{hosts/server3,zones/vhack.eu}: Activate stalwart-mail on server3 for soispha

author: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2025-04-01 16:13:51 +0200
committer: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2025-04-01 16:13:51 +0200
commit: 9c72df2287ae8ddd4c3f93675f608e414ab5e8e7 (patch)
tree: 8849d4176a26f3c613e9422e68298e0fe5e22cba /hosts/by-name/server3
parent: zones/vhack.eu: Correct specify the SRV targets as fully-qualified (diff)
download: nixos-server-9c72df2287ae8ddd4c3f93675f608e414ab5e8e7.zip
4 files changed, 48 insertions, 0 deletions
diff --git a/hosts/by-name/server3/configuration.nix b/hosts/by-name/server3/configuration.nix
index a89e047..7f5bce5 100644
--- a/hosts/by-name/server3/configuration.nix
+++ b/hosts/by-name/server3/configuration.nix
@@ -67,6 +67,37 @@
         "/var/log"
       ];
     };
+    stalwart-mail = {
+      enable = true;
+      fqdn = "mail.vhack.eu";
+      admin = "admin@vhack.eu";
+      security = {
+        dkimKeys = let
+          loadKey = name: {
+            dkimPublicKey = builtins.readFile (./secrets/dkim + "/${name}-public");
+            dkimPrivateKeyPath = ./secrets/dkim + "/${name}-private.age";
+            keyAlgorithm = "ed25519-sha256";
+          };
+        in {
+          "mail.vhack.eu" = loadKey "mail.vhack.eu";
+        };
+        verificationMode = "strict";
+      };
+      openFirewall = true;
+      principals = [
+        {
+          class = "individual";
+          name = "soispha";
+          secret = "$2b$05$XX36sJuHNbTFvi8DFldscOeQBHahluSkiUqD9QGzQaET7NJusSuQW";
+          email = [
+            "soispha@vhack.eu"
+            "abuse@vhack.eu"
+            "postmaster@vhack.eu"
+            "admin@vhack.eu"
+          ];
+        }
+      ];
+    };
     postgresql.enable = true;
     rust-motd.enable = true;
     users.enable = true;
diff --git a/hosts/by-name/server2/secrets/dkim/gen_key.sh b/hosts/by-name/server3/secrets/dkim/gen_key.sh
index 61da156..61da156 100755
--- a/hosts/by-name/server2/secrets/dkim/gen_key.sh
+++ b/hosts/by-name/server3/secrets/dkim/gen_key.sh
diff --git a/hosts/by-name/server3/secrets/dkim/mail.vhack.eu-private.age b/hosts/by-name/server3/secrets/dkim/mail.vhack.eu-private.age
new file mode 100644
index 0000000..8d66808
--- /dev/null
+++ b/hosts/by-name/server3/secrets/dkim/mail.vhack.eu-private.age
@@ -0,0 +1,16 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqdEtVSWhiOVR1N1Q5bTBV
+NXRMMm42VlR5NitSWlhiSFpUZDZQSlloWlJ3ClA3ZEJSU2dDbmRVL0NMZlFOVU5J
+V1lEbDM0MlN3S3dZMUkyc1pQZVVpdDAKLT4gWDI1NTE5IFk4YnFFZmFLTlA0WENY
+K3FGME1CbUV4b0Z4V1FIRFBmNVphYmhCMG1QVkkKOGhFcnl3Y2hZQU8rY0ROMTlq
+d0lUVG8rRWpPNm4vWkw2WFROU3NJalgzWQotPiBzc2gtZWQyNTUxOSBweXU5Ymcg
+UDV4YUdZRWZieHN4RVU1WWEvdlFRVHpTL1V5Q3Nya1kvNjFxVytpS1NGawpUWnlR
+RmtQL1Z1ZFkwTC9ua3VVb05VQVlLemtuOCtLSkdxbFE5U2wyM0xZCi0+IFktZ3Jl
+YXNlCk56M0t2NXB3QVpjYTNFdkEvMmpDZXBPcWlLNXNWL2tPalNMM1g0KzBJL2xz
+T1gvTldRLzNxM25BOUhFZml3dFQKSnNMeHBXK3BrS2pWVU1uTkNKZ3BnaGt2Ci0t
+LSBuWURsUEYxRkx3bVQzU3JTcGlwUTFCZ09IRWIrNExUclhPSmdGdUtNOFlFCuKw
+PBh8U5VmweDGoY+xFXw/nqTqrKw9gZyUR2vbnHdnN9y8BToht7prsEaAn//DVivI
+GMFGMhbPYTumWnEiTho8ZqQv5tKiDdIGV/9YghzUdHtMnzfO7q5ztrFYx19qjgi/
+lW17WyY8Jk2DZIH3icYweTICx9IU5K11DNj6WgNGDe8/fAyfuHTekE8sZtHPDw76
+M3wkUZM=
+-----END AGE ENCRYPTED FILE-----
diff --git a/hosts/by-name/server3/secrets/dkim/mail.vhack.eu-public b/hosts/by-name/server3/secrets/dkim/mail.vhack.eu-public
new file mode 100644
index 0000000..fa5d243
--- /dev/null
+++ b/hosts/by-name/server3/secrets/dkim/mail.vhack.eu-public
@@ -0,0 +1 @@
+U0eOxgLD3yK7PKzQRSZdJ3EH/UwVxPeYmfm42gYXsDg=
author	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2025-04-01 16:13:51 +0200
committer	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2025-04-01 16:13:51 +0200
commit	9c72df2287ae8ddd4c3f93675f608e414ab5e8e7 (patch)
tree	8849d4176a26f3c613e9422e68298e0fe5e22cba /hosts/by-name/server3
parent	zones/vhack.eu: Correct specify the SRV targets as fully-qualified (diff)
download	nixos-server-9c72df2287ae8ddd4c3f93675f608e414ab5e8e7.zip