From d031f5e5b319cf2b07d27f10564c1573be29d13d Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Wed, 24 May 2023 17:08:44 +0200 Subject: [PATCH] enable rspamd --- hosts/falkenstein-1/default.nix | 2 +- hosts/falkenstein-1/modules/mail/default.nix | 11 +++++++++++ secrets/falkenstein-1.yaml | 5 +++-- users/rouven/modules/accounts/default.nix | 2 +- 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/hosts/falkenstein-1/default.nix b/hosts/falkenstein-1/default.nix index 7c6bf72..4193b8b 100644 --- a/hosts/falkenstein-1/default.nix +++ b/hosts/falkenstein-1/default.nix @@ -51,7 +51,7 @@ # Enable the OpenSSH daemon. services.openssh = { enable = true; - passwordAuthentication = false; + settings.PasswordAuthentication = false; }; users.users.root.openssh.authorizedKeys.keyFiles = [ #../../keys/ssh/rouven-thinkpad diff --git a/hosts/falkenstein-1/modules/mail/default.nix b/hosts/falkenstein-1/modules/mail/default.nix index eb55ddf..823dbad 100644 --- a/hosts/falkenstein-1/modules/mail/default.nix +++ b/hosts/falkenstein-1/modules/mail/default.nix @@ -1,6 +1,7 @@ { config, ... }: { sops.secrets."mail/rouven".owner = config.users.users.postfix.name; + sops.secrets."rspamd".owner = config.users.users.rspamd.name; mailserver = rec { enable = true; fqdn = "mail.rfive.de"; @@ -14,4 +15,14 @@ }; certificateScheme = 3; }; + services.rspamd.locals."worker-controller.inc".source = config.sops.secrets."rspamd".path; + services.nginx.virtualHosts."rspamd.rfive.de" = { + enableACME = true; + forceSSL = true; + locations = { + "/" = { + proxyPass = "http://unix:/run/rspamd/worker-controller.sock:/"; + }; + }; + }; } diff --git a/secrets/falkenstein-1.yaml b/secrets/falkenstein-1.yaml index 33f8b40..8791606 100644 --- a/secrets/falkenstein-1.yaml +++ b/secrets/falkenstein-1.yaml @@ -2,6 +2,7 @@ purge: environment: ENC[AES256_GCM,data:+QIP6MzKi0a6PJxNuQHOYBNW6rWEcoij1KCKwManSBUxEH3ftG5mZYMtd+OIdL5FPa29qxeHPbSU18MhAcAt9KNykKwjfEa1NqFloYrCF7VDUb7TbD//1TeW8/ni4LdcgimRHEGQhlDiymgZB/5kR1wdse4+9uafoLOZJb05cyN9OFWwEOM/LQHaJq0RLcmEIx7OEs0/jXU2boNcAX1tMpfxoiIj5U0P94K6pj5odeo8SYGB0yflYM0O0hSqGkdSG4GihfvTzg2i8w==,iv:VuzQcs6eQukZJ8dCSuL/1LYr6ir18nJVKcALx0Uzcss=,tag:cBPliz+7je0AhJwffSgHVg==,type:str] mail: rouven: ENC[AES256_GCM,data:aUUH36pDczOufIgDKWz3obcQOloKBpydZfXMUDHGrsJ3h8O0kZYFmq389L86PJ2YISTd7Jv8PfUYPdLi3e80UggKh7SdtP/bBw==,iv:XgZNmCR+XZhjMxV6H2mtepqt4YUADG+45m9P8jdLVNY=,tag:p2RNQ7uBNctJqm69kXxTug==,type:str] +rspamd: ENC[AES256_GCM,data:Q4V/0aPl9K+ba3aKAZH5Q0lnixIAQBMgPTmMfDP1ZnYAObVc,iv:NBlFpAVBw8az1qEQd+vDmzUHGPMQYuok9MXydHgx8IY=,tag:QptoxnuA+1XB4/0Zd9Yr3Q==,type:str] sops: kms: [] gcp_kms: [] @@ -17,8 +18,8 @@ sops: NGlZbU8rcWJRbGE5OEFHdUNqZ2xUS2sK/r7qJHfTP0REcM2PYM95XT0onnCYXzam 20BgfynX3PJE2QVcgl8rr7ssuKxESi+tY/1VB0l8Tryxe6hr/p5IVg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-05-24T14:31:20Z" - mac: ENC[AES256_GCM,data:5nqafjSaGX6mU+V2BiKiM2hW3eGKBx8594epZM84N03xlOd0vyBQfGB7e0F4lvL0xyHyeJpqmTAiedPoqmHS/9bwe2y9CsmVdhhICEnLofHBkf2ckCZlPsyvWqvjokNVJ7zyz2xWDI+CnmPphTY0tMoJclzi5cLqnecB/hmizFY=,iv:40eNtolJgTIh06IVLNMbbr3ktbJuF8i5CBWy0JOkJxA=,tag:QCnMT8w7Ejdy1QssQnuolQ==,type:str] + lastmodified: "2023-05-24T14:54:23Z" + mac: ENC[AES256_GCM,data:33ci4VTHMb9+So3BuITqB5CscTV/X+Ln18uE/NJX9w20FpxxcEVAUumtnXCdKwL2RKyN5217qyfe46eIg7eMV7tvTmg2uTjMqnjeqOrAqp++uUHCFgRccL8X6d7OVFJHDX4tXJBgmb4y6VZkoLyuYNswJut6JsI2jkhvYuTVtsM=,iv:ExpRJJMHK7dsq+ZG9kilQDDJpFtY2OTuk4fG5tLCPT4=,tag:Y6hNdvjNs5WxtH480jdZpw==,type:str] pgp: - created_at: "2023-04-12T15:47:07Z" enc: |- diff --git a/users/rouven/modules/accounts/default.nix b/users/rouven/modules/accounts/default.nix index 789f1b1..4c35cff 100644 --- a/users/rouven/modules/accounts/default.nix +++ b/users/rouven/modules/accounts/default.nix @@ -42,7 +42,7 @@ in address = "rouven@rfive.de"; gpg.key = gpg-default-key; realName = "Rouven Seifert"; - userName = "rouven"; + userName = address; passwordCommand = "${pkgs.coreutils}/bin/cat $XDG_RUNTIME_DIR/secrets/email/rfive"; imap = { host = "mail.rfive.de";