add roundcube webmail

2022-03-22 06:01:10 +03:00 · 2022-03-22 06:01:10 +03:00 · bdac8cdf7b
commit bdac8cdf7b
parent 380c9869a1
8 changed files with 78 additions and 11 deletions
--- a/machines/NixOS-CT/default.nix
+++ b/machines/NixOS-CT/default.nix
@ -3,10 +3,13 @@
    ./hardware-configuration.nix
    inputs.self.nixosRoles.container

+    virtualisation
+
    fail2ban
    gitea
    mailserver
    nginx
+    roundcube
    vaultwarden
  ];

--- a/profiles/overlay.nix
+++ b/profiles/overlay.nix
@ -9,11 +9,13 @@ let
    config = config.nixpkgs.config;
    localSystem = { inherit system; };
  });
+  roundcube-plugins = import ./packages/roundcube-plugins/default.nix;
 in
 with lib; {
  nixpkgs.overlays = [
    inputs.nixpkgs-wayland.overlay
    inputs.nix-alien.overlay
+    roundcube-plugins
    (self: super:
      rec {
        inherit inputs;
--- a/profiles/packages/roundcube-plugins/carddav.nix
+++ b/profiles/packages/roundcube-plugins/carddav.nix
@ -0,0 +1,14 @@
+{ runCommand, fetchzip }:
+let
+  pname = "carddav";
+  version = "4.3.0";
+  src = fetchzip {
+    url = "https://github.com/mstilkerich/rcmcarddav/releases/download/v${version}/carddav-v${version}.tar.gz";
+    sha256 = "sha256-pc3ZPc4DnQDk+qUr0n/lWstjt9oIz+CocluXEjrkYco=";
+  };
+in runCommand "roundcube-plugin-${pname}-${version}" {
+  inherit pname version src;
+} ''
+  mkdir -p $out/plugins/
+  cp -r ${src} $out/plugins/${pname}
+''
--- a/profiles/packages/roundcube-plugins/default.nix
+++ b/profiles/packages/roundcube-plugins/default.nix
@ -0,0 +1,4 @@
+(self: super: {
+  roundcubePlugins.carddav = self.callPackage ./carddav.nix { };
+  roundcubePlugins.persistent_login = self.callPackage ./persistent_login.nix { };
+})
--- a/profiles/packages/roundcube-plugins/persistent_login.nix
+++ b/profiles/packages/roundcube-plugins/persistent_login.nix
@ -0,0 +1,14 @@
+{ runCommand, fetchzip }:
+let
+  pname = "persistent_login";
+  version = "5.3.0";
+  src = fetchzip {
+    url = "https://github.com/mfreiholz/persistent_login/archive/refs/tags/version-${version}.tar.gz";
+    sha256 = "sha256-q1G3ZjyLmWYZ6lia93Ajbl72rHlrqP4uAEjx63XAx+E=";
+  };
+in runCommand "roundcube-plugin-${pname}-${version}" {
+  inherit pname version src;
+} ''
+  mkdir -p $out/plugins/
+  cp -r ${src} $out/plugins/${pname}
+''
--- a/profiles/servers/nginx.nix
+++ b/profiles/servers/nginx.nix
@ -16,6 +16,7 @@
          "startpage.ataraxiadev.com"
          "vw.ataraxiadev.com"
          "code.ataraxiadev.com"
+          "webmail.ataraxiadev.com"
        ];
      };
    };
@ -30,6 +31,7 @@
    virtualHosts = let
      default = {
        useACMEHost = "ataraxiadev.com";
+        enableACME = false;
        forceSSL = true;
      };
      proxySettings = {
@ -118,6 +120,13 @@
          proxyPass = "http://localhost:6000";
        } // proxySettings // hardened;
      } // default;
+      "webmail.ataraxiadev.com" = {
+        locations."/" = {
+          extraConfig = ''
+            client_max_body_size 30M;
+          '';
+        } // hardened;
+      } // default;
    };
  };

--- a/profiles/servers/roundcube.nix
+++ b/profiles/servers/roundcube.nix
@ -0,0 +1,30 @@
+{ config, lib, pkgs, ... }: {
+  secrets.roundcube-db-pass = {
+    owner = "roundcube";
+  };
+  services.roundcube = {
+    enable = true;
+    database.passwordFile = config.secrets.roundcube-db-pass.decrypted;
+    database.username = "roundcube";
+    dicts = with pkgs.aspellDicts; [ en ru ];
+    extraConfig = ''
+      $config['default_host'] = array(
+        'tls://mail.ataraxiadev.com' => "AtaraxiaDev's Mail Server"
+      );
+      $config['username_domain'] = array(
+        'mail.ataraxiadev.com' => 'ataraxiadev.com'
+      );
+    '';
+    hostName = "webmail.ataraxiadev.com";
+    maxAttachmentSize = 25;
+    plugins = [ "carddav" "persistent_login" ];
+    package = pkgs.roundcube.withPlugins (plugins:
+      with plugins; [ carddav persistent_login ]
+    );
+  };
+
+  services.phpfpm.pools.roundcube.settings = {
+    "listen.owner" = config.services.nginx.user;
+    "listen.group" = config.services.nginx.group;
+  };
+}
--- a/profiles/virtualisation.nix
+++ b/profiles/virtualisation.nix
@ -1,17 +1,10 @@
 { config, lib, pkgs, ... }:
 with config.deviceSpecific; {
  config = lib.mkIf enableVirtualisation {
-    # virtualisation.podman = {
-    #   enable = isServer;
-    #   dockerCompat = true;
-    #   defaultNetwork.dnsname.enable = true;
-    # };
    virtualisation.docker = {
      enable = isServer;
    };
-
-    # virtualisation.oci-containers.backend = "docker";
-    # virtualisation.oci-containers.backend = lib.mkForce "podman";
+    virtualisation.oci-containers.backend = "docker";

    virtualisation.libvirtd = {
      enable = !isServer;
@ -31,9 +24,7 @@ with config.deviceSpecific; {
      internalInterfaces = [ "ve-+" ];
    };

-    environment.systemPackages = if isServer then [
-      # arion
-      # docker-client
+    environment.systemPackages = with pkgs; if isServer then [
    ] else [
      virt-manager
    ];