From 72f404dba10663dd524d7522622d577a338a578c Mon Sep 17 00:00:00 2001 From: Felix Albrigtsen Date: Tue, 2 Jan 2024 21:43:04 +0100 Subject: [PATCH] voyager: move snappymail --- hosts/voyager/configuration.nix | 13 --- hosts/voyager/modules/snappymail.nix | 108 ++++++++++++++++++++++++ hosts/voyager/services/snappymail.nix | 115 +++----------------------- 3 files changed, 120 insertions(+), 116 deletions(-) create mode 100644 hosts/voyager/modules/snappymail.nix diff --git a/hosts/voyager/configuration.nix b/hosts/voyager/configuration.nix index 888a9dd..472fbf1 100644 --- a/hosts/voyager/configuration.nix +++ b/hosts/voyager/configuration.nix @@ -39,19 +39,6 @@ zfs ]; - services.snappymail = { - enable = true; - hostname = "mail.home.feal.no"; - }; - services.nginx.virtualHosts."${config.services.snappymail.hostname}" = let - certPath = "/etc/ssl-snakeoil/mail_home_feal_no"; - in { - addSSL = true; - - sslCertificate = "${certPath}.crt"; - sslCertificateKey = "${certPath}.key"; - }; - virtualisation.docker.enable = true; virtualisation.oci-containers.backend = "docker"; diff --git a/hosts/voyager/modules/snappymail.nix b/hosts/voyager/modules/snappymail.nix new file mode 100644 index 0000000..a6855e3 --- /dev/null +++ b/hosts/voyager/modules/snappymail.nix @@ -0,0 +1,108 @@ +{ config, pkgs, lib, ... }: + +let + inherit (lib) mkDefault mkEnableOption mkForce mkIf mkOption mkPackageOption generators types; + + cfg = config.services.snappymail; + maxUploadSize = "256M"; +in { + options.services.snappymail = { + enable = mkEnableOption (lib.mdDoc "Snappymail"); + + package = mkOption { + type = types.package; + default = pkgs.snappymail; + defaultText = lib.mdDoc "pkgs.snappymail"; + description = lib.mdDoc "Which snappymail package to use."; + }; + + dataDir = mkOption { + type = types.str; + default = "/var/lib/snappymail"; + description = "State directory for snappymail"; + }; + + hostname = mkOption { + type = types.str; + /* default = null; */ + example = "mail.example.com"; + description = "Enable nginx with this hostname, null disables nginx"; + }; + + user = mkOption { + type = types.str; + default = "snappymail"; + description = lib.mdDoc "System user under which snappymail runs"; + }; + + group = mkOption { + type = types.str; + default = "snappymail"; + description = lib.mdDoc "System group under which snappymail runs"; + }; + }; + + config = mkIf cfg.enable { + users.users = mkIf (cfg.user == "snappymail") { + snappymail = { + description = "Snappymail service"; + group = cfg.group; + home = cfg.dataDir; + useDefaultShell = true; + createHome = true; + isSystemUser = true; + }; + }; + + users.groups = mkIf (cfg.group == "snappymail") { + snappymail = {}; + }; + + services.phpfpm.pools.snappymail = { + user = cfg.user; + group = cfg.group; + phpOptions = generators.toKeyValue {} { + upload_max_filesize = maxUploadSize; + post_max_size = maxUploadSize; + memory_limit = maxUploadSize; + }; + + settings = { + "listen.owner" = config.services.nginx.user; + "listen.group" = config.services.nginx.group; + "pm" = "ondemand"; + "pm.max_children" = 32; + "pm.process_idle_timeout" = "10s"; + "pm.max_requests" = 500; + }; + }; + + services.nginx = mkIf (cfg.hostname != null) { + virtualHosts."${cfg.hostname}" = { + locations."/".extraConfig = '' + index index.php; + autoindex on; + autoindex_exact_size off; + autoindex_localtime on; + ''; + locations."^~ /data".extraConfig = '' + deny all; + ''; + locations."