feat: init mailing
This commit is contained in:
parent
defa1dd4b5
commit
4d87bfe502
|
@ -5,5 +5,7 @@
|
|||
|
||||
./networking.nix
|
||||
./wireguard.nix
|
||||
./email.nix
|
||||
./website.nix
|
||||
];
|
||||
}
|
||||
|
|
35
hosts/frikandel/email.nix
Normal file
35
hosts/frikandel/email.nix
Normal file
|
@ -0,0 +1,35 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
age.secrets."mail@b12f.io-password" = {
|
||||
file = "${flake.self}/secrets/mail@b12f.io-password.age";
|
||||
mode = "400";
|
||||
owner = "maddy";
|
||||
};
|
||||
|
||||
services.maddy = {
|
||||
enable = true;
|
||||
primaryDomain = "b12f.io";
|
||||
|
||||
ensureAccounts = [
|
||||
"mail@b12f.io"
|
||||
];
|
||||
|
||||
ensureCredentials = {
|
||||
# Do not use this in production. This will make passwords world-readable
|
||||
# in the Nix store
|
||||
"mail@b12f.io".passwordFile = "${pkgs.writeText "postmaster" "test"}";
|
||||
};
|
||||
|
||||
tls = {
|
||||
certificates = [
|
||||
{
|
||||
keyPath = "";
|
||||
certPath = "";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -7,7 +7,12 @@
|
|||
}: {
|
||||
networking.hostName = "frikandel";
|
||||
networking.hostId = "44234773";
|
||||
networking.nameservers = [ "9.9.9.9" ];
|
||||
networking.nameservers = [
|
||||
"193.110.81.0#dns0.eu"
|
||||
"2a0f:fc80::#dns0.eu"
|
||||
"185.253.5.0#dns0.eu"
|
||||
"2a0f:fc81::#dns0.eu"
|
||||
];
|
||||
|
||||
services.openssh.openFirewall = true;
|
||||
|
||||
|
@ -25,4 +30,14 @@
|
|||
address = "fe80::1";
|
||||
interface = "enp1s0";
|
||||
};
|
||||
|
||||
# Caddy reverse proxy for local services like cups
|
||||
services.caddy = {
|
||||
globalConfig = ''
|
||||
default_bind 128.140.109.213 2a01:4f8:c2c:b60::
|
||||
# auto_https off
|
||||
email acme@benjaminbaedorf.eu
|
||||
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
0
hosts/frikandel/website.nix
Normal file
0
hosts/frikandel/website.nix
Normal file
|
@ -68,4 +68,6 @@ in {
|
|||
|
||||
"invoiceplane-db-password.age".publicKeys = pieKeys ++ baseKeys;
|
||||
"invoiceplane-db-secrets.env.age".publicKeys = pieKeys ++ baseKeys;
|
||||
|
||||
"mail@b12f.io-password.age".publicKeys = frikandelKeys ++ baseKeys;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue