diff options
Diffstat (limited to '')
| -rw-r--r-- | hosts/by-name/server2/configuration.nix | 42 | ||||
| -rw-r--r-- | hosts/by-name/server2/secrets/dkim/mail.vhack.eu-private.age | 16 | ||||
| -rw-r--r-- | hosts/by-name/server2/secrets/dkim/mail.vhack.eu-public | 1 | ||||
| -rw-r--r-- | hosts/by-name/server2/secrets/nextcloud/adminpassFile.age | 14 | ||||
| -rw-r--r-- | hosts/by-name/server3/configuration.nix | 35 | ||||
| -rwxr-xr-x | hosts/by-name/server3/secrets/dkim/gen_key.sh (renamed from hosts/by-name/server2/secrets/dkim/gen_key.sh) | 0 | ||||
| -rw-r--r-- | hosts/by-name/server3/secrets/dkim/mail.vhack.eu-private.age | 16 | ||||
| -rw-r--r-- | hosts/by-name/server3/secrets/dkim/mail.vhack.eu-public | 1 |
8 files changed, 74 insertions, 51 deletions
diff --git a/hosts/by-name/server2/configuration.nix b/hosts/by-name/server2/configuration.nix index 7f0502d..a11085e 100644 --- a/hosts/by-name/server2/configuration.nix +++ b/hosts/by-name/server2/configuration.nix @@ -1,4 +1,8 @@ -{config, ...}: { +{ + config, + lib, + ... +}: { imports = [ ./networking.nix # network configuration that just works ./hardware.nix @@ -33,7 +37,7 @@ "185.16.61.132" "2a03:4000:a:106::1" ]; - zones = import ../../../zones {}; + zones = import ../../../zones {inherit lib;}; }; etesync = { enable = true; @@ -57,36 +61,10 @@ enable = true; fqdn = "mail.foss-syndicate.org"; }; - stalwart-mail = { - enable = false; - fqdn = "mail.vhack.eu"; - admin = "admin@vhack.eu"; - security = { - dkimKeys = let - loadKey = name: { - dkimPublicKey = builtins.readFile (./secrets/dkim + "/${name}-public"); - dkimPrivateKeyPath = ./secrets/dkim + "/${name}-private.age"; - keyAlgorithm = "ed25519-sha256"; - }; - in { - "mail.vhack.eu" = loadKey "mail.vhack.eu"; - }; - verificationMode = "strict"; - }; - openFirewall = true; - principals = [ - { - class = "individual"; - name = "soispha"; - secret = "$2b$05$XX36sJuHNbTFvi8DFldscOeQBHahluSkiUqD9QGzQaET7NJusSuQW"; - email = [ - "soispha@vhack.eu" - "abuse@vhack.eu" - "postmaster@vhack.eu" - "admin@vhack.eu" - ]; - } - ]; + nextcloud = { + enable = true; + hostname = "nextcloud.vhack.eu"; + adminpassFile = ./secrets/nextcloud/adminpassFile.age; }; nginx = { enable = true; diff --git a/hosts/by-name/server2/secrets/dkim/mail.vhack.eu-private.age b/hosts/by-name/server2/secrets/dkim/mail.vhack.eu-private.age deleted file mode 100644 index 586a266..0000000 --- a/hosts/by-name/server2/secrets/dkim/mail.vhack.eu-private.age +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5TXdkcGE3VDhPVFd1aThX -dno3RWtMbE9vR1NuQjJXR003NmxrbllSTVhVCit5aExOb2NVSzFKZWswNlQ3R3ds -Rkt3QjU4dlUyVEdQaWFFbU9iejJOV28KLT4gWDI1NTE5IFFoVjFhMWlzUUlPWUFK -cEcwVlQrbzhkRjdEU2FoNmJ2MGpkc1NLcG5zZ1EKNnc0R3BGR0FSQWUvTlIyTk94 -ME82VDRnTytwZnAvVUl6bEFzSTFNUm5BQQotPiBzc2gtZWQyNTUxOSBYUG94RFEg -eFRmUlY2QUhUdUNWQ0xMai9IMEFJZWQxWG9MUktDMnIycnNIS3NELzFGMApxbkx3 -ZlFJTzVNTjlKSzNkOW9reXFYM04xQThQNGgvblNBRUJyZk1HUUZZCi0+IHozLWdy -ZWFzZSBuJT0Ka3NhLzVpY0Z0TW5HckJYUEhpZWlRazFjbzZEMTBwanRFdVA2WWNx -SUpLQitzNUlCQlpQQkZrZDRvbFdBMUgzVApnZ3MyMzF6dlRKZmxmd3NQejJJeE1q -YTVvUExxTTVIVkNNWldyWkY4b3cKLS0tIHYyRWV4WEo4RW1aK3E0MkNucnp1SVVQ -ZHdORjY2Z2IvMkI3a0VQbllWdncKej5N7MfXO+6MbxluZfM+Df75nBiNAEhrkvqX -dHB6qKXScbQHQp9Dpsuv/eR+vaW3rMstOMkAas4RDCii1iDwv2MjXtrFcPKXCBiz -/aiPvmn/7f/cXFw6pTSmLsF2AXGy2wepOEdIVQM4Gml7yVgVhQ3cK4QRGzPjW4Yf -urNumFlJQ7a8NVFNK2C9a+bfIz0eUYcJrOOjBg== ------END AGE ENCRYPTED FILE----- diff --git a/hosts/by-name/server2/secrets/dkim/mail.vhack.eu-public b/hosts/by-name/server2/secrets/dkim/mail.vhack.eu-public deleted file mode 100644 index 7654a2c..0000000 --- a/hosts/by-name/server2/secrets/dkim/mail.vhack.eu-public +++ /dev/null @@ -1 +0,0 @@ -U0eOxgLD3yK7PKzQRSZdJ3EH/UwVxPeYmfm42gYXsDg= \ No newline at end of file diff --git a/hosts/by-name/server2/secrets/nextcloud/adminpassFile.age b/hosts/by-name/server2/secrets/nextcloud/adminpassFile.age new file mode 100644 index 0000000..2b831f3 --- /dev/null +++ b/hosts/by-name/server2/secrets/nextcloud/adminpassFile.age @@ -0,0 +1,14 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxanRqM3pOT29DWitxUERF +RjRURVZUWGpOSzFoZVpCSzJIN0RGZDAzWEZzCkczaExmOGgxQUQwV2NleUdHMXBB +eTZLZXpGZE1hcXBhWWhVcEQ5OFBQWUkKLT4gWDI1NTE5IG5DVmlEaDhTWk9xaWs2 +TnF1K1ZtK2UyeDgvOEFlbVUzc0V1VnZoSmFobEkKczNrSGdwZEVxVFNES3dzcVgy +SmRYNS9WR29mNGNCQW84bHZsZzNTRGZCQQotPiBzc2gtZWQyNTUxOSBYUG94RFEg +Y2ZQd25odWRRbUdqM3gxMzBrQ1Y3UjRwQ0JsRldtblRaYnVKWHZud2p5awpZdkNm +bk82RVVId2tsOXlKb2psa25pNFpManN4bjQwblBWUWdGaWxxQ1B3Ci0+ICNqaTBs +KE8tZ3JlYXNlIE1KZGEgNzAKSGNMSlRGTzN5d3ZXcFZNTkxlZHprVlVQTzJ4K2Vp +MG1YMTFHRmV6L2tMMGUKLS0tIE44WHBBZk1qcmRnK2lPczdiQ294SW50UFdrUHUw +d0EreHNod29LL2pjd2cKw1rpd83gONZaOiV5lQ+QOtIZzoIkaOvRD/8avsbeFsP7 +AB/jiOfOwYJ0DVbNMjopwnzpcAFsLWs6Gg0wQhjNsl349TIcTAS0xLTJYTm8DwQy +FmzftPMHAuJ/IPGzb3hQOFqpuFAPkunfiOgZ/N7N/+LLNMC5NxkkSH8m8gDBCCk= +-----END AGE ENCRYPTED FILE----- diff --git a/hosts/by-name/server3/configuration.nix b/hosts/by-name/server3/configuration.nix index 9ad73ea..7f5bce5 100644 --- a/hosts/by-name/server3/configuration.nix +++ b/hosts/by-name/server3/configuration.nix @@ -1,4 +1,4 @@ -{...}: { +{lib, ...