diff options
Diffstat (limited to 'systems/eldiron/websites/mail/default.nix')
-rw-r--r-- | systems/eldiron/websites/mail/default.nix | 141 |
1 files changed, 141 insertions, 0 deletions
diff --git a/systems/eldiron/websites/mail/default.nix b/systems/eldiron/websites/mail/default.nix new file mode 100644 index 0000000..0a0342b --- /dev/null +++ b/systems/eldiron/websites/mail/default.nix | |||
@@ -0,0 +1,141 @@ | |||
1 | { lib, pkgs, config, ... }: | ||
2 | let | ||
3 | roundcubemail = pkgs.callPackage ./roundcubemail.nix { | ||
4 | roundcubemail = pkgs.webapps-roundcubemail; | ||
5 | env = config.myEnv.tools.roundcubemail; | ||
6 | inherit config; | ||
7 | }; | ||
8 | rainloop = pkgs.callPackage ./rainloop.nix { | ||
9 | rainloop = pkgs.rainloop-community; | ||
10 | }; | ||
11 | cfg = config.myServices.websites.tools.email; | ||
12 | pcfg = config.services.phpfpm.pools; | ||
13 | in | ||
14 | { | ||
15 | options.myServices.websites.tools.email = { | ||
16 | enable = lib.mkEnableOption "enable email website"; | ||
17 | }; | ||
18 | |||
19 | imports = [ | ||
20 | ./mta-sts.nix | ||
21 | ]; | ||
22 | |||
23 | config = lib.mkIf cfg.enable { | ||
24 | #myServices.chatonsProperties.services.mail-rainloop = { | ||
25 | # file.datetime = "2022-08-22T00:30:00"; | ||
26 | # service = { | ||
27 | # name = "Rainloop"; | ||
28 | # description = "Simple, modern & fast web-based email client"; | ||
29 | # website = "https://mail.immae.eu/rainloop"; | ||
30 | # logo = "https://www.rainloop.net/static/img/logo-16x16.png"; | ||
31 | # status.level = "ERROR"; | ||
32 | # status.description = "Stopped due to CVE-2022-29360"; | ||
33 | # registration."" = ["MEMBER" "CLIENT"]; | ||
34 | # registration.load = "OPEN"; | ||
35 | # install.type = "PACKAGE"; | ||
36 | # }; | ||
37 | # software = { | ||
38 | # name = "Rainloop"; | ||
39 | # website = "https://www.rainloop.net/"; | ||
40 | # license.url = "https://www.rainloop.net/licensing/"; | ||
41 | # license.name = "GNU Affero General Public License v3.0"; | ||
42 | # version = rainloop.webRoot.version; | ||
43 | # source.url = "https://github.com/RainLoop/rainloop-webmail"; | ||
44 | # }; | ||
45 | #}; | ||
46 | #myServices.chatonsProperties.services.mail-roundcube = { | ||
47 | # file.datetime = "2022-08-22T00:30:00"; | ||
48 | # service = { | ||
49 | # name = "Roundcube"; | ||
50 | # description = "The Roundcube Webmail suite"; | ||
51 | # website = "https://mail.immae.eu/roundcube"; | ||
52 | # logo = "https://mail.immae.eu/roundcube/skins/elastic/images/favicon.ico"; | ||
53 | # status.level = "OK"; | ||
54 | # status.description = "OK"; | ||
55 | # registration."" = ["MEMBER" "CLIENT"]; | ||
56 | # registration.load = "OPEN"; | ||
57 | # install.type = "PACKAGE"; | ||
58 | # }; | ||
59 | # software = { | ||
60 | # name = "Roundcube"; | ||
61 | # website = "https://roundcube.net/"; | ||
62 | # license.url = "https://github.com/roundcube/roundcubemail/blob/master/LICENSE"; | ||
63 | # license.name = "GNU General Public License v3.0"; | ||
64 | # version = roundcubemail.webRoot.version; | ||
65 | # source.url = "https://github.com/roundcube/roundcubemail"; | ||
66 | # modules = map (a: a.pluginName) roundcubemail.webRoot.plugins ++ map (a: a.skinName) roundcubemail.webRoot.skins; | ||
67 | # }; | ||
68 | #}; | ||
69 | |||
70 | myServices.dns.zones."immae.eu".subdomains.mail = | ||
71 | with config.myServices.dns.helpers; ips servers.eldiron.ips.main; | ||
72 | |||
73 | secrets.keys = roundcubemail.keys; | ||
74 | |||
75 | services.websites.env.tools.modules = | ||
76 | [ "proxy_fcgi" ] | ||
77 | ++ rainloop.apache.modules | ||
78 | ++ roundcubemail.apache.modules; | ||
79 | |||
80 | security.acme.certs.mail.extraDomainNames = [ "mail.immae.eu" ]; | ||
81 | services.websites.env.tools.vhostConfs.mail = { | ||
82 | certName = "mail"; | ||
83 | hosts = ["mail.immae.eu"]; | ||
84 | root = ./www; | ||
85 | extraConfig = [ | ||
86 | (rainloop.apache.vhostConf pcfg.rainloop.socket) | ||
87 | (roundcubemail.apache.vhostConf pcfg.roundcubemail.socket) | ||
88 | '' | ||
89 | <Directory ${./www}> | ||
90 | Require all granted | ||
91 | Options -Indexes | ||
92 | </Directory> | ||
93 | '' | ||
94 | ]; | ||
95 | }; | ||
96 | systemd.services = { | ||
97 | phpfpm-rainloop = { | ||
98 | after = lib.mkAfter rainloop.phpFpm.serviceDeps; | ||
99 | wants = rainloop.phpFpm.serviceDeps; | ||
100 | }; | ||
101 | phpfpm-roundcubemail = { | ||
102 | after = lib.mkAfter roundcubemail.phpFpm.serviceDeps; | ||
103 | wants = roundcubemail.phpFpm.serviceDeps; | ||
104 | }; | ||
105 | }; | ||
106 | |||
107 | services.phpfpm.pools.roundcubemail = { | ||
108 | user = "wwwrun"; | ||
109 | group = "wwwrun"; | ||
110 | settings = roundcubemail.phpFpm.pool; | ||
111 | phpOptions = config.services.phpfpm.phpOptions + '' | ||
112 | date.timezone = 'CET' | ||
113 | ''; | ||
114 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.imagick all.redis ]); | ||
115 | }; | ||
116 | services.phpfpm.pools.rainloop = { | ||
117 | user = "wwwrun"; | ||
118 | group = "wwwrun"; | ||
119 | settings = rainloop.phpFpm.pool; | ||
120 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]); | ||
121 | }; | ||
122 | system.activationScripts = { | ||
123 | roundcubemail = roundcubemail.activationScript; | ||
124 | rainloop = rainloop.activationScript; | ||
125 | }; | ||
126 | myServices.monitoring.fromMasterActivatedPlugins = [ "http" ]; | ||
127 | myServices.monitoring.fromMasterObjects.service = [ | ||
128 | { | ||
129 | service_description = "roundcube website is running on mail.immae.eu"; | ||
130 | host_name = config.hostEnv.fqdn; | ||
131 | use = "external-web-service"; | ||
132 | check_command = ["check_https" "mail.immae.eu" "/roundcube/" "<title>Roundcube"]; | ||
133 | |||
134 | servicegroups = "webstatus-webapps,webstatus-email"; | ||
135 | _webstatus_name = "Roundcube"; | ||
136 | _webstatus_url = "https://mail.immae.eu/roundcube/"; | ||
137 | } | ||
138 | ]; | ||
139 | }; | ||
140 | |||
141 | } | ||