commit 1e82e90505ee466dcf43537001f990b0ed5975fd Author: Mikhail Klementev Date: Sat Feb 2 19:07:01 2019 +0000 Initial diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..afef27b --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +secrets.nix +hardware-configuration.nix \ No newline at end of file diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..e45c9b4 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2019 Mikhail Klementev + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..6fb867b --- /dev/null +++ b/README.md @@ -0,0 +1,24 @@ +# mail.dumpstack.io + +Note: +1. Comment out fetchTarball and mailserver for initial installation, + I don't know why but there's issues with fetchTarball when it runs + from live nixos installer. + +2. Some cloud providers disallow outbound SMTP by default. Check it if + there'll be issues with outgoing emails. + +## Installation + + parted /dev/vda mklabel msdos + parted /dev/vda mkpart primary ext4 0% 100% + mkfs.ext4 -L system /dev/vda1 + mount /dev/vda1 /mnt/ + + nix-env -iA nixos.gitMinimal + git clone https://code.dumpstack.io/infra/mail.dumpstack.io.git /mnt/etc/nixos/ + + nixos-generate-config --root /mnt + + nixos-install + reboot diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..21aff5e --- /dev/null +++ b/configuration.nix @@ -0,0 +1,54 @@ +{ config, pkgs, ... }: +let + secrets = import ./secrets.nix; +in { + imports = [ + ./hardware-configuration.nix + # check https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/tags + # for new releases + (builtins.fetchTarball { + url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.0/nixos-mailserver-v2.2.0.tar.gz"; + sha256 = "0gqzgy50hgb5zmdjiffaqp277a68564vflfpjvk1gv6079zahksc"; + }) + ]; + + users.extraUsers.root = { + openssh.authorizedKeys.keys = [ secrets.pubkey ]; + }; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/vda"; + + networking.hostName = "mail.dumpstack.io"; + + networking.firewall.allowedTCPPorts = [ 443 ]; + + environment.systemPackages = with pkgs; [ + htop + ]; + + mailserver = { + enable = true; + fqdn = "mail.dumpstack.io"; + domains = [ "dumpstack.io" ]; + loginAccounts = { + "root@dumpstack.io" = { + hashedPassword = "${secrets.mailHashedPassword}"; + aliases = secrets.aliases; + catchAll = [ "dumpstack.io" ]; + }; + }; + + certificateScheme = 3; # Let's Encrypt + enableImapSsl = true; + + rebootAfterKernelUpgrade.enable = true; + }; + + time.timeZone = "UTC"; + services.openssh.enable = true; + + system.autoUpgrade.enable = true; + system.stateVersion = "18.09"; +} diff --git a/secrets.nix.example b/secrets.nix.example new file mode 100644 index 0000000..03133e7 --- /dev/null +++ b/secrets.nix.example @@ -0,0 +1,9 @@ +{ + pubkey = "changeme"; # ssh-add -L + mailHashedPassword = "changeme"; # mkpasswd -m sha512 + # keep it secret for avoid spam + aliases = [ + "info@domain.tld" + "postmaster@domain.tld" + ]; +}