maralorn/nixos-config
1
0
Fork 0
Code Wiki Activity

Remove mail container

Browse source
This commit is contained in:
Malte Brandy 2021-05-17 01:17:10 +02:00
parent 9bed3cc531
commit 323e8483e6
2 changed files with 54 additions and 71 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

123
nixos/machines/hera/mail.nix
View file

@ -1,83 +1,66 @@
{ config, lib, ... }:
let certPath = "/var/lib/acme/hera.m-0.eu";
in {
networking.firewall = { allowedTCPPorts = [ 25 143 587 993 ]; };
{ pkgs, config, lib, ... }:
let
certPath = "/var/lib/acme/hera.m-0.eu";
in
{
networking.firewall.allowedTCPPorts = [ 25 143 587 993 ];
m-0.monitoring = [
{
name = "mail container";
host = "hera-intern:9101";
container = true;
}
{
name = "postfix on hera";
host = "hera-intern:9154";
container = true;
}
];
containers.mail = {
bindMounts = {
"${certPath}" = { hostPath = certPath; };
"/var/www/rss" = {
hostPath = "/var/www/rss";
isReadOnly = false;
imports =
[ ../../roles "${(import ../../../nix/sources.nix).nixos-mailserver}" ];
systemd.services = {
rspamd = {
serviceConfig = {
Restart = "always";
RestartSec = 3;
};
};
autoStart = true;
config = { pkgs, lib, ... }: {
imports =
[ ../../roles "${(import ../../../nix/sources.nix).nixos-mailserver}" ];
systemd.services = {
rspamd = {
serviceConfig = {
Restart = "always";
RestartSec = 3;
};
unitConfig = {
StartLimitIntervalSec = 60;
StartLimitBurst = 15;
};
};
};
services = {
prometheus.exporters = {
node.port = 9101;
postfix = {
enable = true;
systemd.enable = true;
showqPath = "/var/lib/postfix/queue/public/showq";
user = "postfix";
};
};
postfix = {
networks = [ "[${config.m-0.prefix}::]/64" "10.0.0.0/24" ];
transport = "email2matrix.maralorn.de smtp:[::1]:2525";
config = {
# Allow TLSv1 because we need to be able to receive mail from legacy servers.
smtpd_tls_protocols = lib.mkForce
"TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv2, !SSLv3";
};
};
opendkim.keyPath = "/var/dkim";
};
mailserver = {
enable = true;
enableImapSsl = true;
fqdn = "hera.m-0.eu";
domains = [ "m-0.eu" "maralorn.de" "choreutes.de" "mathechor.de" ];
forwards = pkgs.privateValue { } "mail/forwards";
loginAccounts = pkgs.privateValue { } "mail/users";
hierarchySeparator = "/";
certificateScheme = 1;
certificateFile = "${certPath}/fullchain.pem";
keyFile = "${certPath}/key.pem";
policydSPFExtraConfig = ''
Mail_From_reject = False
HELO_Whitelist = hosteurope.de
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1,130.83.0.0/16
'';
unitConfig = {
StartLimitIntervalSec = 60;
StartLimitBurst = 15;
};
};
};
services = {
prometheus.exporters = {
postfix = {
enable = true;
systemd.enable = true;
showqPath = "/var/lib/postfix/queue/public/showq";
user = "postfix";
};
};
postfix = {
networks = [ "[${config.m-0.prefix}::]/64" "10.0.0.0/24" ];
transport = "email2matrix.maralorn.de smtp:[::1]:2525";
config = {
# Allow TLSv1 because we need to be able to receive mail from legacy servers.
smtpd_tls_protocols = lib.mkForce
"TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv2, !SSLv3";
};
};
opendkim.keyPath = "/var/dkim";
};
mailserver = {
enable = true;
enableImapSsl = true;
fqdn = "hera.m-0.eu";
domains = [ "m-0.eu" "maralorn.de" "choreutes.de" "mathechor.de" ];
forwards = pkgs.privateValue {} "mail/forwards";
loginAccounts = pkgs.privateValue {} "mail/users";
hierarchySeparator = "/";
certificateScheme = 1;
certificateFile = "${certPath}/fullchain.pem";
keyFile = "${certPath}/key.pem";
policydSPFExtraConfig = ''
Mail_From_reject = False
HELO_Whitelist = hosteurope.de
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1,130.83.0.0/16
'';
};
}

2
private

@ -1 +1 @@
Subproject commit bc02f51fcd0e689a7071ff2ca743e01ad6e3021b
Subproject commit f61df560095392c88828330db424939947790faa