This commit is contained in:
Benjamin Bädorf 2024-01-03 21:08:59 +01:00
parent 523837b276
commit 6e2798a0d4
No known key found for this signature in database
GPG key ID: 1B7BF5B77A521346
2 changed files with 18 additions and 6 deletions

View file

@ -24,11 +24,16 @@ in {
owner = "maddy";
};
users.users.maddy.extraGroups = [ "nginx" ];
security.acme.certs = {
"mail.b12f.io" = {
reloadServices = [ "maddy" ];
group = "maddy";
};
"b12f.io" = {
reloadServices = [ "maddy" ];
};
"mta-sts.b12f.io" = {};
"mta-sts.${hzDomain}" = {};
};
@ -62,9 +67,11 @@ in {
echo '${dkimDNSb12fio}' >> /var/lib/maddy/dkim_keys/b12f.io_default.dns
'';
networking.firewall.allowedTCPPorts = [ 25 587 993 ];
services.maddy = {
enable = true;
openFirewall = true;
openFirewall = false;
hostname = "mail.b12f.io";
primaryDomain = "b12f.io";
ensureAccounts = [
@ -82,6 +89,10 @@ in {
keyPath = "${config.security.acme.certs."mail.b12f.io".directory}/key.pem";
certPath = "${config.security.acme.certs."mail.b12f.io".directory}/cert.pem";
}
{
keyPath = "${config.security.acme.certs."b12f.io".directory}/key.pem";
certPath = "${config.security.acme.certs."b12f.io".directory}/cert.pem";
}
];
};
config = ''
@ -169,7 +180,7 @@ in {
}
}
submission tcp://0.0.0.0:587 {
submission tls://0.0.0.0:587 {
limits {
all rate 50 1s
}
@ -227,7 +238,7 @@ in {
}
}
imap tcp://0.0.0.0:143 {
imap tls://0.0.0.0:993 {
auth &local_authdb
storage &local_mailboxes
}

View file

@ -46,7 +46,7 @@ type = IMAP
remotehost = mail.greenbaum.zone
remoteport = 993
remoteuser = admins@pub.solar
remotepasseval = get_secret("service", "smtp", "host", "mail.greenbaum.cloud", "user", "admins@pub.solar")
remotepasseval = get_secret("service", "smtp", "host", "mail.greenbaum.zone", "user", "admins@pub.solar")
sslcacertfile = /etc/ssl/certs/ca-certificates.crt
ssl = yes
@ -63,7 +63,7 @@ type = IMAP
remotehost = mail.greenbaum.zone
remoteport = 993
remoteuser = crew@pub.solar
remotepasseval = get_secret("service", "smtp", "host", "mail.greenbaum.cloud", "user", "crew@pub.solar")
remotepasseval = get_secret("service", "smtp", "host", "mail.greenbaum.zone", "user", "crew@pub.solar")
sslcacertfile = /etc/ssl/certs/ca-certificates.crt
ssl = yes
@ -79,9 +79,10 @@ localfolders = ~/Mail/mail@b12f.io
type = IMAP
remotehost = mail.b12f.io
remoteuser = mail@b12f.io
remoteport = 143
remoteport = 993
remotepasseval = get_secret("service", "smtp", "host", "mail.b12f.io", "user", "mail@b12f.io")
sslcacertfile = /etc/ssl/certs/ca-certificates.crt
ssl = yes
[Account RWTH]
localrepository = LocalRWTH