From 1a64deeb894dc95e2645a75771732c6cc53a79ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Wed, 4 Oct 2023 01:35:06 +0200
Subject: Squash changes containing private information

There were a lot of changes since the previous commit, but a lot of them
contained personnal information about users. All thos changes got
stashed into a single commit (history is kept in a different place) and
private information was moved in a separate private repository
---
 modules/private/websites/tools/mail/default.nix    |  79 --------------
 modules/private/websites/tools/mail/mta-sts.nix    |  54 ----------
 modules/private/websites/tools/mail/rainloop.nix   |  54 ----------
 .../private/websites/tools/mail/roundcubemail.nix  | 118 ---------------------
 modules/private/websites/tools/mail/www/index.html |  74 -------------
 5 files changed, 379 deletions(-)
 delete mode 100644 modules/private/websites/tools/mail/default.nix
 delete mode 100644 modules/private/websites/tools/mail/mta-sts.nix
 delete mode 100644 modules/private/websites/tools/mail/rainloop.nix
 delete mode 100644 modules/private/websites/tools/mail/roundcubemail.nix
 delete mode 100644 modules/private/websites/tools/mail/www/index.html

(limited to 'modules/private/websites/tools/mail')

diff --git a/modules/private/websites/tools/mail/default.nix b/modules/private/websites/tools/mail/default.nix
deleted file mode 100644
index 390f7ad..0000000
--- a/modules/private/websites/tools/mail/default.nix
+++ /dev/null
@@ -1,79 +0,0 @@
-{ lib, pkgs, config,  ... }:
-let
-  roundcubemail = pkgs.callPackage ./roundcubemail.nix {
-    inherit (pkgs.webapps) roundcubemail;
-    env = config.myEnv.tools.roundcubemail;
-    inherit config;
-  };
-  rainloop = pkgs.callPackage ./rainloop.nix {
-    rainloop = pkgs.rainloop-community;
-  };
-  cfg = config.myServices.websites.tools.email;
-  pcfg = config.services.phpfpm.pools;
-in
-{
-  options.myServices.websites.tools.email = {
-    enable = lib.mkEnableOption "enable email website";
-  };
-
-  imports = [
-    ./mta-sts.nix
-  ];
-
-  config = lib.mkIf cfg.enable {
-    secrets.keys = roundcubemail.keys;
-
-    services.websites.env.tools.modules =
-      [ "proxy_fcgi" ]
-      ++ rainloop.apache.modules
-      ++ roundcubemail.apache.modules;
-
-    services.websites.env.tools.vhostConfs.mail = {
-      certName   = "mail";
-      addToCerts = true;
-      hosts      = ["mail.immae.eu"];
-      root       = ./www;
-      extraConfig = [
-        (rainloop.apache.vhostConf pcfg.rainloop.socket)
-        (roundcubemail.apache.vhostConf pcfg.roundcubemail.socket)
-        ''
-          <Directory ${./www}>
-            Require all granted
-            Options -Indexes
-          </Directory>
-        ''
-      ];
-    };
-    systemd.services = {
-      phpfpm-rainloop = {
-        after = lib.mkAfter rainloop.phpFpm.serviceDeps;
-        wants = rainloop.phpFpm.serviceDeps;
-      };
-      phpfpm-roundcubemail = {
-        after = lib.mkAfter roundcubemail.phpFpm.serviceDeps;
-        wants = roundcubemail.phpFpm.serviceDeps;
-      };
-    };
-
-    services.phpfpm.pools.roundcubemail = {
-      user = "wwwrun";
-      group = "wwwrun";
-      settings = roundcubemail.phpFpm.pool;
-      phpOptions = config.services.phpfpm.phpOptions + ''
-        date.timezone = 'CET'
-      '';
-      phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.imagick ]);
-    };
-    services.phpfpm.pools.rainloop = {
-      user = "wwwrun";
-      group = "wwwrun";
-      settings = rainloop.phpFpm.pool;
-      phpPackage = pkgs.php72;
