blob: a08d419c85d5681be80409e18a1f80bd71be6717 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
{
config,
lib,
pkgs,
...
}:
let
endpoint = "116.203.26.228";
in
{
networking = {
domain = ".vapor.systems";
hostName = "mail";
dhcpcd.enable = false;
interfaces.eth0 = {
ipv4 = {
addresses = [
{
address = "116.203.26.228";
prefixLength = 32;
}
];
routes = [
{
address = "172.31.1.1";
prefixLength = 32;
}
];
};
ipv6 = {
addresses = [
{
address = "2a01:4f8:1c1c:3ce7::1";
prefixLength = 64;
}
{
address = "fe80::9000:6ff:fe53:14ce";
prefixLength = 64;
}
];
routes = [
{
address = "fe80::1";
prefixLength = 128;
}
];
};
};
defaultGateway = "172.31.1.1";
defaultGateway6 = {
address = "fe80::1";
interface = "eth0";
};
};
pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPVwt+/sB77NZnjwqgwtkcqKsIYyMnYh5qlqYoY9dLEd";
wireguard = {
enable = true;
inherit endpoint;
v4 = {
address = "10.10.0.6";
};
v6 = {
address = "6";
};
publicKey = "lk0mN1R5Uf5iwvWe/4mOmrMap7xtsieQaJSHcXQ7+VY=";
allowedIPs = [ ];
};
services.kopia = {
enable = true;
instances = {
b2 = {
enable = true;
environmentFile = config.secrets.b2.dest;
repository.b2.bucket = "mail-vapor-systems";
snapshots = {
schedule = "daily";
paths = [
"/var/lib/stalwart-mail"
];
};
policy = [{
retention = {
keepLatest = 5;
keepDaily = 30;
keepWeekly = 4;
keepMonthly = 3;
keepAnnual = 0;
};
}];
};
};
};
secrets = {
b2 = {
source = ../../secrets/backup/mail.vapor.systems.env;
dest = "/etc/secrets/b2.env";
};
};
deploy = {
host = endpoint;
sshUser = "audron";
buildOn = "remote";
substituteOnTarget = true;
hermetic = false;
};
# System state version
system.stateVersion = "25.05";
}
|
