mirror of
https://git.sr.ht/~rouven/nixos-config
synced 2024-11-15 05:13:10 +01:00
enable rspamd
This commit is contained in:
parent
ff990ac5ba
commit
d031f5e5b3
|
@ -51,7 +51,7 @@
|
||||||
# Enable the OpenSSH daemon.
|
# Enable the OpenSSH daemon.
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
passwordAuthentication = false;
|
settings.PasswordAuthentication = false;
|
||||||
};
|
};
|
||||||
users.users.root.openssh.authorizedKeys.keyFiles = [
|
users.users.root.openssh.authorizedKeys.keyFiles = [
|
||||||
#../../keys/ssh/rouven-thinkpad
|
#../../keys/ssh/rouven-thinkpad
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
{ config, ... }:
|
{ config, ... }:
|
||||||
{
|
{
|
||||||
sops.secrets."mail/rouven".owner = config.users.users.postfix.name;
|
sops.secrets."mail/rouven".owner = config.users.users.postfix.name;
|
||||||
|
sops.secrets."rspamd".owner = config.users.users.rspamd.name;
|
||||||
mailserver = rec {
|
mailserver = rec {
|
||||||
enable = true;
|
enable = true;
|
||||||
fqdn = "mail.rfive.de";
|
fqdn = "mail.rfive.de";
|
||||||
|
@ -14,4 +15,14 @@
|
||||||
};
|
};
|
||||||
certificateScheme = 3;
|
certificateScheme = 3;
|
||||||
};
|
};
|
||||||
|
services.rspamd.locals."worker-controller.inc".source = config.sops.secrets."rspamd".path;
|
||||||
|
services.nginx.virtualHosts."rspamd.rfive.de" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
locations = {
|
||||||
|
"/" = {
|
||||||
|
proxyPass = "http://unix:/run/rspamd/worker-controller.sock:/";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,6 +2,7 @@ purge:
|
||||||
environment: ENC[AES256_GCM,data:+QIP6MzKi0a6PJxNuQHOYBNW6rWEcoij1KCKwManSBUxEH3ftG5mZYMtd+OIdL5FPa29qxeHPbSU18MhAcAt9KNykKwjfEa1NqFloYrCF7VDUb7TbD//1TeW8/ni4LdcgimRHEGQhlDiymgZB/5kR1wdse4+9uafoLOZJb05cyN9OFWwEOM/LQHaJq0RLcmEIx7OEs0/jXU2boNcAX1tMpfxoiIj5U0P94K6pj5odeo8SYGB0yflYM0O0hSqGkdSG4GihfvTzg2i8w==,iv:VuzQcs6eQukZJ8dCSuL/1LYr6ir18nJVKcALx0Uzcss=,tag:cBPliz+7je0AhJwffSgHVg==,type:str]
|
environment: ENC[AES256_GCM,data:+QIP6MzKi0a6PJxNuQHOYBNW6rWEcoij1KCKwManSBUxEH3ftG5mZYMtd+OIdL5FPa29qxeHPbSU18MhAcAt9KNykKwjfEa1NqFloYrCF7VDUb7TbD//1TeW8/ni4LdcgimRHEGQhlDiymgZB/5kR1wdse4+9uafoLOZJb05cyN9OFWwEOM/LQHaJq0RLcmEIx7OEs0/jXU2boNcAX1tMpfxoiIj5U0P94K6pj5odeo8SYGB0yflYM0O0hSqGkdSG4GihfvTzg2i8w==,iv:VuzQcs6eQukZJ8dCSuL/1LYr6ir18nJVKcALx0Uzcss=,tag:cBPliz+7je0AhJwffSgHVg==,type:str]
|
||||||
mail:
|
