So, I got into NixOS and installed it on a VPS a few days ago. I’ve previously used yunohost.org (a debian based all-in-one selfhosting solution) and docker-compose. But I (now) really like the Nix(OS) approach, the amount of packaged software and how everything ties together in a clean server configuration.
However… I need a bit more information on the server stuff. Are there nice configurations around which I can incorporate and learn from? Extensive tutorials from other people who run their own services or communities?
I mean the basic stuff isn’t a problem. I got Nextcloud and the most important stuff running, a DNS Adblocker, a chat server, nginx etc. But ultimately I’d like to share some services with friends and family. So I need single sign-on (SSO), preferably with an LDAP directory. An email server… And the Wiki and just googling it stop being helpful at this point.
Are there people who share their experience with LDAP/Authentik/Zitadel/Authelia/Keycloak / whatever SSO/Authentication software is packaged in Nix but I can’t find anything about from people who actually use it? A comparison of the several available email servers?
I’m using LLDAP with Authelia on NixOS, it works fine for what I do but it’s somewhat limited, haven’t used it as an OIDC provider yet but that’s on the list.
For a mail server, I use https://nixos-mailserver.readthedocs.io/en/latest/index.html . Very easy to set up, and it seems to work. But I do get a lot of anxiety about it because of all the people who say you should never under any circumstances set up your own mail server because of reputation and whatever. Just be aware that although mail-tester.com doesn’t ding you for it, you really have to make sure your rDNS entry is set up correctly, and you need your own /64 IPv6 range.
Thank you. That one already appeared in my search results. Seems like a traditional postfix/dovecot/rspamd setup.
I know. People always say you shouldn’t run your own mailserver. I have. For like 10 years or so and I’m fine. Well… I’m more than fine. I really like the idea that my mailbox is stored on an encrypted volume at home and not somewhere in the cloud. Also it comes without any noticeable capacity limit, I got a large harddisk in my NAS/server. It’s a bit annoying, though. I forward some email. And some of that goes to a gmail.com account of a friend. It’s important first contact and admin mail, so the spam filter isn’t super strict. And I got greylisted by gmail for doing that. Once a few spam mails slip through, google will stop talking to you. So I currently can’t send mail to gmail users. I have a few free email accounts I use as a relay so I myself can still send mails. But it’s annoying. It’s part of the reason why I now want to redo my mailserver and have an updated rspamd and stuff. I get why people say you should let other people provide email service to you, but I don’t see a proper reason except for it’s annoying and frustrating and odds are against you. (Additionally it is a bit complicated to set up reverse pointers and MX records.)
Here’s mine fwiw - no SSO or LDAP but might add something to what you find. My journey is to move from a NixOS user of 2 years and 1 year ‘all in’. I run my own mail server with NixOS.
nixos-mailserver works well for me. The package set runs faultlessly on the smallest OVH vps. NixOS gives me the ability to redeploy anywhere painlessly and the backup need is limited to a dovecot sync. Dovecot sync is neat: with a 2nd identical vps (match configuration.nix) and non functional but services running duplicates all the live mail data with one command.
I am going all in on Rust too. There is a rust based mail server being developed that I might track as a migration in years to come.
Reading material
Learn { NixOS, Nix }
- https://nixos-and-flakes.thiscute.world/nixos-with-flakes/modularize-the-configuration “The Nix module system provides a parameter, imports, which accepts a list of .nix files and merges all the configuration defined in these files into the current Nix module.”
- https://gitlab.com/famedly/conduit/-/blob/next/nix/README.md
- https://fangpenlin.com/posts/2024/01/14/high-speed-usb4-mesh-network/ Nix package system “beautifully designed but hard to understand at first glance.”
