radicale
This commit is contained in:
@@ -102,8 +102,6 @@ let
|
||||
);
|
||||
in
|
||||
{
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
services.nginx.virtualHosts = mailDiscoveryVirtualHosts // {
|
||||
${config.mailserver.fqdn}.enableACME = true;
|
||||
};
|
||||
|
||||
@@ -1,7 +1,15 @@
|
||||
{
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "postmaster@billenius.com";
|
||||
};
|
||||
|
||||
imports = [
|
||||
./autodiscover.nix
|
||||
./mail.nix
|
||||
./radicale.nix
|
||||
./roundcube.nix
|
||||
];
|
||||
}
|
||||
|
||||
@@ -1,10 +1,5 @@
|
||||
{ ... }:
|
||||
{
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "postmaster@billenius.com";
|
||||
};
|
||||
|
||||
mailserver = {
|
||||
enable = true;
|
||||
fqdn = "mail.billenius.com";
|
||||
@@ -12,7 +7,7 @@
|
||||
certificateScheme = "acme";
|
||||
|
||||
# A list of all login accounts. To create the password hashes, use
|
||||
# nix-shell -p mkpasswd --run 'mkpasswd -s'
|
||||
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
|
||||
loginAccounts = {
|
||||
"love@billenius.com" = {
|
||||
hashedPasswordFile = "${../../../resources/mail-server}/love@billenius.com";
|
||||
@@ -23,7 +18,10 @@
|
||||
enable = true;
|
||||
autoIndex = true;
|
||||
enforced = "body";
|
||||
autoIndexExclude = [ "Trash" "\\Junk" ];
|
||||
autoIndexExclude = [
|
||||
"Trash"
|
||||
"\\Junk"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -0,0 +1,78 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
domain = builtins.head config.mailserver.domains;
|
||||
radicaleHost = "cal.${domain}";
|
||||
mailAccounts = config.mailserver.loginAccounts;
|
||||
discoveryHosts = lib.unique (
|
||||
config.mailserver.domains
|
||||
++ [
|
||||
config.mailserver.fqdn
|
||||
radicaleHost
|
||||
]
|
||||
);
|
||||
|
||||
accountHash =
|
||||
mail: account:
|
||||
if account ? hashedPassword then
|
||||
account.hashedPassword
|
||||
else if account ? hashedPasswordFile then
|
||||
lib.removeSuffix "\n" (builtins.readFile account.hashedPasswordFile)
|
||||
else
|
||||
throw "Radicale requires ${mail} to define hashedPassword or hashedPasswordFile";
|
||||
|
||||
htpasswd = pkgs.writeText "radicale.users" (
|
||||
lib.concatStrings (
|
||||
lib.mapAttrsToList (mail: account: "${mail}:${accountHash mail account}\n") mailAccounts
|
||||
)
|
||||
);
|
||||
|
||||
mkWellKnownLocations = {
|
||||
"/.well-known/caldav".return = "301 https://${radicaleHost}/";
|
||||
"/.well-known/carddav".return = "301 https://${radicaleHost}/";
|
||||
};
|
||||
|
||||
discoveryVirtualHosts = lib.listToAttrs (
|
||||
map (host: {
|
||||
name = host;
|
||||
value = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = mkWellKnownLocations;
|
||||
};
|
||||
}) discoveryHosts
|
||||
);
|
||||
in
|
||||
{
|
||||
services.radicale = {
|
||||
enable = true;
|
||||
settings = {
|
||||
auth = {
|
||||
type = "htpasswd";
|
||||
htpasswd_filename = htpasswd;
|
||||
htpasswd_encryption = "bcrypt";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts = discoveryVirtualHosts // {
|
||||
${radicaleHost} = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = mkWellKnownLocations // {
|
||||
"/" = {
|
||||
proxyPass = "http://127.0.0.1:5232/";
|
||||
extraConfig = ''
|
||||
proxy_set_header X-Script-Name /;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_pass_header Authorization;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -38,9 +38,4 @@
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
80
|
||||
443
|
||||
];
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user