-    };
-    system.activationScripts = {
-      roundcubemail = roundcubemail.activationScript;
-      rainloop = rainloop.activationScript;
-    };
-  };
-
-}
diff --git a/modules/private/websites/tools/mail/mta-sts.nix b/modules/private/websites/tools/mail/mta-sts.nix
deleted file mode 100644
index 77ba2d4..0000000
--- a/modules/private/websites/tools/mail/mta-sts.nix
+++ /dev/null
@@ -1,54 +0,0 @@
-{ lib, pkgs, config,  ... }:
-let
-  domains = (lib.remove null (lib.flatten (map
-    (zone: map
-      (e: if e.receive
-      then {
-        domain = "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}";
-        mail = zone.name;
-      }
-      else null
-      )
-      (zone.withEmail or [])
-    )
-    config.myEnv.dns.masterZones
-  )));
-  mxes = lib.mapAttrsToList
-    (n: v: v.mx.subdomain)
-    (lib.attrsets.filterAttrs (n: v: v.mx.enable) config.myEnv.servers);
-  # FIXME: increase the id number in modules/private/dns.nix when this
-  # file change (date -u +'%Y%m%d%H%M%S'Z)
-  file = domain: pkgs.writeText "mta-sts-${domain.domain}.txt" (
-    builtins.concatStringsSep "\r\n" ([ "version: STSv1" "mode: testing" ]
-    ++ (map (v: "mx: ${v}.${domain.mail}") mxes)
-    ++ [ "max_age: 604800" ]
-    ));
-  root = pkgs.runCommand "mta-sts_root" {} ''
-    mkdir -p $out
-    ${builtins.concatStringsSep "\n" (map (d:
-      "cp ${file d} $out/${d.domain}.txt"
-    ) domains)}
-    '';
-  cfg = config.myServices.websites.tools.email;
-in
-{
-  config = lib.mkIf cfg.enable {
-    services.websites.env.tools.vhostConfs.mta_sts = {
-      certName   = "mail";
-      addToCerts = true;
-      hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.domain}") domains;
-      root = root;
-      extraConfig = [
-        ''
-          RewriteEngine on
-          RewriteCond %{HTTP_HOST} ^mta-sts.(.*)$
-          RewriteRule ^/.well-known/mta-sts.txt$ %{DOCUMENT_ROOT}/%1.txt [L]
-          <Directory ${root}>
-            Require all granted
-            Options -Indexes
-          </Directory>
-        ''
-      ];
-    };
-  };
-}
diff --git a/modules/private/websites/tools/mail/rainloop.nix b/modules/private/websites/tools/mail/rainloop.nix
deleted file mode 100644
index 20e43a1..0000000
--- a/modules/private/websites/tools/mail/rainloop.nix
+++ /dev/null
@@ -1,54 +0,0 @@
-{ lib, rainloop, writeText, stdenv, fetchurl }:
-rec {
-  varDir = "/var/lib/rainloop";
-  activationScript = {
-    deps = [ "wrappers" ];
-    text = ''
-      install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
-      install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
-      install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/data
-    '';
-  };
-  webRoot = rainloop.override { dataPath = "${varDir}/data"; };
-  apache = rec {
-    user = "wwwrun";
-    group = "wwwrun";
-    modules = [ "proxy_fcgi" ];
-    root = webRoot;
-    vhostConf = socket: ''
-    Alias /rainloop "${root}"
-    <Directory "${root}">
-      DirectoryIndex index.php
-      AllowOverride All
-      Options -FollowSymlinks
-      Require all granted
-
-      <FilesMatch "\.php$">
-        SetHandler "proxy:unix:${socket}|fcgi://localhost"
-      </FilesMatch>
-    </Directory>
-
-    <DirectoryMatch "${root}/data">
-      Require all denied
-    </DirectoryMatch>
-    '';
-  };
-  phpFpm = rec {
-    serviceDeps = [ "postgresql.service" ];
-    basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
-    pool = {
-      "listen.owner" = apache.user;
-      "listen.group" = apache.group;
-      "pm" = "ondemand";
