Remove mail container
This commit is contained in:
parent
9bed3cc531
commit
323e8483e6
|
@ -1,83 +1,66 @@
|
|||
{ config, lib, ... }:
|
||||
let certPath = "/var/lib/acme/hera.m-0.eu";
|
||||
in {
|
||||
networking.firewall = { allowedTCPPorts = [ 25 143 587 993 ]; };
|
||||
{ pkgs, config, lib, ... }:
|
||||
let
|
||||
certPath = "/var/lib/acme/hera.m-0.eu";
|
||||
in
|
||||
{
|
||||
networking.firewall.allowedTCPPorts = [ 25 143 587 993 ];
|
||||
|
||||
m-0.monitoring = [
|
||||
{
|
||||
name = "mail container";
|
||||
host = "hera-intern:9101";
|
||||
container = true;
|
||||
}
|
||||
{
|
||||
name = "postfix on hera";
|
||||
host = "hera-intern:9154";
|
||||
container = true;
|
||||
}
|
||||
];
|
||||
|
||||
containers.mail = {
|
||||
bindMounts = {
|
||||
"${certPath}" = { hostPath = certPath; };
|
||||
"/var/www/rss" = {
|
||||
hostPath = "/var/www/rss";
|
||||
isReadOnly = false;
|
||||
imports =
|
||||
[ ../../roles "${(import ../../../nix/sources.nix).nixos-mailserver}" ];
|
||||
systemd.services = {
|
||||
rspamd = {
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
RestartSec = 3;
|
||||
};
|
||||
};
|
||||
autoStart = true;
|
||||
config = { pkgs, lib, ... }: {
|
||||
imports =
|
||||
[ ../../roles "${(import ../../../nix/sources.nix).nixos-mailserver}" ];
|
||||
systemd.services = {
|
||||
rspamd = {
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
RestartSec = 3;
|
||||
};
|
||||
unitConfig = {
|
||||
StartLimitIntervalSec = 60;
|
||||
StartLimitBurst = 15;
|
||||
};
|
||||
};
|
||||
};
|
||||
services = {
|
||||
prometheus.exporters = {
|
||||
node.port = 9101;
|
||||
postfix = {
|
||||
enable = true;
|
||||
systemd.enable = true;
|
||||
showqPath = "/var/lib/postfix/queue/public/showq";
|
||||
user = "postfix";
|
||||
};
|
||||
};
|
||||
postfix = {
|
||||
networks = [ "[${config.m-0.prefix}::]/64" "10.0.0.0/24" ];
|
||||
transport = "email2matrix.maralorn.de smtp:[::1]:2525";
|
||||
config = {
|
||||
# Allow TLSv1 because we need to be able to receive mail from legacy servers.
|
||||
smtpd_tls_protocols = lib.mkForce
|
||||
"TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv2, !SSLv3";
|
||||
};
|
||||
};
|
||||
opendkim.keyPath = "/var/dkim";
|
||||
};
|
||||
mailserver = {
|
||||
enable = true;
|
||||
enableImapSsl = true;
|
||||
fqdn = "hera.m-0.eu";
|
||||
domains = [ "m-0.eu" "maralorn.de" "choreutes.de" "mathechor.de" ];
|
||||
forwards = pkgs.privateValue { } "mail/forwards";
|
||||
loginAccounts = pkgs.privateValue { } "mail/users";
|
||||
hierarchySeparator = "/";
|
||||
certificateScheme = 1;
|
||||
certificateFile = "${certPath}/fullchain.pem";
|
||||
keyFile = "${certPath}/key.pem";
|
||||
policydSPFExtraConfig = ''
|
||||
Mail_From_reject = False
|
||||
HELO_Whitelist = hosteurope.de
|
||||
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1,130.83.0.0/16
|
||||
'';
|
||||
unitConfig = {
|
||||
StartLimitIntervalSec = 60;
|
||||
StartLimitBurst = 15;
|
||||
};
|
||||
};
|
||||
};
|
||||
services = {
|
||||
prometheus.exporters = {
|
||||
postfix = {
|
||||
enable = true;
|
||||
systemd.enable = true;
|
||||
showqPath = "/var/lib/postfix/queue/public/showq";
|
||||
user = "postfix";
|
||||
};
|
||||
};
|
||||
postfix = {
|
||||
networks = [ "[${config.m-0.prefix}::]/64" "10.0.0.0/24" ];
|
||||
transport = "email2matrix.maralorn.de smtp:[::1]:2525";
|
||||
config = {
|
||||
# Allow TLSv1 because we need to be able to receive mail from legacy servers.
|
||||
smtpd_tls_protocols = lib.mkForce
|
||||
"TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv2, !SSLv3";
|
||||
};
|
||||
};
|
||||
opendkim.keyPath = "/var/dkim";
|
||||
};
|
||||
mailserver = {
|
||||
enable = true;
|
||||
enableImapSsl = true;
|
||||
fqdn = "hera.m-0.eu";
|
||||
domains = [ "m-0.eu" "maralorn.de" "choreutes.de" "mathechor.de" ];
|
||||
forwards = pkgs.privateValue {} "mail/forwards";
|
||||
loginAccounts = pkgs.privateValue {} "mail/users";
|
||||
hierarchySeparator = "/";
|
||||
certificateScheme = 1;
|
||||
certificateFile = "${certPath}/fullchain.pem";
|
||||
keyFile = "${certPath}/key.pem";
|
||||
policydSPFExtraConfig = ''
|
||||
Mail_From_reject = False
|
||||
HELO_Whitelist = hosteurope.de
|
||||
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1,130.83.0.0/16
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
2
private
2
private
|
@ -1 +1 @@
|
|||
Subproject commit bc02f51fcd0e689a7071ff2ca743e01ad6e3021b
|
||||
Subproject commit f61df560095392c88828330db424939947790faa
|
Loading…
Reference in a new issue