Nebucatnetzer
/
nixos
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Move docker-mailserver into options

This commit is contained in:
Andreas Zweili 2023-06-05 11:39:36 +02:00
parent c38a82cc30
commit 2f614846b5
3 changed files with 72 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
modules/default.nix
View File

@ -19,6 +19,7 @@
./services/common-x86
./services/data-share
./services/docker
./docker-mailserver
./services/logs-share
./services/log-to-ram
./services/pipewire

129
modules/docker-mailserver/default.nix
View File

@ -1,5 +1,6 @@
{ config, inputs, pkgs, ... }:
{ config, inputs, lib, pkgs, ... }:
let
cfg = config.services.az-mailserver;
version = "12.1.0";
mailserver-setup = (pkgs.writeScriptBin "mailserver-setup"
"${builtins.readFile (pkgs.fetchurl {
@ -11,73 +12,79 @@ let
});
in
{
services.az-telegram-notifications.enable = true;
age.secrets.dkim2liCh = {
file = "${inputs.self}/scrts/dkim_2li.ch.age";
mode = "600";
owner = "113";
group = "115";
};
age.secrets.dkimZweiliCh = {
file = "${inputs.self}/scrts/dkim_zweili.ch.age";
mode = "600";
owner = "113";
group = "115";
options = {
services.az-mailserver.enable = lib.mkEnableOption "Enable docker-mailserver";
};
environment.etc = {
"dkim/2li.ch.private" = {
enable = true;
source = config.age.secrets.dkim2liCh.path;
config = lib.mkIf cfg.enable {
services.az-telegram-notifications.enable = true;
age.secrets.dkim2liCh = {
file = "${inputs.self}/scrts/dkim_2li.ch.age";
mode = "600";
owner = "113";
group = "115";
};
"dkim/zweili.ch.private" = {
enable = true;
source = config.age.secrets.dkimZweiliCh.path;
age.secrets.dkimZweiliCh = {
file = "${inputs.self}/scrts/dkim_zweili.ch.age";
mode = "600";
owner = "113";
group = "115";
};
};
environment.systemPackages = [
mailserver-setup
];
environment.etc = {
"dkim/2li.ch.private" = {
enable = true;
source = config.age.secrets.dkim2liCh.path;
};
"dkim/zweili.ch.private" = {
enable = true;
source = config.age.secrets.dkimZweiliCh.path;
};
};
services.az-docker.enable = true;
environment.systemPackages = [
mailserver-setup
];
virtualisation.oci-containers = {
backend = "docker";
containers."mailserver" = {
# https://hub.docker.com/r/mailserver/docker-mailserver/tags
image = "docker.io/mailserver/docker-mailserver:${version}";
autoStart = true;
environmentFiles = [
./mailserver.env
];
ports = [
"25:25"
"143:143"
"465:465"
"587:587"
"993:993"
"11334:11334"
];
volumes = [
"/etc/localtime:/etc/localtime:ro"
"/etc/dkim:/etc/dkim:ro"
"/etc/static:/etc/static:ro"
"/run/agenix:/run/agenix:ro"
"/var/lib/acme/mail.zweili.org:/etc/letsencrypt/live/mail.zweili.org:ro"
"/var/lib/redis:/var/lib/redis"
];
extraOptions = [
''--mount=type=volume,source=maildata,target=/var/mail,volume-driver=local,volume-opt=type=nfs,volume-opt=device=:/server_data/docker-mailserver/maildata,"volume-opt=o=addr=10.7.89.108,rw,nfsvers=4.0,nolock,hard,noatime"''
''--mount=type=volume,source=mailstate,target=/var/mail-state,volume-driver=local,volume-opt=type=nfs,volume-opt=device=:/server_data/docker-mailserver/mailstate,"volume-opt=o=addr=10.7.89.108,rw,nfsvers=4.0,nolock,hard,noatime"''
''--mount=type=volume,source=maillogs,target=/var/log/mail,volume-driver=local,volume-opt=type=nfs,volume-opt=device=:/server_data/docker-mailserver/maillogs,"volume-opt=o=addr=10.7.89.108,rw,nfsvers=4.0,nolock,hard,noatime"''
''--mount=type=volume,source=config,target=/tmp/docker-mailserver,volume-driver=local,volume-opt=type=nfs,volume-opt=device=:/server_data/docker-mailserver/config,"volume-opt=o=addr=10.7.89.108,rw,nfsvers=4.0,nolock,hard,noatime"''
"--add-host=host.docker.internal:host-gateway"
"--cap-add=NET_ADMIN"
"--cap-add=SYS_PTRACE"
"--log-opt=tag='mailserver'"
];
services.az-docker.enable = true;
virtualisation.oci-containers = {
backend = "docker";
containers."mailserver" = {
# https://hub.docker.com/r/mailserver/docker-mailserver/tags
image = "docker.io/mailserver/docker-mailserver:${version}";
autoStart = true;
environmentFiles = [
./mailserver.env
];
ports = [
"25:25"
"143:143"
"465:465"
"587:587"
"993:993"
"11334:11334"
];
volumes = [
"/etc/localtime:/etc/localtime:ro"
"/etc/dkim:/etc/dkim:ro"
"/etc/static:/etc/static:ro"
"/run/agenix:/run/agenix:ro"
"/var/lib/acme/mail.zweili.org:/etc/letsencrypt/live/mail.zweili.org:ro"
"/var/lib/redis:/var/lib/redis"
];
extraOptions = [
''--mount=type=volume,source=maildata,target=/var/mail,volume-driver=local,volume-opt=type=nfs,volume-opt=device=:/server_data/docker-mailserver/maildata,"volume-opt=o=addr=10.7.89.108,rw,nfsvers=4.0,nolock,hard,noatime"''
''--mount=type=volume,source=mailstate,target=/var/mail-state,volume-driver=local,volume-opt=type=nfs,volume-opt=device=:/server_data/docker-mailserver/mailstate,"volume-opt=o=addr=10.7.89.108,rw,nfsvers=4.0,nolock,hard,noatime"''
''--mount=type=volume,source=maillogs,target=/var/log/mail,volume-driver=local,volume-opt=type=nfs,volume-opt=device=:/server_data/docker-mailserver/maillogs,"volume-opt=o=addr=10.7.89.108,rw,nfsvers=4.0,nolock,hard,noatime"''
''--mount=type=volume,source=config,target=/tmp/docker-mailserver,volume-driver=local,volume-opt=type=nfs,volume-opt=device=:/server_data/docker-mailserver/config,"volume-opt=o=addr=10.7.89.108,rw,nfsvers=4.0,nolock,hard,noatime"''
"--add-host=host.docker.internal:host-gateway"
"--cap-add=NET_ADMIN"
"--cap-add=SYS_PTRACE"
"--log-opt=tag='mailserver'"
];
};
};
};
}

4
systems/mail/default.nix
View File

@ -12,7 +12,9 @@
(import "${inputs.self}/modules/nginx-proxy" {
domain = "mail.zweili.org";
})
"${inputs.self}/modules/docker-mailserver"
];
services = {
az-mailserver.enable = true;
};
}