rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2025-04-26 00:18:28 +02:00
Code Issues Projects Releases Packages Wiki Activity

falkenstein: switch to caddy

Browse source
This commit is contained in:
Rouven Seifert 2024-05-23 15:44:49 +02:00
parent 7811c95ecf
commit c96d8b7103
13 changed files with 76 additions and 121 deletions
Download patch file Download diff file Expand all files Collapse all files

15
hosts/falkenstein/modules/mail/default.nix
View file

@ -8,17 +8,6 @@ in
./dovecot2.nix
./rspamd.nix
];
security.acme.certs."${domain}" = {
reloadServices = [
"postfix.service"
"dovecot2.service"
];
};
services.nginx.virtualHosts = {
"${domain}" = {
enableACME = true;
forceSSL = true;
};
};
# acquire certificates
services.caddy.virtualHosts."${domain}".extraConfig = "";
}

4
hosts/falkenstein/modules/mail/dovecot2.nix
View file

@ -14,8 +14,8 @@ in
enableQuota = false;
enableLmtp = true;
mailLocation = "maildir:/var/mail/%n";
sslServerCert = "/var/lib/acme/${hostname}/fullchain.pem";
sslServerKey = "/var/lib/acme/${hostname}/key.pem";
sslServerCert = "/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${hostname}/${hostname}.crt";
sslServerKey = "/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${hostname}/${hostname}.key";
protocols = [ "imap" "sieve" ];
mailPlugins = {
globally.enable = [ "listescape" ];

4
hosts/falkenstein/modules/mail/postfix.nix
View file

@ -33,8 +33,8 @@ in
origin = "${domain}";
destination = [ "${hostname}" "${domain}" "localhost" ];
networks = [ "127.0.0.1" ];
sslCert = "/var/lib/acme/${hostname}/fullchain.pem";
sslKey = "/var/lib/acme/${hostname}/key.pem";
sslCert = "/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${hostname}/${hostname}.crt";
sslKey = "/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${hostname}/${hostname}.key";
config = {
# home_mailbox = "Maildir/";
smtp_helo_name = config.networking.fqdn;

11
hosts/falkenstein/modules/mail/rspamd.nix
View file

@ -38,14 +38,9 @@
enable = true;
};
};
nginx.virtualHosts."rspamd.${config.networking.domain}" = {
locations = {
"/" = {
proxyPass = "http://127.0.0.1:11334";
proxyWebsockets = true;
};
};
};
caddy.virtualHosts."rspamd.${config.networking.domain}".extraConfig = ''
reverse_proxy 127.0.0.1:11334
'';
};
systemd = {
services.rspamd-dmarc-report = {