feat: init mailing
This commit is contained in:
parent
defa1dd4b5
commit
4d87bfe502
|
@ -5,5 +5,7 @@
|
||||||
|
|
||||||
./networking.nix
|
./networking.nix
|
||||||
./wireguard.nix
|
./wireguard.nix
|
||||||
|
./email.nix
|
||||||
|
./website.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
35
hosts/frikandel/email.nix
Normal file
35
hosts/frikandel/email.nix
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
{
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
age.secrets."mail@b12f.io-password" = {
|
||||||
|
file = "${flake.self}/secrets/mail@b12f.io-password.age";
|
||||||
|
mode = "400";
|
||||||
|
owner = "maddy";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.maddy = {
|
||||||
|
enable = true;
|
||||||
|
primaryDomain = "b12f.io";
|
||||||
|
|
||||||
|
ensureAccounts = [
|
||||||
|
"mail@b12f.io"
|
||||||
|
];
|
||||||
|
|
||||||
|
ensureCredentials = {
|
||||||
|
# Do not use this in production. This will make passwords world-readable
|
||||||
|
# in the Nix store
|
||||||
|
"mail@b12f.io".passwordFile = "${pkgs.writeText "postmaster" "test"}";
|
||||||
|
};
|
||||||
|
|
||||||
|
tls = {
|
||||||
|
certificates = [
|
||||||
|
{
|
||||||
|
keyPath = "";
|
||||||
|
certPath = "";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -7,7 +7,12 @@
|
||||||
}: {
|
}: {
|
||||||
networking.hostName = "frikandel";
|
networking.hostName = "frikandel";
|
||||||
networking.hostId = "44234773";
|
networking.hostId = "44234773";
|
||||||
networking.nameservers = [ "9.9.9.9" ];
|
networking.nameservers = [
|
||||||
|
"193.110.81.0#dns0.eu"
|
||||||
|
"2a0f:fc80::#dns0.eu"
|
||||||
|
"185.253.5.0#dns0.eu"
|
||||||
|
"2a0f:fc81::#dns0.eu"
|
||||||
|
];
|
||||||
|
|
||||||
services.openssh.openFirewall = true;
|
services.openssh.openFirewall = true;
|
||||||
|
|
||||||
|
@ -25,4 +30,14 @@
|
||||||
address = "fe80::1";
|
address = "fe80::1";
|
||||||
interface = "enp1s0";
|
interface = "enp1s0";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Caddy reverse proxy for local services like cups
|
||||||
|
services.caddy = {
|
||||||
|
globalConfig = ''
|
||||||
|
default_bind 128.140.109.213 2a01:4f8:c2c:b60::
|
||||||
|
# auto_https off
|
||||||
|
email acme@benjaminbaedorf.eu
|
||||||
|
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
|
||||||
|
'';
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
0
hosts/frikandel/website.nix
Normal file
0
hosts/frikandel/website.nix
Normal file
|
@ -68,4 +68,6 @@ in {
|
||||||
|
|
||||||
"invoiceplane-db-password.age".publicKeys = pieKeys ++ baseKeys;
|
"invoiceplane-db-password.age".publicKeys = pieKeys ++ baseKeys;
|
||||||
"invoiceplane-db-secrets.env.age".publicKeys = pieKeys ++ baseKeys;
|
"invoiceplane-db-secrets.env.age".publicKeys = pieKeys ++ baseKeys;
|
||||||
|
|
||||||
|
"mail@b12f.io-password.age".publicKeys = frikandelKeys ++ baseKeys;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue