rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2024-11-15 05:13:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

enable rspamd

Browse source
This commit is contained in:
Rouven Seifert 2023-05-24 17:08:44 +02:00
parent ff990ac5ba
commit d031f5e5b3
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
4 changed files with 16 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hosts/falkenstein-1/default.nix
View file

@ -51,7 +51,7 @@
# Enable the OpenSSH daemon. # Enable the OpenSSH daemon.
services.openssh = { services.openssh = {
enable = true; enable = true;
passwordAuthentication = false; settings.PasswordAuthentication = false;
}; };
users.users.root.openssh.authorizedKeys.keyFiles = [ users.users.root.openssh.authorizedKeys.keyFiles = [
#../../keys/ssh/rouven-thinkpad #../../keys/ssh/rouven-thinkpad

11
hosts/falkenstein-1/modules/mail/default.nix
View file

@ -1,6 +1,7 @@
{ config, ... }: { config, ... }:
{ {
sops.secrets."mail/rouven".owner = config.users.users.postfix.name; sops.secrets."mail/rouven".owner = config.users.users.postfix.name;
sops.secrets."rspamd".owner = config.users.users.rspamd.name;
mailserver = rec { mailserver = rec {
enable = true; enable = true;
fqdn = "mail.rfive.de"; fqdn = "mail.rfive.de";
@ -14,4 +15,14 @@
}; };
certificateScheme = 3; certificateScheme = 3;
}; };
services.rspamd.locals."worker-controller.inc".source = config.sops.secrets."rspamd".path;
services.nginx.virtualHosts."rspamd.rfive.de" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://unix:/run/rspamd/worker-controller.sock:/";
};
};
};
} }

5
secrets/falkenstein-1.yaml
View file

@ -2,6 +2,7 @@ purge:
environment: ENC[AES256_GCM,data:+QIP6MzKi0a6PJxNuQHOYBNW6rWEcoij1KCKwManSBUxEH3ftG5mZYMtd+OIdL5FPa29qxeHPbSU18MhAcAt9KNykKwjfEa1NqFloYrCF7VDUb7TbD//1TeW8/ni4LdcgimRHEGQhlDiymgZB/5kR1wdse4+9uafoLOZJb05cyN9OFWwEOM/LQHaJq0RLcmEIx7OEs0/jXU2boNcAX1tMpfxoiIj5U0P94K6pj5odeo8SYGB0yflYM0O0hSqGkdSG4GihfvTzg2i8w==,iv:VuzQcs6eQukZJ8dCSuL/1LYr6ir18nJVKcALx0Uzcss=,tag:cBPliz+7je0AhJwffSgHVg==,type:str] environment: ENC[AES256_GCM,data:+QIP6MzKi0a6PJxNuQHOYBNW6rWEcoij1KCKwManSBUxEH3ftG5mZYMtd+OIdL5FPa29qxeHPbSU18MhAcAt9KNykKwjfEa1NqFloYrCF7VDUb7TbD//1TeW8/ni4LdcgimRHEGQhlDiymgZB/5kR1wdse4+9uafoLOZJb05cyN9OFWwEOM/LQHaJq0RLcmEIx7OEs0/jXU2boNcAX1tMpfxoiIj5U0P94K6pj5odeo8SYGB0yflYM0O0hSqGkdSG4GihfvTzg2i8w==,iv:VuzQcs6eQukZJ8dCSuL/1LYr6ir18nJVKcALx0Uzcss=,tag:cBPliz+7je0AhJwffSgHVg==,type:str]
mail: mail:
rouven: ENC[AES256_GCM,data:aUUH36pDczOufIgDKWz3obcQOloKBpydZfXMUDHGrsJ3h8O0kZYFmq389L86PJ2YISTd7Jv8PfUYPdLi3e80UggKh7SdtP/bBw==,iv:XgZNmCR+XZhjMxV6H2mtepqt4YUADG+45m9P8jdLVNY=,tag:p2RNQ7uBNctJqm69kXxTug==,type:str] rouven: ENC[AES256_GCM,data:aUUH36pDczOufIgDKWz3obcQOloKBpydZfXMUDHGrsJ3h8O0kZYFmq389L86PJ2YISTd7Jv8PfUYPdLi3e80UggKh7SdtP/bBw==,iv:XgZNmCR+XZhjMxV6H2mtepqt4YUADG+45m9P8jdLVNY=,tag:p2RNQ7uBNctJqm69kXxTug==,type:str]
rspamd: ENC[AES256_GCM,data:Q4V/0aPl9K+ba3aKAZH5Q0lnixIAQBMgPTmMfDP1ZnYAObVc,iv:NBlFpAVBw8az1qEQd+vDmzUHGPMQYuok9MXydHgx8IY=,tag:QptoxnuA+1XB4/0Zd9Yr3Q==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -17,8 +18,8 @@ sops:
NGlZbU8rcWJRbGE5OEFHdUNqZ2xUS2sK/r7qJHfTP0REcM2PYM95XT0onnCYXzam NGlZbU8rcWJRbGE5OEFHdUNqZ2xUS2sK/r7qJHfTP0REcM2PYM95XT0onnCYXzam
20BgfynX3PJE2QVcgl8rr7ssuKxESi+tY/1VB0l8Tryxe6hr/p5IVg== 20BgfynX3PJE2QVcgl8rr7ssuKxESi+tY/1VB0l8Tryxe6hr/p5IVg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-05-24T14:31:20Z" lastmodified: "2023-05-24T14:54:23Z"
mac: ENC[AES256_GCM,data:5nqafjSaGX6mU+V2BiKiM2hW3eGKBx8594epZM84N03xlOd0vyBQfGB7e0F4lvL0xyHyeJpqmTAiedPoqmHS/9bwe2y9CsmVdhhICEnLofHBkf2ckCZlPsyvWqvjokNVJ7zyz2xWDI+CnmPphTY0tMoJclzi5cLqnecB/hmizFY=,iv:40eNtolJgTIh06IVLNMbbr3ktbJuF8i5CBWy0JOkJxA=,tag:QCnMT8w7Ejdy1QssQnuolQ==,type:str] mac: ENC[AES256_GCM,data:33ci4VTHMb9+So3BuITqB5CscTV/X+Ln18uE/NJX9w20FpxxcEVAUumtnXCdKwL2RKyN5217qyfe46eIg7eMV7tvTmg2uTjMqnjeqOrAqp++uUHCFgRccL8X6d7OVFJHDX4tXJBgmb4y6VZkoLyuYNswJut6JsI2jkhvYuTVtsM=,iv:ExpRJJMHK7dsq+ZG9kilQDDJpFtY2OTuk4fG5tLCPT4=,tag:Y6hNdvjNs5WxtH480jdZpw==,type:str]
pgp: pgp:
- created_at: "2023-04-12T15:47:07Z" - created_at: "2023-04-12T15:47:07Z"
enc: |- enc: |-

2
users/rouven/modules/accounts/default.nix
View file

@ -42,7 +42,7 @@ in
address = "rouven@rfive.de"; address = "rouven@rfive.de";
gpg.key = gpg-default-key; gpg.key = gpg-default-key;
realName = "Rouven Seifert"; realName = "Rouven Seifert";
userName = "rouven"; userName = address;
passwordCommand = "${pkgs.coreutils}/bin/cat $XDG_RUNTIME_DIR/secrets/email/rfive"; passwordCommand = "${pkgs.coreutils}/bin/cat $XDG_RUNTIME_DIR/secrets/email/rfive";
imap = { imap = {
host = "mail.rfive.de"; host = "mail.rfive.de";