- https://stackoverflow.com/questions/18878117/using-vagrant-to-run-virtual-machines-with-desktop-environment
- https://discourse.nixos.org/t/set-up-vagrant-with-libvirt-qemu-kvm-on-nixos/14653
- https://aldoborrero.com/posts/2023/01/15/setting-up-my-machines-nix-style/
- https://github.com/tweag/rust-wasm-nix
- https://github.com/NixOS/nix.dev
- https://terinstock.com/post/2021/01/Setting-up-a-git-server-on-NixOS/
- https://github.com/nrbray/nixos-configuration
- https://ash64.eu/blog/2022/building-custom-nixos-isos/
- https://github.com/nix-community/disko
- https://github.com/ghostbuster91/blogposts/blob/a2374f0039f8cdf4faddeaaa0347661ffc2ec7cf/router2023-part2/main.md
- https://cola-gang.industries/nixos-for-the-confused-part-2
- https://publish.reddit.com/embed?url=https://www.reddit.com/r/NixOS/comments/12kxmii/comment/jg5kq9n?snippet=2_8_105
- https://github.com/Mic92/dotfiles
- https://www.haskellforall.com/2022/08/stop-calling-everything-nix.html
- https://calendar.google.com/calendar/u/0/embed?src=b9o52fobqjak8oq8lfkhg3t0qg@group.calendar.google.com&ctz=Europe/Amsterdam
- https://publish.reddit.com/embed?url=https://www.reddit.com/r/NixOS/comments/16zs4sn/comment/k3ilo44?snippet=0_12_128
- https://vaibhavsagar.com/blog/2019/08/22/industrial-strength-deployments/
- https://discourse.nixos.org/t/how-do-i-split-common-system-configuration-into-seperate-files/34316/4
- https://discourse.nixos.org/t/cant-get-gnupg-to-work-no-pinentry/15373/31?u=nrbray
- https://github.com/colemickens/nixcfg/blob/52e6f2600b1f01dbd223652849caa32d9a4ef42e/mixins/gpg-agent.nix
- https://github.com/Misterio77/nix-starter-configs/blob/main/README.md
- https://nixos.wiki/wiki/Nix_Cookbook#Creating_shell_scripts
- https://discourse.nixos.org/t/using-deploy-rs-with-existing-configuration/31665/3
Flake specific
are simply a special entry point for Nix code with a built in pinning system
- https://colmena.cli.rs/unstable/tutorial/flakes.html
- https://github.com/erictossell/nixflakes/blob/main/flake.nix
- https://github.com/simonkampe/nixos/blob/main/flake.nix
- https://discourse.nixos.org/t/proper-way-to-build-a-remote-system-with-flakes/17661
- https://fasterthanli.me/series/building-a-rust-service-with-nix
- https://nixos.wiki/wiki/Overlays#In_a_Nix_flake
- https://thiscute.world/en/posts/nixos-and-flake-basics/
- https://drakerossman.com/blog/how-to-convert-default-nixos-to-nixos-with-flakes
- https://flake.parts/best-practices-for-module-writing
- https://www.tweag.io/blog/2022-09-22-rust-nix/
- https://flake.parts/
- https://github.com/nix-community/NUR
- https://lantian.pub/en/article/modify-computer/nixos-packaging.lantian/
- https://tonyfinn.com/blog/nix-from-first-principles-flake-edition/nix-6-nixpkgs-not-reinventing-the-wheel/
Wow. Thanks. Guess the “your previous linux knowledge doesn’t really apply to NixOS” is correct. I already found the lengthy lists of stuff to read up on… I’ll add this to my “read later” list :-D
Stalwart sounds nice, too. Since I’m just setting everything up, maybe I can try both mailservers. I’ve now had 2 people recommend the simple nixos-mailserver.
Great, please may I ask if you would share other sources worth reading.
I think previous Linux knowledge helps, just less needed for newcomers; NixOS has been described as capturing others’ 20 years experience for us to use. Nixos-mailserver is a great example. I used that out of the box and only with user knowledge of NixOS, none of mail tools. Otherwise mail servers are too hard I gathered.
I’ve found lots more to learn about Nix for development environments.
You might want to use nixos-mailserver first for production - after my research I was gobsmacked at how quickly it went. I relied totally on NixOS. Your milage might vary but I’d be shocked if it takes less than 10 times as long another way.
Uh, just tried to install Stalwart, the Rust mailserver suite. It’s nice. But you have to switch to nixos-unstable to get some important features as of now. And then I can’t find any resources on how to set it up. Meaning there are no sane defaults floating around on the internet and it’s really a chore to learn the internals and come up with a proper config. Maybe the nix-mailserver is a better choice for now.
