pyrox.dev / nix
My Nix Configuration
2
fork

Configure Feed

Select the types of activity you want to include in your feed.

[prefect] fix stalwart config

dish e0a46a56 a5297f2f

+8 -7
+1 -1
hosts/prefect/services/acme.nix
··· 10 10 "autoconfig.pyrox.dev" 11 11 "autodiscover.pyrox.dev" 12 12 ]; 13 - reloadServices = [ "stalwart-mail" ]; 13 + reloadServices = [ "stalwart" ]; 14 14 }; 15 15 defaults = { 16 16 # LE Production Server
+7 -6
hosts/prefect/services/mailserver/default.nix
··· 6 6 }: 7 7 let 8 8 d = self.lib.data.mail; 9 - cfg = config.services.stalwart-mail; 9 + cfg = config.services.stalwart; 10 10 sec = config.age.secrets; 11 - credsDir = "/run/credentials/stalwart-mail.service"; 11 + credsDir = "/run/credentials/stalwart.service"; 12 12 certDir = config.security.acme.certs."pyroxdev-mail".directory; 13 13 isAuthenticated = d: { 14 14 "if" = "!is_empty(authenticated_as)"; ··· 22 22 "then" = d; 23 23 }; 24 24 smSecret = { 25 - owner = "stalwart-mail"; 26 - group = "stalwart-mail"; 25 + owner = cfg.user; 26 + inherit (cfg) group; 27 27 }; 28 28 in 29 29 { 30 - services.stalwart-mail = { 30 + services.stalwart = { 31 31 credentials = { 32 32 cert = "${certDir}/cert.pem"; 33 33 key = "${certDir}/key.pem"; ··· 195 195 }; 196 196 }; 197 197 }; 198 - systemd.services.stalwart-mail.serviceConfig = { 198 + systemd.services.stalwart.serviceConfig = { 199 199 Restart = lib.mkForce "always"; 200 200 RestartSec = lib.mkForce 1; 201 + ReadWritePaths = lib.mkForce [ ]; 201 202 }; 202 203 age.secrets = { 203 204 stalwart-secret-rsa = smSecret // {