}: { imports = [ ./networking.nix # network configuration that just works ./hardware.nix @@ -18,7 +18,7 @@ "92.60.38.179" "2a03:4000:33:25b::4f4e" ]; - zones = import ../../../zones {}; + zones = import ../../../zones {inherit lib;}; }; fail2ban.enable = true; nix-sync = { @@ -67,6 +67,37 @@ "/var/log" ]; }; + stalwart-mail = { + enable = true; + fqdn = "mail.vhack.eu"; + admin = "admin@vhack.eu"; + security = { + dkimKeys = let + loadKey = name: { + dkimPublicKey = builtins.readFile (./secrets/dkim + "/${name}-public"); + dkimPrivateKeyPath = ./secrets/dkim + "/${name}-private.age"; + keyAlgorithm = "ed25519-sha256"; + }; + in { + "mail.vhack.eu" = loadKey "mail.vhack.eu"; + }; + verificationMode = "strict"; + }; + openFirewall = true; + principals = [ + { + class = "individual"; + name = "soispha"; + secret = "$2b$05$XX36sJuHNbTFvi8DFldscOeQBHahluSkiUqD9QGzQaET7NJusSuQW"; + email = [ + "soispha@vhack.eu" + "abuse@vhack.eu" + "postmaster@vhack.eu" + "admin@vhack.eu" + ]; + } + ]; + }; postgresql.enable = true; rust-motd.enable = true; users.enable = true; diff --git a/hosts/by-name/server2/secrets/dkim/gen_key.sh b/hosts/by-name/server3/secrets/dkim/gen_key.sh index 61da156..61da156 100755 --- a/hosts/by-name/server2/secrets/dkim/gen_key.sh +++ b/hosts/by-name/server3/secrets/dkim/gen_key.sh diff --git a/hosts/by-name/server3/secrets/dkim/mail.vhack.eu-private.age b/hosts/by-name/server3/secrets/dkim/mail.vhack.eu-private.age new file mode 100644 index 0000000..8d66808 --- /dev/null +++ b/hosts/by-name/server3/secrets/dkim/mail.vhack.eu-private.age @@ -0,0 +1,16 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqdEtVSWhiOVR1N1Q5bTBV +NXRMMm42VlR5NitSWlhiSFpUZDZQSlloWlJ3ClA3ZEJSU2dDbmRVL0NMZlFOVU5J +V1lEbDM0MlN3S3dZMUkyc1pQZVVpdDAKLT4gWDI1NTE5IFk4YnFFZmFLTlA0WENY +K3FGME1CbUV4b0Z4V1FIRFBmNVphYmhCMG1QVkkKOGhFcnl3Y2hZQU8rY0ROMTlq +d0lUVG8rRWpPNm4vWkw2WFROU3NJalgzWQotPiBzc2gtZWQyNTUxOSBweXU5Ymcg +UDV4YUdZRWZieHN4RVU1WWEvdlFRVHpTL1V5Q3Nya1kvNjFxVytpS1NGawpUWnlR +RmtQL1Z1ZFkwTC9ua3VVb05VQVlLemtuOCtLSkdxbFE5U2wyM0xZCi0+IFktZ3Jl +YXNlCk56M0t2NXB3QVpjYTNFdkEvMmpDZXBPcWlLNXNWL2tPalNMM1g0KzBJL2xz +T1gvTldRLzNxM25BOUhFZml3dFQKSnNMeHBXK3BrS2pWVU1uTkNKZ3BnaGt2Ci0t +LSBuWURsUEYxRkx3bVQzU3JTcGlwUTFCZ09IRWIrNExUclhPSmdGdUtNOFlFCuKw +PBh8U5VmweDGoY+xFXw/nqTqrKw9gZyUR2vbnHdnN9y8BToht7prsEaAn//DVivI +GMFGMhbPYTumWnEiTho8ZqQv5tKiDdIGV/9YghzUdHtMnzfO7q5ztrFYx19qjgi/ +lW17WyY8Jk2DZIH3icYweTICx9IU5K11DNj6WgNGDe8/fAyfuHTekE8sZtHPDw76 +M3wkUZM= +-----END AGE ENCRYPTED FILE----- diff --git a/hosts/by-name/server3/secrets/dkim/mail.vhack.eu-public b/hosts/by-name/server3/secrets/dkim/mail.vhack.eu-public new file mode 100644 index 0000000..fa5d243 --- /dev/null +++ b/hosts/by-name/server3/secrets/dkim/mail.vhack.eu-public @@ -0,0 +1 @@ +U0eOxgLD3yK7PKzQRSZdJ3EH/UwVxPeYmfm42gYXsDg= |