{ config, lib, pkgs, ... }: let primary-ip = "208.81.3.117"; hostname = config.instance.hostname; domain-name = config.fudo.hosts.${hostname}.domain; domain = config.fudo.domains.${domain-name}; host-fqdn = "${hostname}.${domain-name}"; mail-hostname = "mail.fudo.org"; in { imports = [ ./france/postgresql.nix ]; config = { fudo = { auth = { ldap = { enable = true; base = "dc=fudo,dc=org"; organization = "Fudo"; rootpw-file = "FIXME"; kerberos-host = host-fqdn; kerberos-keytab = "FIXME"; sslCert = "FIXME"; sslKey = "FIXME"; sslCaCert = "FIXME"; listen-uris = [ "ldap:///" "ldaps:///" "ldapi:///" ]; users = config.fudo.users; groups = config.fudo.groups; system-users = config.fudo.system-users; }; kdc = let realm = "FUDO.ORG"; in { enable = true; database-path = "FIXME"; realm = realm; mkey-file = "FIXME"; acl = [ { principal = "pam_migrate/*.fudo.org@${realm}"; access = "add"; } { principal = "host/*.fudo.org@${realm}"; access = "add"; } ] ++ (concatMap (user: [ { principal = "${user}@${realm}"; access = "add,list,modify"; } { principal = "${user}/root@${realm}"; access = "all"; } ]) domain.admin-users); bind-addresses = [ primary-ip "127.0.0.1" "127.0.1.1" "::1" ]; }; }; prometheus = { enable = true; hostname = "metrics.fudo.org"; service-discovery-dns = let dns-root = "_metrics._tcp.fudo.org"; in { node = [ "node.${dns-root}" ]; postfix = [ "postfix.${dns-root}" ]; dovecot = [ "dovecot.${dns-root}" ]; rspamd = [ "rspamd.${dns-root}" ]; }; }; postgresql = { enable = true; # FIXME: ssl-private-key && ssl certificate keytab = "/srv/postgres/secure/postgres.keytab"; local-networks = getHostLocalNetworks hostname; admin-users = domain.admin-users; }; client.dns = { enable = true; ipv4 = true; ipv6 = true; user = "FIXME"; external-interface = "extif0"; password-file = "FIXME"; }; mail-server = domain.mail-config // { enableContainer = true; monitoring = true; hostname = mail-hostname; state-directory = "FIXME"; mail-directory = "FIXME"; dovecot.ldap = { reader-dn = "FIXME"; reader-password = "FIXME"; server-urls = [ "FIXME" ]; }; clamav.enable = true; dkim.signing = true; }; git = { enable = true; hostname = "git.fudo.org"; site-name = "Fudo Git"; user = "FIXME"; database = { user = "FIXME"; password-file = "FIXME"; hostname = "127.0.0.1"; name = "FIXME"; }; repository-dir = "FIXME"; state-dir = "FIXME"; ssh = { listen-ip = git-server-ip; listen-port = 22; }; }; minecraft-server = { enable = true; package = pkgs.minecraft-current; data-dir = "FIXME"; world-name = "selbyland"; motd = "Welcome to the Selby Minecraft server."; }; }; networking = { intif0 = { ipv4.addresses = [{ address = "192.168.11.1"; prefixLength = 24; }]; }; extif0 = { ipv4.addresses = [ { address = primary-ip; prefixLength = 28; } { address = git-server-ip; prefixLength = 32; } ]; }; }; services = { nginx = { enable = true; recommendedGzipSettings = true; recommendedOptimisations = true; recommendedTlsSettings = true; recommendedProxySettings = true; virtualHosts = { "mail.fudo.org" = { enableACME = true; locations."/".return = "301 https://webmail.fudo.org$request_uri"; }; }; }; }; }; }