diff --git a/hosts/metronom/mail.nix b/hosts/metronom/mail.nix index a68351e..db3a3b7 100644 --- a/hosts/metronom/mail.nix +++ b/hosts/metronom/mail.nix @@ -2,18 +2,65 @@ { age.secrets.mail-hensoko.file = "${flake.self}/secrets/mail/hensoko.age"; + age.secrets.mail-teutat3s.file = "${flake.self}/secrets/mail/teutat3s.age"; + age.secrets.mail-admins.file = "${flake.self}/secrets/mail/admins.age"; + age.secrets.mail-bot.file = "${flake.self}/secrets/mail/bot.age"; + age.secrets.mail-crew.file = "${flake.self}/secrets/mail/crew.age"; + age.secrets.mail-erpnext.file = "${flake.self}/secrets/mail/erpnext.age"; + age.secrets.mail-hakkonaut.file = "${flake.self}/secrets/mail/hakkonaut.age"; mailserver = { enable = true; fqdn = "metronom.pub.solar"; - domains = [ "pub.solar" ]; + domains = [ + "pub.solar" + "metronom.pub.solar" + ]; # A list of all login accounts. To create the password hashes, use # nix-shell -p mkpasswd --run 'mkpasswd -R11 -m bcrypt' loginAccounts = { "hensoko@pub.solar" = { hashedPasswordFile = config.age.secrets.mail-hensoko.path; - aliases = [ "postmaster@pub.solar" ]; + quota = "2G"; + }; + "teutat3s@metronom.pub.solar" = { + hashedPasswordFile = config.age.secrets.mail-teutat3s.path; + quota = "2G"; + }; + "admins@pub.solar" = { + hashedPasswordFile = config.age.secrets.mail-admins.path; + quota = "2G"; + aliases = [ + "abuse@pub.solar" + "alerts@pub.solar" + "forgejo@pub.solar" + "keycloak@pub.solar" + "mastodon-notifications@pub.solar" + "matrix@pub.solar" + "postmaster@pub.solar" + "nextcloud@pub.solar" + "no-reply@pub.solar" + "security@pub.solar" + ]; + }; + "bot@pub.solar" = { + hashedPasswordFile = config.age.secrets.mail-bot.path; + quota = "2G"; + aliases = [ "hackernews-bot@pub.solar" ]; + }; + "crew@pub.solar" = { + hashedPasswordFile = config.age.secrets.mail-crew.path; + quota = "2G"; + aliases = [ "moderation@pub.solar" ]; + }; + "erpnext@pub.solar" = { + hashedPasswordFile = config.age.secrets.mail-erpnext.path; + quota = "2G"; + }; + "hakkonaut@pub.solar" = { + hashedPasswordFile = config.age.secrets.mail-hakkonaut.path; + quota = "2G"; }; }; diff --git a/secrets/mail/admins.age