-      "pm.max_children" = "60";
-      "pm.process_idle_timeout" = "60";
-
-      # Needed to avoid clashes in browser cookies (same domain)
-      "php_value[session.name]" = "RainloopPHPSESSID";
-      "php_admin_value[upload_max_filesize]" = "200M";
-      "php_admin_value[post_max_size]" = "200M";
-      "php_admin_value[open_basedir]" = "${basedir}:/tmp";
-      "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
-    };
-  };
-}
diff --git a/modules/private/websites/tools/mail/roundcubemail.nix b/modules/private/websites/tools/mail/roundcubemail.nix
deleted file mode 100644
index 2661b55..0000000
--- a/modules/private/websites/tools/mail/roundcubemail.nix
+++ /dev/null
@@ -1,118 +0,0 @@
-{ env, roundcubemail, apacheHttpd, config }:
-rec {
-  varDir = "/var/lib/roundcubemail";
-  activationScript = {
-    deps = [ "wrappers" ];
-    text = ''
-      install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
-        ${varDir}/cache ${varDir}/logs
-      install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
-    '';
-  };
-  keys."webapps/tools-roundcube" = {
-    user = apache.user;
-    group = apache.group;
-    permissions = "0400";
-    text =
-      let
-        psql_url = with env.postgresql; "pgsql://${user}:${password}@unix(${socket}:${port})/${database}";
-      in ''
-      <?php
-        $config['db_dsnw'] = '${psql_url}';
-        $config['default_host'] = 'ssl://imap.immae.eu';
-        $config['username_domain'] = array(
-          "imap.immae.eu" => "mail.immae.eu"
-        );
-        $config['imap_conn_options'] = array("ssl" => array("verify_peer" => false));
-        $config['smtp_server'] = 'tls://smtp.immae.eu';
-        $config['smtp_port'] = '587';
-        $config['managesieve_host'] = 'imap.immae.eu';
-        $config['managesieve_port'] = '4190';
-        $config['managesieve_usetls'] = true;
-        $config['managesieve_conn_options'] = array("ssl" => array("verify_peer" => false));
-
-        $config['imap_cache'] = 'db';
-        $config['messages_cache'] = 'db';
-
-        $config['support_url'] = ''';
-
-        $config['des_key'] = '${env.secret}';
-
-        $config['skin'] = 'elastic';
-        $config['plugins'] = array(
-          'attachment_reminder',
-          'emoticons',
-          'filesystem_attachments',
-          'hide_blockquote',
-          'identicon',
-          'identity_select',
-          'jqueryui',
-          'markasjunk',
-          'managesieve',
-          'newmail_notifier',
-          'vcard_attachments',
-          'zipdownload',
-
-          'automatic_addressbook',
-          'message_highlight',
-          'carddav',
-          // Ne marche pas ?: 'ident_switch',
-          // Ne marche pas ?: 'thunderbird_labels',
-        );
-
-        $config['language'] = 'fr_FR';
-
-        $config['drafts_mbox'] = 'Drafts';
-        $config['junk_mbox'] = 'Junk';
-        $config['sent_mbox'] = 'Sent';
-        $config['trash_mbox'] = 'Trash';
-        $config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Junk', 'Trash');
-        $config['draft_autosave'] = 60;
-        $config['enable_installer'] = false;
-        $config['log_driver'] = 'file';
-        $config['temp_dir'] = '${varDir}/cache';
-        $config['mime_types'] = '${apacheHttpd}/conf/mime.types';
-    '';
-  };
-  webRoot = (roundcubemail.override { roundcube_config = config.secrets.fullPaths."webapps/tools-roundcube"; }).withPlugins (p: [ p.automatic_addressbook p.carddav p.contextmenu p.contextmenu_folder p.html5_notifier p.ident_switch p.message_highlight p.thunderbird_labels ]);
