Fachschaft/nixConfig
5
2
Fork 2
Code Issues 11 Pull requests 1 Projects Wiki Activity

Allow unpacking stalwart's webadmin interface

Browse source
This commit is contained in:
Gonne 2025-02-28 11:13:59 +01:00
parent 01951eadad
commit beaab16ffa
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nixos/modules/mail.nix
View file

@ -148,6 +148,7 @@ in {
# In order to accept mail that we only forward # In order to accept mail that we only forward
# without having to generate an account. # without having to generate an account.
# Invalid addresses are filtered by DFN beforehand. # Invalid addresses are filtered by DFN beforehand.
# See also https://stalw.art/docs/smtp/inbound/rcpt/#catch-all-addresses
catch-all = true; catch-all = true;
relay = [ relay = [
{ {
@ -267,6 +268,7 @@ in {
"stalwart-mail" = { "stalwart-mail" = {
restartTriggers = lib.attrsets.mapAttrsToList (_: aliaslist: aliaslist.sopsFile) config.sops.secrets; # restart if secrets, especially alias files, have changed. restartTriggers = lib.attrsets.mapAttrsToList (_: aliaslist: aliaslist.sopsFile) config.sops.secrets; # restart if secrets, especially alias files, have changed.
serviceConfig.PrivateTmp = lib.mkForce false; # enable access to generated Sieve script serviceConfig.PrivateTmp = lib.mkForce false; # enable access to generated Sieve script
serviceConfig.ProtectSystem = lib.mkForce "full"; # "strict" does not allow writing to /tmp which we need for unpacking the webadmin interface. "full" is less strict.
}; };
"virt-aliases-generator" = { "virt-aliases-generator" = {
description = "Virtual Aliases Generator: Generate a sieve script from the virtual alias file"; description = "Virtual Aliases Generator: Generate a sieve script from the virtual alias file";