From e3a513794a76fc8d81153198b9fc11613f61d5dd Mon Sep 17 00:00:00 2001 From: uku Date: Wed, 8 Jan 2025 10:20:49 +0100 Subject: [PATCH] feat(vesuvio): add roundcube --- secrets/secrets.nix | 1 + secrets/vesuvio/roundcubeDbPass.age | 14 +++++++++++ systems/etna/postgresql.nix | 2 ++ systems/vesuvio/default.nix | 3 +++ systems/vesuvio/mail/default.nix | 1 + systems/vesuvio/mail/roundcube.nix | 38 +++++++++++++++++++++++++++++ 6 files changed, 59 insertions(+) create mode 100644 secrets/vesuvio/roundcubeDbPass.age create mode 100644 systems/vesuvio/mail/roundcube.nix diff --git a/secrets/secrets.nix b/secrets/secrets.nix index cdf623d..9971813 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -44,4 +44,5 @@ in "vesuvio/maddyEnv.age".publicKeys = main ++ [ vesuvio ]; "vesuvio/rspamdPassword.age".publicKeys = main ++ [ vesuvio ]; + "vesuvio/roundcubeDbPass.age".publicKeys = main ++ [ vesuvio ]; } diff --git a/secrets/vesuvio/roundcubeDbPass.age b/secrets/vesuvio/roundcubeDbPass.age new file mode 100644 index 0000000..3f8847e --- /dev/null +++ b/secrets/vesuvio/roundcubeDbPass.age @@ -0,0 +1,14 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWT25OSmIrTXhwUHdETkUx +OHRmMWZ1Mk16N1g5U0RRaENLWlcvOW9rd3drCm9xUDlCVDJIeFVhQ2hydHZORTV1 +QzgxK29XL2huWkxTWFE1R0JINjVyUGsKLT4gWDI1NTE5IHM4d29FbVlkeDAxd1hR +c01kTFA3VXM5eXB2NDV1bFlDOGF3M2tBM0lyMzAKZjVicDdqK0xSckpPa1NYZ0pJ +R2lIOWlhdWVMVXcwQnJaYjFCYVFRNkFoSQotPiBYMjU1MTkgbFRIWjBFUEtENnRv +OHRZS0kyR1R4MDBzMnV1SnVQWUp3Y1pFQmdhRjgyQQpZbjgrSFdyMytZblFEa0pQ +Z0s1OHpqZWJ2V1d6am1TSjZsTHNzSFQ1QlU0Ci0+IFgyNTUxOSAwVGpXendsWXRQ +OCtTUHR6U21oM0hnM2NrKzJVS0U0b25FMkNQREtYQ2dzClJuaXRwbGNiNXpGSDFv +TnpLcEhTa0k3Nk9sYnlpQk1TeEEyYVljNTB1Y2cKLS0tIHgvSmEwVzhEVk5wODhG +bllxRStVNmYvcGJQb2QwWDlTa0JjQW1kaFlGRWMKM12Lg3igLg34PJDFDUPFwC09 +nlJTd91zRU7OO7Kvso+PbYL6sxughQpcEW9ZFYcgty4Hlgs5nQsBUxLQmAQ2kLu9 +hWLNgwC5oGR2IpnBDglcZ5BE5VhuJush46IcCaWfiRK1TN4= +-----END AGE ENCRYPTED FILE----- diff --git a/systems/etna/postgresql.nix b/systems/etna/postgresql.nix index 7f1f1e2..10b5751 100644 --- a/systems/etna/postgresql.nix +++ b/systems/etna/postgresql.nix @@ -10,10 +10,12 @@ ensureDatabases = [ "maddy" + "roundcube" ]; authentication = '' host maddy maddy vesuvio.fossa-macaroni.ts.net scram-sha-256 + host roundcube roundcube vesuvio.fossa-macaroni.ts.net scram-sha-256 ''; }; diff --git a/systems/vesuvio/default.nix b/systems/vesuvio/default.nix index 6c49190..1c79d2c 100644 --- a/systems/vesuvio/default.nix +++ b/systems/vesuvio/default.nix @@ -19,6 +19,9 @@ ports = [ 4269 ]; openFirewall = true; }; + + # despite not having postgres here, we match with etna for safety + postgresql.package = pkgs.postgresql_16; }; networking.firewall.allowedTCPPorts = [ diff --git a/systems/vesuvio/mail/default.nix b/systems/vesuvio/mail/default.nix index 8344426..cd4d7b2 100644 --- a/systems/vesuvio/mail/default.nix +++ b/systems/vesuvio/mail/default.nix @@ -2,6 +2,7 @@ imports = [ ./maddy.nix ./mta-sts.nix + ./roundcube.nix ./rspamd.nix ]; } diff --git a/systems/vesuvio/mail/roundcube.nix b/systems/vesuvio/mail/roundcube.nix new file mode 100644 index 0000000..3397708 --- /dev/null +++ b/systems/vesuvio/mail/roundcube.nix @@ -0,0 +1,38 @@ +{ + pkgs, + config, + _utils, + ... +}: +let + dbPass = _utils.setupSingleSecret config "roundcubeDbPass" { + owner = "nginx"; + }; +in +{ + imports = [ dbPass.generate ]; + + services = { + roundcube = { + enable = true; + hostName = "mail.uku3lig.net"; + dicts = with pkgs.aspellDicts; [ + en + fr + ]; + + # nginx is automatically configured, ssl and acme are enabled + + database = { + host = "etna"; + dbname = "roundcube"; + username = "roundcube"; + passwordFile = dbPass.path; + }; + + extraConfig = '' + $config['imap_host'] = 'ssl://mx1.uku3lig.net:993'; + ''; + }; + }; +}