

# Connection configuration
tls = true;
port = 465;
authentication = "plain";
domain = "mail.kolyma.uz";
opensslVerifyMode = "none";
address = "mail.kolyma.uz";
enableStartTLSAuto = false;

# Credentials for SMTP
username = "git";
passwordFile = config.sops.secrets."mail/users/git".path;
};

# Settings to be appended at gitlab.yml
extraConfig = {
gitlab = {
email_from = "staff@kolyma.uz";
email_display_name = "Kolyma Git Administration";
email_reply_to = "noreply@kolyma.uz";
};
gitlab_shell = {
ssh_port = 2222;
};
};
};

# Enable web server & proxy
services.www.hosts = {
"gulag.uz" = {
extraConfig = ''
reverse_proxy unix//run/gitlab/gitlab-workhorse.socket
'';
};
};

systemd.services.gitlab-backup.environment.BACKUP = "dump";
}
153 changes: 153 additions & 0 deletions nixos/kolyma-5/services/mail.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,153 @@
{
inputs,
config,
pkgs,
...
}:
let
secret-management = {
owner = config.users.users.stalwart-mail.name;
};
in
{
sops.secrets = {
"mail/acme" = secret-management;
"mail/admin" = secret-management;
"mail/public-cert" = secret-management;
"mail/private-cert" = secret-management;
"mail/users/git" = secret-management;
"mail/users/sakhib" = secret-management;
"mail/users/misskey" = secret-management;
};

services.stalwart-mail = {
enable = true;
package = pkgs.stalwart-mail;
openFirewall = true;

settings = {
server = {
hostname = "mail.kolyma.uz";

tls = {
enable = true;
implicit = true;
};

listener = {
smtp = {
protocol = "smtp";
bind = "[::]:25";
};
submission = {
bind = "[::]:587";
protocol = "smtp";
};
submissions = {
bind = "[::]:465";
protocol = "smtp";
tls.implicit = true;
};
imap = {
bind = "[::]:143";
protocol = "imap";
};
imaptls = {
bind = "[::]:993";
protocol = "imap";
tls.implicit = true;
};
pop3 = {
bind = "[::]:110";
protocol = "pop3";
};
pop3s = {
bind = "[::]:995";
protocol = "pop3";
tls.implicit = true;
};
sieve = {
bind = "[::]:4190";
protocol = "managesieve";
};
jmap = {
bind = "[::]:8080";
url = "https://mail.kolyma.uz";
protocol = "http";
};
management = {
bind = [ "127.0.0.1:8080" ];
protocol = "http";
};
};
};

lookup.default = {
hostname = "mail.kolyma.uz";
domain = "kolyma.uz";
};

acme."letsencrypt" = {
directory = "https://acme-v02.api.letsencrypt.org/directory";
challenge = "dns-01";
contact = "admin@kolyma.uz";
domains = [
"kolyma.uz"
"mail.kolyma.uz"
];
provider = "cloudflare";
secret = "%{file:${config.sops.secrets."mail/acme".path}}%";
};

certificate."default" = {
cert = "%{file:${config.sops.secrets."mail/public-cert".path}}%";
private-key = "%{file:${config.sops.secrets."mail/private-cert".path}}%";
default = true;
};

session.auth = {
mechanisms = "[plain]";
directory = "'in-memory'";
};

storage.directory = "in-memory";
session.rcpt.directory = "'in-memory'";
queue.outbound.next-hop = "'local'";
directory."imap".lookup.domains = [ "kolyma.uz" ];
directory."in-memory" = {
type = "memory";
principals = [
{
class = "individual";
name = "orzklv";
description = "Sokhibjon Orzikulov";
secret = "%{file:${config.sops.secrets."mail/users/sakhib".path}}%";
email = [
"orzklv@kolyma.uz"
"admin@kolyma.uz"
"postmaster@kolyma.uz"
];
}
];
};

authentication.fallback-admin = {
user = "admin";
secret = "%{file:${config.sops.secrets."mail/admin".path}}%";
};
};
};

services.www.hosts = {
"mail.kolyma.uz" = {
extraConfig = ''
reverse_proxy http://127.0.0.1:8080
'';
serverAliases = [
"mta-sts.kolyma.uz"
"autoconfig.kolyma.uz"
"autodiscover.kolyma.uz"
];
};
};
}
24 changes: 22 additions & 2 deletions nixos/kolyma-5/services/minecraft.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,13 @@
{ inputs, pkgs, ... }:
{
inputs,
lib,
pkgs,
...
}:
let
version = "1.21.3";
server = lib.replaceStrings [ "." ] [ "_" ] "paper-${version}";
in
{
imports = [ inputs.minecraft.nixosModules.minecraft-servers ];

Expand All @@ -10,7 +19,7 @@
slave = {
enable = true;
openFirewall = true;
package = pkgs.paperServers.paper-1_21_3;
package = pkgs.paperServers.${server};
jvmOpts = "-Xms12288M -Xmx12288M -XX:+UseG1GC -XX:ParallelGCThreads=4 -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10";

serverProperties = {
Expand All @@ -29,6 +38,17 @@
BronnzyLegit = "ee0babea-2c7e-4184-9546-4aa0f62db2ef";
VODIYLIK = "ff179f82-7960-4f63-8137-8251fbd13e59";
};

symlinks = with pkgs; {
"plugins" = linkFarmFromDrvs "plugins" (
builtins.attrValues {
BlueMap = fetchurl {
url = "https://cdn.modrinth.com/data/swbUV1cr/versions/Ap3wfaNh/bluemap-5.5-spigot.jar";
sha512 = "f21b72760545389403d3f13b0b85b95ec20ca63b01f4b369c797a816b6d14d945b13babc0ce8098a3f3243c0a28efcd907149ed7201462f9a115894fba4e3804";
};
}
);
};
};
};
};
Expand Down

0 comments on commit 60cd98b

Please sign in to comment.