dunkirk.sh
Kieran's opinionated (and probably slightly dumb) nix config
1# herald
2
3Git SSH hosting with email notifications. Provides a git push interface over SSH and sends email via SMTP/DKIM.
4
5**Domain:** `herald.dunkirk.sh` · **SSH Port:** 2223 · **HTTP Port:** 8085
6
7This is a **custom module** — it does not use mkService.
8
9## Options
10
11| Option | Type | Default | Description |
12|--------|------|---------|-------------|
13| `enable` | bool | `false` | Enable herald |
14| `domain` | string | — | Domain for Caddy reverse proxy |
15| `host` | string | `"0.0.0.0"` | Listen address |
16| `sshPort` | port | `2223` | SSH listen port |
17| `externalSshPort` | port | `2223` | External SSH port (if behind NAT) |
18| `httpPort` | port | `8085` | HTTP API port |
19| `dataDir` | path | `"/var/lib/herald"` | Data directory |
20| `allowAllKeys` | bool | `true` | Allow all SSH keys |
21| `secretsFile` | path | — | Agenix secrets (must contain `SMTP_PASS`) |
22| `package` | package | `pkgs.herald` | Herald package |
23
24### SMTP
25
26| Option | Type | Default | Description |
27|--------|------|---------|-------------|
28| `smtp.host` | string | — | SMTP server hostname |
29| `smtp.port` | port | `587` | SMTP server port |
30| `smtp.user` | string | — | SMTP username |
31| `smtp.from` | string | — | Sender address |
32
33### DKIM
34
35| Option | Type | Default | Description |
36|--------|------|---------|-------------|
37| `smtp.dkim.selector` | string or null | `null` | DKIM selector |
38| `smtp.dkim.domain` | string or null | `null` | DKIM signing domain |
39| `smtp.dkim.privateKeyFile` | path or null | `null` | Path to DKIM private key |