mail:
|
||||||
rouven: ENC[AES256_GCM,data:aUUH36pDczOufIgDKWz3obcQOloKBpydZfXMUDHGrsJ3h8O0kZYFmq389L86PJ2YISTd7Jv8PfUYPdLi3e80UggKh7SdtP/bBw==,iv:XgZNmCR+XZhjMxV6H2mtepqt4YUADG+45m9P8jdLVNY=,tag:p2RNQ7uBNctJqm69kXxTug==,type:str]
|
rouven: ENC[AES256_GCM,data:aUUH36pDczOufIgDKWz3obcQOloKBpydZfXMUDHGrsJ3h8O0kZYFmq389L86PJ2YISTd7Jv8PfUYPdLi3e80UggKh7SdtP/bBw==,iv:XgZNmCR+XZhjMxV6H2mtepqt4YUADG+45m9P8jdLVNY=,tag:p2RNQ7uBNctJqm69kXxTug==,type:str]
|
||||||
|
rspamd: ENC[AES256_GCM,data:Q4V/0aPl9K+ba3aKAZH5Q0lnixIAQBMgPTmMfDP1ZnYAObVc,iv:NBlFpAVBw8az1qEQd+vDmzUHGPMQYuok9MXydHgx8IY=,tag:QptoxnuA+1XB4/0Zd9Yr3Q==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -17,8 +18,8 @@ sops:
|
||||||
NGlZbU8rcWJRbGE5OEFHdUNqZ2xUS2sK/r7qJHfTP0REcM2PYM95XT0onnCYXzam
|
NGlZbU8rcWJRbGE5OEFHdUNqZ2xUS2sK/r7qJHfTP0REcM2PYM95XT0onnCYXzam
|
||||||
20BgfynX3PJE2QVcgl8rr7ssuKxESi+tY/1VB0l8Tryxe6hr/p5IVg==
|
20BgfynX3PJE2QVcgl8rr7ssuKxESi+tY/1VB0l8Tryxe6hr/p5IVg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-05-24T14:31:20Z"
|
lastmodified: "2023-05-24T14:54:23Z"
|
||||||
mac: ENC[AES256_GCM,data:5nqafjSaGX6mU+V2BiKiM2hW3eGKBx8594epZM84N03xlOd0vyBQfGB7e0F4lvL0xyHyeJpqmTAiedPoqmHS/9bwe2y9CsmVdhhICEnLofHBkf2ckCZlPsyvWqvjokNVJ7zyz2xWDI+CnmPphTY0tMoJclzi5cLqnecB/hmizFY=,iv:40eNtolJgTIh06IVLNMbbr3ktbJuF8i5CBWy0JOkJxA=,tag:QCnMT8w7Ejdy1QssQnuolQ==,type:str]
|
mac: ENC[AES256_GCM,data:33ci4VTHMb9+So3BuITqB5CscTV/X+Ln18uE/NJX9w20FpxxcEVAUumtnXCdKwL2RKyN5217qyfe46eIg7eMV7tvTmg2uTjMqnjeqOrAqp++uUHCFgRccL8X6d7OVFJHDX4tXJBgmb4y6VZkoLyuYNswJut6JsI2jkhvYuTVtsM=,iv:ExpRJJMHK7dsq+ZG9kilQDDJpFtY2OTuk4fG5tLCPT4=,tag:Y6hNdvjNs5WxtH480jdZpw==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2023-04-12T15:47:07Z"
|
- created_at: "2023-04-12T15:47:07Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
|
|
|
@ -42,7 +42,7 @@ in
|
||||||
address = "rouven@rfive.de";
|
address = "rouven@rfive.de";
|
||||||
gpg.key = gpg-default-key;
|
gpg.key = gpg-default-key;
|
||||||
realName = "Rouven Seifert";
|
realName = "Rouven Seifert";
|
||||||
userName = "rouven";
|
userName = address;
|
||||||
passwordCommand = "${pkgs.coreutils}/bin/cat $XDG_RUNTIME_DIR/secrets/email/rfive";
|
passwordCommand = "${pkgs.coreutils}/bin/cat $XDG_RUNTIME_DIR/secrets/email/rfive";
|
||||||
imap = {
|
imap = {
|
||||||
host = "mail.rfive.de";
|
host = "mail.rfive.de";
|
||||||
|
|
Loading…
Reference in a new issue