Add mailserver host

flake.lock: Update
Flake lock file updates: • Updated input 'deploy-rs': 'github:serokell/deploy-rs/2bad21828ee2c5d1e42588d5f4c53f5b10300c6a' (2024-03-29) → 'github:serokell/deploy-rs/88b3059b020da69cbe16526b8d639bd5e0b51c8b' (2024-04-01) • Updated input 'disko': 'github:nix-community/disko/502241afa3de2a24865ddcbe4c122f4546e32092' (2024-03-28) → 'github:nix-community/disko/611c9ea53250f7bb22286b3d26872280a0e608f9' (2024-04-01) • Updated input 'secrets': 'git+ssh://git@git.vimium.com/jordan/nix-secrets.git?ref=refs/heads/master&rev=b64a65c725e4cb63811fca53b60073d4c47802e4' (2024-03-31) → 'git+ssh://git@git.vimium.com/jordan/nix-secrets.git?ref=refs/heads/master&rev=f350d35d7651c415fa4c0d6a7cff378ba5650f93' (2024-04-01)
2024-04-01 23:50:16 +01:00 · 2024-04-01 22:22:53 +01:00
8 changed files with 169 additions and 11 deletions
--- a/flake.lock
+++ b/flake.lock
@ -66,11 +66,11 @@
        "utils": "utils"
      },
      "locked": {
-        "lastModified": 1711733382,
-        "narHash": "sha256-XuKlYhc9Hk6jMIIwWTP6CTQVUWi0Sq3nJApnUJk6bu8=",
+        "lastModified": 1711973905,
+        "narHash": "sha256-UFKME/N1pbUtn+2Aqnk+agUt8CekbpuqwzljivfIme8=",
        "owner": "serokell",
        "repo": "deploy-rs",
-        "rev": "2bad21828ee2c5d1e42588d5f4c53f5b10300c6a",
+        "rev": "88b3059b020da69cbe16526b8d639bd5e0b51c8b",
        "type": "github"
      },
      "original": {
@ -86,11 +86,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1711588700,
-        "narHash": "sha256-vBB5HoQVnA6c/UrDOhLXKAahEwSRccw2YXYHxD7qoi4=",
+        "lastModified": 1711934712,
+        "narHash": "sha256-sBDe+QmX/QohlnKeSEzrftcXyZL5FY09OMjZ59Rpyy4=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "502241afa3de2a24865ddcbe4c122f4546e32092",
+        "rev": "611c9ea53250f7bb22286b3d26872280a0e608f9",
        "type": "github"
      },
      "original": {
@ -340,11 +340,11 @@
    "secrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1711910722,
-        "narHash": "sha256-QrXfLiCYVQXD18rkmrJPTJYhjoP+DsDhJlPRtWIEg/o=",
+        "lastModified": 1712006510,
+        "narHash": "sha256-JQ3ZcSwIB6d3gDcx/nZCUlSfZGwaI55WNmD9mK2uTPA=",
        "ref": "refs/heads/master",
-        "rev": "b64a65c725e4cb63811fca53b60073d4c47802e4",
-        "revCount": 15,
+        "rev": "f350d35d7651c415fa4c0d6a7cff378ba5650f93",
+        "revCount": 17,
        "type": "git",
        "url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
      },
--- a/flake.nix
+++ b/flake.nix
@ -83,6 +83,7 @@
        helios = mkNixosSystem { system = "x86_64-linux"; name = "helios"; };
        hypnos = mkNixosSystem { system = "x86_64-linux"; name = "hypnos"; };
        library = mkNixosSystem { system = "x86_64-linux"; name = "library"; };
+        mail = mkNixosSystem { system = "x86_64-linux"; name = "mail"; };
        odyssey = mkNixosSystem { system = "x86_64-linux"; name = "odyssey"; };
        pi = mkNixosSystem { system = "aarch64-linux"; name = "pi"; extraModules = [ nixos-hardware.nixosModules.raspberry-pi-4 ]; };
        vps1 = mkNixosSystem { system = "x86_64-linux"; name = "vps1"; };
@ -99,6 +100,14 @@
        autoRollback = true;
        sshUser = "root";
        nodes = {
+          mail = {
+            hostname = "mail.mesh.vimium.net";
+
+            profiles.system = {
+              user = "root";
+              path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.mail;
+            };
+          };
          vps1 = {
            hostname = "vps1.mesh.vimium.net";

