fix: fix mail@b12f.io

2024-01-03 21:08:59 +01:00 · 2024-01-03 21:08:59 +01:00 · 6e2798a0d4
parent 523837b276
commit 6e2798a0d4
2 changed files with 18 additions and 6 deletions
--- a/hosts/frikandel/email.nix
+++ b/hosts/frikandel/email.nix
@ -24,11 +24,16 @@ in {
    owner = "maddy";
  };

+  users.users.maddy.extraGroups = [ "nginx" ];
+
  security.acme.certs = {
    "mail.b12f.io" = {
      reloadServices = [ "maddy" ];
      group = "maddy";
    };
+    "b12f.io" = {
+      reloadServices = [ "maddy" ];
+    };
    "mta-sts.b12f.io" = {};
    "mta-sts.${hzDomain}" = {};
  };
@ -62,9 +67,11 @@ in {
    echo '${dkimDNSb12fio}' >> /var/lib/maddy/dkim_keys/b12f.io_default.dns
  '';

+  networking.firewall.allowedTCPPorts = [ 25 587 993 ];
+
  services.maddy = {
    enable = true;
-    openFirewall = true;
+    openFirewall = false;
    hostname = "mail.b12f.io";
    primaryDomain = "b12f.io";
    ensureAccounts = [
@ -82,6 +89,10 @@ in {
          keyPath = "${config.security.acme.certs."mail.b12f.io".directory}/key.pem";
          certPath = "${config.security.acme.certs."mail.b12f.io".directory}/cert.pem";
        }
+        {
+          keyPath = "${config.security.acme.certs."b12f.io".directory}/key.pem";
+          certPath = "${config.security.acme.certs."b12f.io".directory}/cert.pem";
+        }
      ];
    };
    config = ''
@ -169,7 +180,7 @@ in {
        }
      }

-      submission tcp://0.0.0.0:587 {
+      submission tls://0.0.0.0:587 {
        limits {
          all rate 50 1s
        }
@ -227,7 +238,7 @@ in {
        }
      }

-      imap tcp://0.0.0.0:143 {
+      imap tls://0.0.0.0:993 {
        auth &local_authdb
        storage &local_mailboxes
      }
--- a/users/b12f/email/.config/offlineimap/config
+++ b/users/b12f/email/.config/offlineimap/config
@ -46,7 +46,7 @@ type = IMAP
 remotehost = mail.greenbaum.zone
 remoteport = 993
 remoteuser = admins@pub.solar
-remotepasseval = get_secret("service", "smtp", "host", "mail.greenbaum.cloud", "user", "admins@pub.solar")
+remotepasseval = get_secret("service", "smtp", "host", "mail.greenbaum.zone", "user", "admins@pub.solar")
 sslcacertfile = /etc/ssl/certs/ca-certificates.crt
 ssl = yes

@ -63,7 +63,7 @@ type = IMAP
 remotehost = mail.greenbaum.zone
 remoteport = 993
 remoteuser = crew@pub.solar
-remotepasseval = get_secret("service", "smtp", "host", "mail.greenbaum.cloud", "user", "crew@pub.solar")
+remotepasseval = get_secret("service", "smtp", "host", "mail.greenbaum.zone", "user", "crew@pub.solar")
 sslcacertfile = /etc/ssl/certs/ca-certificates.crt
 ssl = yes

@ -79,9 +79,10 @@ localfolders = ~/Mail/mail@b12f.io
 type = IMAP
 remotehost = mail.b12f.io
 remoteuser = mail@b12f.io
-remoteport = 143
+remoteport = 993
 remotepasseval = get_secret("service", "smtp", "host", "mail.b12f.io", "user", "mail@b12f.io")
 sslcacertfile = /etc/ssl/certs/ca-certificates.crt
+ssl = yes

 [Account RWTH]
 localrepository = LocalRWTH