-  apache = rec {
-    user = "wwwrun";
-    group = "wwwrun";
-    modules = [ "proxy_fcgi" ];
-    root = webRoot;
-    vhostConf = socket: ''
-    Alias /roundcube "${root}"
-    <Directory "${root}">
-        DirectoryIndex index.php
-        AllowOverride All
-        Options FollowSymlinks
-        Require all granted
-
-        <FilesMatch "\.php$">
-          SetHandler "proxy:unix:${socket}|fcgi://localhost"
-        </FilesMatch>
-      </Directory>
-      '';
-  };
-  phpFpm = rec {
-    serviceDeps = [ "postgresql.service" ];
-    basedir = builtins.concatStringsSep ":" (
-      [ webRoot config.secrets.fullPaths."webapps/tools-roundcube" varDir ]
-      ++ webRoot.plugins
-      ++ webRoot.skins);
-    pool = {
-      "listen.owner" = apache.user;
-      "listen.group" = apache.group;
-      "pm" = "ondemand";
-      "pm.max_children" = "60";
-      "pm.process_idle_timeout" = "60";
-
-      # Needed to avoid clashes in browser cookies (same domain)
-      "php_value[session.name]" = "RoundcubemailPHPSESSID";
-      "php_admin_value[upload_max_filesize]" = "200M";
-      "php_admin_value[post_max_size]" = "200M";
-      "php_admin_value[open_basedir]" = "${basedir}:${apacheHttpd}/conf/mime.types:/tmp";
-      "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
-    };
-  };
-}
diff --git a/modules/private/websites/tools/mail/www/index.html b/modules/private/websites/tools/mail/www/index.html
deleted file mode 100644
index 88b0ebd..0000000
--- a/modules/private/websites/tools/mail/www/index.html
+++ /dev/null
@@ -1,74 +0,0 @@
-<!doctype html>
-<html lang="fr">
-  <head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>E-mail configuration</title>
-    <style type="text/css">
-      body {
-        padding-top: 1em;
-        padding-left: 5px;
-        padding-right: 5px;
-        text-align: left;
-        margin: auto;
-        font: 20px Helvetica, sans-serif;
-        color: #333;
-        height: 100%;
-        min-height: 100%;
-      }
-      article {
-        text-align: justify;
-        display: block;
-        max-width: 850px;
-        margin: 0 auto;
-        padding-top: 30px;
-      }
-      span.code {
-        font-family: monospace;
-      }
-    </style>
-  </head>
-  <body>
-    <p>
-      Email configuration. For automatic configuration in your smart e-mail
-      client, use <span class="code">login@mail.immae.eu</span>. If it
-      doesn’t work, the details are there:
-      <ul>
-        <li>IMAP: <span class="code">imap.immae.eu</span>
-          <ul>
-            <li>No unencrypted access</li>
-            <li>STARTTLS: 143</li>
-            <li>SSL: 993</li>
-          </ul>
-        </li>
-        <li>POP3: <span class="code">pop3.immae.eu</span>
-          <ul>
-            <li>No unencrypted access</li>
-            <li>STARTTLS: 110</li>
-            <li>SSL: 995</li>
-          </ul>
-        </li>
-        <li>SMTP: <span class="code">smtp.immae.eu</span>
-          <ul>
-            <li>No unencrypted access</li>
-            <li>STARTTLS: 587</li>
-            <li>SSL: 465</li>
-          </ul>
-        </li>
-        <li>Sieve: <span class="code">imap.immae.eu</span>
-          <ul>
-            <li>No unencrypted access</li>
-            <li>STARTTLS: 4190</li>
-          </ul>
-        </li>
-      </ul>
-    </p>
-    <p>Webmails:
-      <ul>
-        <li><a href="/roundcube">Roundcube</a></li>
-        <li><a href="/rainloop">Rainloop</a> (experimental)</li>
-      </ul>
-    </p>
-  </body>
-</html>
-
-- 
cgit v1.2.3