Personal-use NixOS configuration
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Create MTA-STS snippet, split autoconfig into own module

encode42 bd90edf1 8f0686a7

+58 -14
+1 -11
hosts/index/config/groupware/maddy.nix
··· 7 7 inherit domain; 8 8 9 9 email = "postmaster@${domain}"; 10 - }; 11 10 12 - autoconfigModule = import (flakeRoot + /packages/server/groupware/autoconfig.nix) { 13 - inherit domain; 14 - 15 - hosts = [ 16 - { 17 - name = "autoconfig.${domain}"; 18 - ssl = "cloudflare"; 19 - } 20 - ]; 11 + ssl = "cloudflare"; 21 12 }; 22 13 in 23 14 { 24 15 imports = [ 25 16 maddyModule 26 - autoconfigModule 27 17 ]; 28 18 29 19 services.maddy = {
+23 -3
packages/server/groupware/maddy.nix
··· 1 - { domain, email }: 2 - 3 - { config, ... }: 1 + { 2 + domain, 3 + email, 4 + ssl, 5 + }: 4 6 5 7 let 6 8 subdomain = "mx.${domain}"; 9 + 10 + tlsModule = import ./mta-sts.nix { 11 + inherit domain ssl; 12 + }; 13 + 14 + autoconfigModule = import ./autoconfig.nix { 15 + inherit domain; 16 + 17 + hosts = [ 18 + { 19 + name = "autoconfig.${domain}"; 20 + ssl = "cloudflare"; 21 + } 22 + ]; 23 + }; 7 24 in 8 25 { 9 26 imports = [ 10 27 ../databases/postgresql.nix 11 28 ./rspamd.nix 29 + 30 + tlsModule 31 + autoconfigModule 12 32 ]; 13 33 14 34 services.postgresql = {
+34
packages/server/groupware/mta-sts.nix
··· 1 + { domain, ssl }: 2 + 3 + { pkgs, flakeLib, ... }: 4 + 5 + let 6 + tlsDomain = "mta-sts.${domain}"; 7 + in 8 + { 9 + services.caddy.virtualHosts = 10 + flakeLib.mkProxies 11 + [ 12 + { 13 + name = tlsDomain; 14 + 15 + inherit ssl; 16 + } 17 + ] 18 + '' 19 + file_server 20 + 21 + root * ${ 22 + pkgs.runCommand "testdir" { } '' 23 + mkdir -p "$out/.well-known" 24 + 25 + echo " 26 + version: STSv1 27 + mode: enforce 28 + max_age: 604800 29 + mx: ${tlsDomain} 30 + " > "$out/.well-known/mta-sts.txt" 31 + '' 32 + } 33 + ''; 34 + }