b/secrets/mail/admins.age new file mode 100644 index 0000000..35b124d --- /dev/null +++ b/secrets/mail/admins.age @@ -0,0 +1,43 @@ +age-encryption.org/v1 +-> ssh-ed25519 UE5Ceg itjGMva3g5kcP0HUCeY0dOZOJAE6ZEcJHkiQP5AdtlY +JX+mKckyW94gjIjrtIdnU1ksERiJ5nf8isKrTYL56VI +-> ssh-ed25519 uYcDNw bQdxKyOcGSOW15jY6ZFBZ99qQRRGg234t2Wpfspp/TQ +ts2vPerMrUKP8iWWbzL/e4Odx/OC2asFn58EEYLZNJQ +-> ssh-rsa f5THog +BFZnBxxAYWYdpRtScMDGsm5J71bu0a0qrIwRAZ0XGFePJqhJUo0WIu2pPybbPP/H +bD07I4QMfwSh8arJ69XdiQJQyiu6MomvF0TpzOh83WRnGhsSl8qubI8UEPIYUeqC +5+NG6dkGOZut8HAdQIMUUGRt5UooX9BtKmK1HqifbROtY/W37Admgg/dp9D4xcTH +S3rthXxu6wdBEFHcf9nyjoDKlqeN7lkkFHxjeq+bL7QjbBL7b8bo/HWhb0nqddLE +aVythTyv8zv40MkoflDzGmf8dzfDXWIYwNxpc+59WOq80A6ZXDui8YUnpSWNboJ1 +UeqLLZ53vv4QJpKrPX0OWsa+CrdwLklwDrkSIAzoXdNevvO8bB1uFD+MEOdOiofv +WmWSATfSUJH9k6fWHzdUntOTdIy4B4EF8nkY8Pjl9Vc7aCfCuLlektAv/gs1V/JB +JlfR/bnEKmQ47QTeiI/2PhqAwglhqPqQa2Liboy81hV8EiSWXtA78NDihqK11sg4 +8q0acoYrcbLbd/50aH6LbR7HFIwLgH3L5uSIGFzHDXJYMx1/7yGi3/cI4pTQb8Ma +zbdbJNoCP4MrGj0d2sWV+1odwJvLXFoHRWDN4guLKDCUTnHSUWORqeWQkaD48uLG +R3lWrc5yuTyJ//rbhftYUEZslUEN88sl6x28ctv/MgE +-> ssh-rsa kFDS0A +asfzjKp9UIDMf1xRNebSKJH8VxwtMiPWj8NIxQnLdCvcPEUmt/tgF8NPPGCWt8Ug +v5Mc9VE1fBi3nUTrl6sgv60e76dZxVPj4RtTk4qrItkGSq/IZSqA6QdL/llRWeFT +dPqCH7MdWObjnv9yO45YBMd5m5stAZ0nH1OjmRuA5/bWgaCut7v9fcCvmabY/je0 +MYfnW+Sut+0PEcBvKZRGpoIn6zZsU/Iy5YaWrKCE5t4YSvOabqF3el6XP9ALU9p+ +7s1uZvJLg4AoOVNqF0ojFtBwx4SQT7/M5uIvufq8m/nManlAhG8OyFu+pGLPHStI +vKRS6d5oaoKu5ayKgvNx+OF26ZGxDzj9DyMe1+7TJfKxM8IrVKlK9QKjgDUaA5An +/eAP4r19SyL/Uv3JSVK2hjMb8alRscQbOkkTUal8AgBRMlwVJ6U5TThX+QZUttMe +P4a4B9Ya3AaGsbMXfzGGmipyLH/woVDBLkmliIobHB/m0mpHTghpp9T8qE9KuU5m +4SLq6GYv0wuywL2+x+XsG5ylwp2WFXsxZFfuBwHN4LBt9yCcre/Lg4ZyEjrAveB/ +s6amBSDAGd1dUz6AL8xke/aeUCG4Xpeh1hzTskXAWohUzpfGgaviByKKNOqKaL8u +nMJkAJ/D8AMsW7Hq3xfB4D1nzovrfPgvgb1Ks7XGnPg +-> piv-p256 vRzPNw AyKdhPWOtaGxIr5UaXIarIkwK7zkdyMjvmjSuub59m51 +wms4uXPQTsXRpUTmD2DnBMXqH8Gs6hm3bQ5P+w9s2tY +-> piv-p256 zqq/iw As73+bidsoISDw9EU/R7HA7isHg8UKjYm7bNFxov2wSK +CEJmOwZuwyw15uN9exqrq0qab2AoyRhk5eMji3adAc8 +-> ssh-ed25519 YFSOsg ribEOCQrOyG/6mhzlL+uSKwpyseSuJXlSY7Lhp49MEg +My8GcH8xINF09IXgr8sRLWRZXISsrg0/mng7SXEkhYI +-> ssh-ed25519 iHV63A hpjdSWYh34+DODfSzmL3241iFxskE4iimnn7xUZHfEU +3Vemy9416J95mHloDOXtG7O+pecpHmGiGM5dYUs+Ui4 +-> ssh-ed25519 BVsyTA sNx+ljwg5qtKba/LKUPmB9g5Vdbw9DAvCbTpxzwOCn4 +4BDEqht3vcTScSqzU/WOfT/1/bfAi1/KKAwnRPKA9xU +-> ssh-ed25519 +3V2lQ ACK4Hqz5CyyjkApxHW6V1AQEFr7x2wtpnJ1WKq2hyzo +2d14d/ZIua7y8kzRFxeY3KG5QoIxBxxyETpe+cwaNF0 +--- Wk4Fn6v6wvXM68oZCVdrO1knWUVf3GCgjjlAbcUaq7Y +$XZ ̰ $qB'/ֶhžRF#[ \ No newline at end of file diff --git a/secrets/mail/bot.age b/secrets/mail/bot.age new file mode 100644 index 0000000..b7c7cdf Binary files /dev/null and b/secrets/mail/bot.age differ diff --git a/secrets/mail/crew.age b/secrets/mail/crew.age new file mode 100644 index 0000000..716f7c6 Binary files /dev/null and b/secrets/mail/crew.age differ diff --git a/secrets/mail/erpnext.age b/secrets/mail/erpnext.age new file mode 100644 index 0000000..1e94d2e --- /dev/null +++ b/secrets/mail/erpnext.age @@ -0,0 +1,43 @@ +age-encryption.org/v1 +-> ssh-ed25519 UE5Ceg 1/D6g1AYmz6pl4MiikUcpiLBCtneFZg5B2Bs2ggLCG4 +VojSHHRKG3AmOuxs52eAboOPH6fGyeZ1zHKm1rrzVIs +-> ssh-ed25519 uYcDNw LESHLc/XrSfYmHxg7cMHJi3g9uzT+2mpcjzAnfeY4kU +ZGNOVqRikkeFuUle6YdlXyAWdfR1CoJdEKaAyVqCzfA +-> ssh-rsa f5THog +iJ+Wem+V0W5qP4uTHkKC5CDvnBss5NrVHS6a1ahuarLhLiKcpZ5J5EqQkeK7s09T +kOxObZMJvVMUkC/wAPtX/9SU1U46242I+fP7Sl82DXJn+gxvD1Qmbbt+AlxeTVnJ +rMQYftEKyRdkGeukYTWHmycq/L9b7yjXSevi0CIfUIhhhKHLc2peKhldEyMttNa5 +d8y8+GJo8D/GeWlH1qeL1jlfxzX9Ncycrd4XQcwrusfr44JxxfRRoHvqjM/sj/zQ +zjIElS4QSf/COXsH9mcGtIL4616ZdrcG+AdNO0vFrvJ1jFZVnFPspwMgQTAgSlX7 +pTRoXtQLu1gzP2300seCr2P84g1iN0J5zWsvCPG0J4MS8JlS6gORvj6BghucusEM +EVwz1uEcohMNJxXxszBu7uCfwq6YA3QP4IKu4heliiBhBeu6DmVQ6AJMaPUXQu10 +14iyanXeMQvbmFGNmJB5/iW1zGw4ftiZTYt0tcTKWkGdi+aMwRa8MTm4Jm6Wf4wr +4JcVY/lJcev32L/DBX6BO4BoISmwrc7LANcrPl2j4IZmYm5pqz8IOB/8KeRJnBQ6 +h15cZDeP+H9kHxV5H35zCE+dsOU58+4p6hCvRgFTW9w3q6ueJY5/iAuX8M2X4Q5U +CfYqOLK974xgYoVKomHINp1tgiu5MZ5DMazlF6J8sV8 +-> ssh-rsa kFDS0A +dPwtpZdXYsPixtnRFWO2J1j20DM3GNFr0n7bU9MPOSEYgjIzD4EumjZmlE4Wp7TN +4sEs9PRY8Vitz+bSN/dIWRIPuZcoFihdMrqJbC++Ht4qM9Bj3UZmdT5ugFn2g6CA +rhoXZ/4la9DeRS4tobbAJf5/dg+IC/AhV/YDt6AH2OWVj1+weXlAgOWa+7qbUext +iXbfGHj3TNqyjHrsgKkv02+TVJg6uPu+o/Y33ziw9DmGtTNqwPOG42OUKn5g9xu+ +HWbieHIDz0fKW/c+4r9rIPS2Aj6oB8Vksw5pSV9TPco9m2HIvE/mL0jVVCuARVOc +wCXxjScwQknPU5Jvb8EZtt0IZj+1AL4kH1jZ2CsBfQjIJUNAJ+XxSOmZIfogPQ2d +FrLIxJ4W/8SUXYPq26UWDSE2muMfUr51FnWxGTuwEuX5/pZMPVd/INIQsQtgyKze +T5DARjp8jR/+AqhDu2qPQxGdmVlQ0ik9lZWqn+wBRRcRSoiw98lxTJPxSSnLTBuh +IoDbdRfRKKIYXVueg9djm8LO//Ou1JwG15aV6ik3uzIRa+A8BHMMVD3AFRsLFtES +VOfj/PIKefpvOjsMGf8h6XbKeV9uTP4yw57q2B5Gsw4S67A4qsgogbzfq2fFbvg+ +OsWm2Gu944bv7NLdeHAPZepjsSMG7gFzdZj8D+m2Sv0 +-> piv-p256 vRzPNw A57l0XcYRd+haE2eQbfdC9f9NiwO1p6k7sTjP8pstjL4 ++ct6I/OtQXb1gXcNw9MYigDng8T3iWeZxU3ckryHsX8 +-> piv-p256 zqq/iw A+49aoS140RWHyS48XcmZzPD9jc5/0CNmidjMYTUjDli +fiR6cOLpjrmktXeE2DVUBCRNc1I4Y+g6bafgkzXkSYs +-> ssh-ed25519 YFSOsg QNzEaohmn0PjJaFxrvnXm5xZ+CvOvDSAAetGGGansTg +vI2vI4ghPbi2Tdxtg0Nf/plYO5Yiv78tI+PendK2Tug +-> ssh-ed25519 iHV63A 9hg6hVXoTfDBkhlhpIBlNDpsHNz4cfPeaXOAC84W8RQ +T3VSKwp/sng0pExF2oDcJAbGmOeHw/DGM0SpElFYGTM +-> ssh-ed25519 BVsyTA PJoxDYDsNpWGUr+xgDMh5SjE2en6E/0Of1wtaPcp1U0 +9T6bXzvoCLgirdhhDSggq5wRTjQ/fOedj68QMuA7Cmg +-> ssh-ed25519 +3V2lQ vVXvMp7u2mgDL55qBfmqMD2T6q2zPlsfULeuaw7zTyI +NTcHP8mQmo0suY1na55C3lW5YbyNK0TIc30q5aCJvws +--- jW5UIG4o+cJOASNCbJLwHLjXZEdtmblzkskkqCqPD8A +:kp׆歫}g%| (V͂ c{mB'zQ}p\}-!y \ No newline at end of file diff --git a/secrets/mail/hakkonaut.age b/secrets/mail/hakkonaut.age new file mode 100644 index 0000000..b55f712 Binary files /dev/null and b/secrets/mail/hakkonaut.age differ diff --git a/secrets/mail/teutat3s.age b/secrets/mail/teutat3s.age new file mode 100644 index 0000000..816665b Binary files /dev/null and b/secrets/mail/teutat3s.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 5af2c81..228f7bf 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -74,4 +74,10 @@ in # mail "mail/hensoko.age".publicKeys = metronomKeys ++ adminKeys; + "mail/teutat3s.age".publicKeys = metronomKeys ++ adminKeys; + "mail/admins.age".publicKeys = metronomKeys ++ adminKeys; + "mail/bot.age".publicKeys = metronomKeys ++ adminKeys; + "mail/crew.age".publicKeys = metronomKeys ++ adminKeys; + "mail/erpnext.age".publicKeys = metronomKeys ++ adminKeys; + "mail/hakkonaut.age".publicKeys = metronomKeys ++ adminKeys; }