feat: init mailing

This commit is contained in:
Benjamin Bädorf 2023-11-12 18:33:58 +01:00
parent defa1dd4b5
commit 4d87bfe502
No known key found for this signature in database
GPG key ID: 1B7BF5B77A521346
5 changed files with 55 additions and 1 deletions

View file

@ -5,5 +5,7 @@
./networking.nix
./wireguard.nix
./email.nix
./website.nix
];
}

35
hosts/frikandel/email.nix Normal file
View file

@ -0,0 +1,35 @@
{
pkgs,
lib,
...
}: {
age.secrets."mail@b12f.io-password" = {
file = "${flake.self}/secrets/mail@b12f.io-password.age";
mode = "400";
owner = "maddy";
};
services.maddy = {
enable = true;
primaryDomain = "b12f.io";
ensureAccounts = [
"mail@b12f.io"
];
ensureCredentials = {
# Do not use this in production. This will make passwords world-readable
# in the Nix store
"mail@b12f.io".passwordFile = "${pkgs.writeText "postmaster" "test"}";
};
tls = {
certificates = [
{
keyPath = "";
certPath = "";
}
];
};
};
}

View file

@ -7,7 +7,12 @@
}: {
networking.hostName = "frikandel";
networking.hostId = "44234773";
networking.nameservers = [ "9.9.9.9" ];
networking.nameservers = [
"193.110.81.0#dns0.eu"
"2a0f:fc80::#dns0.eu"
"185.253.5.0#dns0.eu"
"2a0f:fc81::#dns0.eu"
];
services.openssh.openFirewall = true;
@ -25,4 +30,14 @@
address = "fe80::1";
interface = "enp1s0";
};
# Caddy reverse proxy for local services like cups
services.caddy = {
globalConfig = ''
default_bind 128.140.109.213 2a01:4f8:c2c:b60::
# auto_https off
email acme@benjaminbaedorf.eu
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
'';
};
}

View file

View file

@ -68,4 +68,6 @@ in {
"invoiceplane-db-password.age".publicKeys = pieKeys ++ baseKeys;
"invoiceplane-db-secrets.env.age".publicKeys = pieKeys ++ baseKeys;
"mail@b12f.io-password.age".publicKeys = frikandelKeys ++ baseKeys;
}