{ config, lib, pkgs, nodes, sources, ... }: let host = "catvayor.sh"; in { imports = [ "${sources.nixos-mailserver}" ./hardware-configuration.nix ./disks.nix ./modo.nix ]; kat.proxies = { ip = "192.168.122.3"; aliases = [ "catvayor.sh" ]; open-tcp = [ { internal = 22; external = 22002; } 25 465 993 ]; }; boot.loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; kat.wireguardPubKey = "Znj451+hGJcPV1zFgpRMA8hg8edmUInA5zBtYBUuL3k="; systemd.network = { networks = { "10-enp1s0" = { name = "enp1s0"; address = [ "192.168.122.3/24" "fe80::3/64" ]; routes = [ { Destination = "10.42.0.2/32"; Gateway = "192.168.122.1"; } ]; dns = [ "192.168.122.1" ]; }; "50-wg0" = { name = "wg0"; address = [ "10.42.2.1/16" ]; routes = [ { Gateway = "10.42.0.2"; } ]; }; }; netdevs = { "50-wg0" = { netdevConfig = { Name = "wg0"; Kind = "wireguard"; }; wireguardConfig = { PrivateKeyFile = "/wg/private.key"; }; wireguardPeers = [ { Endpoint = "10.42.0.2:1194"; AllowedIPs = [ "0.0.0.0/0" ]; PersistentKeepalive = 20; PublicKey = nodes.kat-watcher.config.kat.wireguardPubKey; } ]; }; }; }; networking.useDHCP = false; services.openssh.enable = true; networking.firewall.enable = false; security.acme = { acceptTerms = true; defaults.email = "root@katvayor.net"; }; services.nginx = { enable = true; virtualHosts."catvayor.sh".enableACME = true; virtualHosts."betamail.katvayor.net" = { enableACME = true; addSSL = true; locations."/" = { recommendedProxySettings = true; proxyPass = "http://localhost:8000/"; }; }; }; mailserver = { enable = true; fqdn = "betamail.katvayor.net"; domains = [ host ]; loginAccounts = { "root@${host}" = { catchAll = [ host ]; aliases = builtins.genList (id: "user${toString id}@${host}") 10 ++ [ "moderators@${host}" "daemon@${host}" ]; hashedPassword = "$2b$05$FoCVDECXYG0KXPigPuIZtuNFiviwSg8RuXx0FbnzC7ZRp.Mz8VWOe"; }; }; certificateScheme = "acme"; }; system.stateVersion = "23.11"; }