~ \.php$".extraConfig = '' + include ${pkgs.nginx}/conf/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass unix:${config.services.phpfpm.pools.snappymail.socket}; + ''; + extraConfig = '' + client_max_body_size ${maxUploadSize}; + ''; + + root = if (cfg.package == pkgs.snappymail) then + pkgs.snappymail.override { + dataPath = cfg.dataDir; + } + else cfg.package; + }; + }; + }; +} diff --git a/hosts/voyager/services/snappymail.nix b/hosts/voyager/services/snappymail.nix index a7b266f..a6082aa 100644 --- a/hosts/voyager/services/snappymail.nix +++ b/hosts/voyager/services/snappymail.nix @@ -1,108 +1,17 @@ -{ config, pkgs, lib, ... }: +{ config, lib, pkgs, ... }: +{ + imports = [ ../modules/snappymail.nix ]; -let -inherit (lib) mkDefault mkEnableOption mkForce mkIf mkOption mkPackageOption generators types; - -cfg = config.services.snappymail; -maxUploadSize = "256M"; -in { - options.services.snappymail = { - enable = mkEnableOption (lib.mdDoc "Snappymail"); - - package = mkOption { - type = types.package; - default = pkgs.snappymail; - defaultText = lib.mdDoc "pkgs.snappymail"; - description = lib.mdDoc "Which snappymail package to use."; - }; - - dataDir = mkOption { - type = types.str; - default = "/var/lib/snappymail"; - description = "State directory for snappymail"; - }; - - hostname = mkOption { - type = types.str; - /* default = null; */ - example = "mail.example.com"; - description = "Enable nginx with this hostname, null disables nginx"; - }; - - user = mkOption { - type = types.str; - default = "snappymail"; - description = lib.mdDoc "System user under which snappymail runs"; - }; - - group = mkOption { - type = types.str; - default = "snappymail"; - description = lib.mdDoc "System group under which snappymail runs"; - }; + services.snappymail = { + enable = true; + hostname = "mail.home.feal.no"; }; + services.nginx.virtualHosts."${config.services.snappymail.hostname}" = let + certPath = "/etc/ssl-snakeoil/mail_home_feal_no"; + in { + addSSL = true; - config = mkIf cfg.enable { - users.users = mkIf (cfg.user == "snappymail") { - snappymail = { - description = "Snappymail service"; - group = cfg.group; - home = cfg.dataDir; - useDefaultShell = true; - createHome = true; - isSystemUser = true; - }; - }; - - users.groups = mkIf (cfg.group == "snappymail") { - snappymail = {}; - }; - - services.phpfpm.pools.snappymail = { - user = cfg.user; - group = cfg.group; - phpOptions = generators.toKeyValue {} { - upload_max_filesize = maxUploadSize; - post_max_size = maxUploadSize; - memory_limit = maxUploadSize; - }; - - settings = { - "listen.owner" = config.services.nginx.user; - "listen.group" = config.services.nginx.group; - "pm" = "ondemand"; - "pm.max_children" = 32; - "pm.process_idle_timeout" = "10s"; - "pm.max_requests" = 500; - }; - }; - - services.nginx = mkIf (cfg.hostname != null) { - virtualHosts."${cfg.hostname}" = { - locations."/".extraConfig = '' - index index.php; - autoindex on; - autoindex_exact_size off; - autoindex_localtime on; - ''; - locations."^~ /data".extraConfig = '' - deny all; - ''; - locations."~ \.php$".extraConfig = '' - include ${pkgs.nginx}/conf/fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass unix:${config.services.phpfpm.pools.snappymail.socket}; - ''; - extraConfig = '' - client_max_body_size ${maxUploadSize}; - ''; - - root = if (cfg.package == pkgs.snappymail) then - pkgs.snappymail.override { - dataPath = cfg.dataDir; - } - else cfg.package; - }; - }; + sslCertificate = "${certPath}.crt"; + sslCertificateKey = "${certPath}.key"; }; }