~piotr-machura/vps

Personal server NixOS configuration 
Change mail server ceritifcate scheme
Update README
Update to 23.05 release of NixOS mailserver

refs

master
browse  log 
pi
browse  .tar.gz 

clone

read-only
https://git.sr.ht/~piotr-machura/vps
read/write
git@git.sr.ht:~piotr-machura/vps

You can also use your local clone with git send-email.

#VPS

This is NixOS configuration for my personal VPS. It includes:

  HTTP 80   ┌───────┐    ┌────────────┐
 ──────────►│ nginx ├───►│  Websites  │
 HTTPS 443  └───────┘    └────────────┘


   IMAP 143/993   ┌────────────┐
 ────────────────►│   NixOS    │
 SMTP 25/465/587  │ Mailserver │
                  └────────────┘

#Setting up the server

Depending VPS provider, it may be necessary to set the static 1.2.3.4/5 IP address and 4.3.2.1 gateway on enp-named network device to get Internet access, which is required by the NixOS installation procedure. Prior to installation configure the network on the NixOS ISO

ip addr # check what the IPv4 address on enp is, say X.X.X.X/Y
ip addr del X.X.X.X/Y dev enp
ip addr add 1.2.3.4/5 dev enp
ip route del default
ip route add 4.3.2.1 dev enp
ip route add default via 4.3.2.1 dev enp
echo "nameserver 8.8.8.8" >> /etc/resolv.conf

Verify if the internet is available by ping-ing 1.1.1.1 and Google.

Follow the NixOS installation guide and write the static IP address and gateway into the configuration (see configuration.nix networking section).

After a succesful reboot clone this repository, replacing /etc/nixos/configuration.nix. Modify the hardware sections as needed. Create the secrets file /etc/nixos/secrets.nix based off the included secrets.example.nix.

#DNS

These are my DNS records (mostly so I don't forget and lose them). Feel free to use them as base.

#machura.xyz

  • A
    • machura.xyz -> 1.2.3.4
    • mail.machura.xyz -> 1.2.3.4
  • AAAA
    • machura.xyz -> 1111:2222:3333:4444:5555:::1
  • CAA
    • machura.xyz -> 0 issue "letsencrypt.org"
  • CNAME
    • p.machura.xyz -> machura.xyz
    • piotr.machura.xyz -> machura.xyz
    • www.machura.xyz -> machura.xyz
    • www.p.machura.xyz -> machura.xyz
    • www.piotr.machura.xyz -> machura.xyz
  • MX
    • machura.xyz -> mail.machura.xyz [Priority: 0]
  • PTR
    • mail.machura.xyz -> machura.xyz
  • TXT
    • (SPF) machura.xyz -> v=spf1 mx a:mail.machura.xyz -all
    • (DMARC) _dmarc.machura.xyz -> v=DMARC1; p=quarantine; rua=mailto:postmaster@machura.xyz; ruf=mailto:postmaster@machura.xyz; sp=none; ri=86400
    • (DKIM) mail._domainkey.machura.xyz -> v=DKIM1; k=rsa; p=<key from /var/dkim/machura.xyz.mail.txt>

#piotr-machura.com

  • A
    • piotr-machura.com -> 1.2.3.4
  • AAAA
    • piotr-machura.com -> 1111:2222:3333:4444:5555:::1
  • CAA
    • piotr-machura.com -> 0 issue "letsencrypt.org"
  • CNAME
    • www.piotr-machura.com -> piotr.machura.xyz
  • MX
    • piotr-machura.com -> mail.machura.xyz [Priority 0]
  • TXT
    • (SPF) piotr-machura.com -> v=spf1 mx a:mail.machura.xyz -all
    • (DMARC) _dmarc.piotr-machura.com -> v=DMARC1; p=quarantine; rua=mailto:postmaster@machura.xyz; ruf=mailto:postmaster@machura.xyz; sp=none; ri=86400
    • (DKIM) mail._domainkey.piotr-machura.com -> v=DKIM1; k=rsa; p=<key from /var/dkim/piotr-machura.com.mail.txt>