--- a/hosts/mail/README.md
+++ b/hosts/mail/README.md
@ -0,0 +1,18 @@
+# Mail server
+
+## Overview
+Mail server hosted in OVH.
+
+## Specs
+* CPU - ??
+* Memory - ??
+
+### Disks
+Device | Partitions _(filesystem, usage)_
+--- | ---
+NVMe | `/dev/sda1` (ext4, NixOS Root)
+
+### Networks
+- DHCP on `10.0.1.0/24` subnet.
+- Tailscale on `100.64.0.0/10` subnet. FQDN: `mail.mesh.vimium.net`.
+
--- a/hosts/mail/default.nix
+++ b/hosts/mail/default.nix
@ -0,0 +1,53 @@
+{ config, lib, pkgs, inputs, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./disko-config.nix
+    ../server.nix
+  ];
+
+  networking = {
+    hostId = "08ac2f14";
+    domain = "mesh.vimium.net";
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        22    # SSH
+      ];
+    };
+  };
+
+  users = {
+    users = {
+      root = {
+        openssh.authorizedKeys.keys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
+        ];
+      };
+    };
+  };
+
+  services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
+
+  security.acme.defaults = {
+    email = "hostmaster@vimium.com";
+    group = "nginx";
+    webroot = "/var/lib/acme/acme-challenge";
+  };
+
+  modules = {
+    services = {
+      borgmatic = {
+        enable = true;
+        directories = [
+          "/var/lib"
+        ];
+        repoPath = "ssh://kg2mpt28@kg2mpt28.repo.borgbase.com/./repo";
+      };
+      mail.enable = true;
+    };
+  };
+
+  system.stateVersion = "22.11";
+}
--- a/hosts/mail/disko-config.nix
+++ b/hosts/mail/disko-config.nix
@ -0,0 +1,55 @@
+{ lib, ... }:
+{
+  disko.devices = {
+    disk.disk1 = {
+      device = lib.mkDefault "/dev/sda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "2M";
+            type = "EF02";
+          };
+          esp = {
+            name = "ESP";
+            size = "300M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              type = "lvm_pv";
+              vg = "pool";
+            };
+          };
+        };
+      };
+    };
+    lvm_vg = {
+      pool = {
+        type = "lvm_vg";
+        lvs = {
+          root = {
+            size = "100%FREE";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+              mountOptions = [
+                "defaults"
+              ];
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/hosts/mail/hardware-configuration.nix
+++ b/hosts/mail/hardware-configuration.nix
@ -0,0 +1,22 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+      kernelModules = [ "nvme" ];
+    };
+    loader.grub = {
+      efiSupport = true;
+      efiInstallAsRemovable = true;
+    };
+    tmp.cleanOnBoot = true;
+  };
+
+  zramSwap.enable = true;
+}
+
--- a/modules/default.nix
+++ b/modules/default.nix
@ -34,6 +34,7 @@
    ./services/coturn
    ./services/gitea
    ./services/headscale
+    ./services/mail
    ./services/matrix-synapse
    ./services/nginx
    ./services/photoprism
--- a/modules/services/mail/default.nix
+++ b/modules/services/mail/default.nix
@ -18,7 +18,7 @@ in {

      certificateDomains = [
        "imap.vimium.com"
-        "pop3.vimium.com"
+        "smtp.vimium.com"
      ];
      certificateScheme = "acme-nginx";