From d337c6245171d31c3bf9353125d7915644cef736 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Wed, 24 May 2023 16:37:45 +0200 Subject: [PATCH] mailserver fixes --- hosts/falkenstein-1/default.nix | 10 +- hosts/falkenstein-1/modules/mail/default.nix | 11 +- hosts/falkenstein-1/modules/nginx/default.nix | 5 + secrets/falkenstein-1.yaml | 6 +- users/rouven/modules/accounts/default.nix | 120 +++++++++--------- 5 files changed, 84 insertions(+), 68 deletions(-) diff --git a/hosts/falkenstein-1/default.nix b/hosts/falkenstein-1/default.nix index 926ae62..7c6bf72 100644 --- a/hosts/falkenstein-1/default.nix +++ b/hosts/falkenstein-1/default.nix @@ -5,6 +5,7 @@ [ # Include the results of the hardware scan. ./hardware-configuration.nix + ./modules/mail ./modules/networks ./modules/nginx ./modules/purge @@ -38,10 +39,6 @@ htop-vim helix ]; - users.users.rouven = { - isNormalUser = true; - extraGroups = [ "wheel" ]; - }; programs.git = { enable = true; config = { @@ -52,7 +49,10 @@ services.qemuGuest.enable = true; # Enable the OpenSSH daemon. - services.openssh.enable = true; + services.openssh = { + enable = true; + passwordAuthentication = false; + }; users.users.root.openssh.authorizedKeys.keyFiles = [ #../../keys/ssh/rouven-thinkpad ../../keys/ssh/rouven-pixel diff --git a/hosts/falkenstein-1/modules/mail/default.nix b/hosts/falkenstein-1/modules/mail/default.nix index e0da054..f3e2a03 100644 --- a/hosts/falkenstein-1/modules/mail/default.nix +++ b/hosts/falkenstein-1/modules/mail/default.nix @@ -1,8 +1,17 @@ { ... }: { - mailserver = { + sops.secrets."mail/rouven".owner = config.users.users.postfix.name; + mailserver = rec { enable = true; fqdn = "mail.rfive.de"; domains = [ "rfive.de" ]; + loginAccounts = { + "rouven@rfive.de" = { + name = "Rouven Seifert"; + hashedPasswordFile = config.sops.secrets."mail/rouven".path; + + }; + }; + certificateScheme = 3; }; } diff --git a/hosts/falkenstein-1/modules/nginx/default.nix b/hosts/falkenstein-1/modules/nginx/default.nix index c5d4bbf..8dcd514 100644 --- a/hosts/falkenstein-1/modules/nginx/default.nix +++ b/hosts/falkenstein-1/modules/nginx/default.nix @@ -7,6 +7,11 @@ recommendedProxySettings = true; recommendedGzipSettings = true; recommendedOptimisation = true; + + virtualHosts."rfive.de" = { + enableACME = true; + forceSSL = true; + }; }; security.acme = { acceptTerms = true; diff --git a/secrets/falkenstein-1.yaml b/secrets/falkenstein-1.yaml index b1f768c..33f8b40 100644 --- a/secrets/falkenstein-1.yaml +++ b/secrets/falkenstein-1.yaml @@ -1,5 +1,7 @@ purge: environment: ENC[AES256_GCM,data:+QIP6MzKi0a6PJxNuQHOYBNW6rWEcoij1KCKwManSBUxEH3ftG5mZYMtd+OIdL5FPa29qxeHPbSU18MhAcAt9KNykKwjfEa1NqFloYrCF7VDUb7TbD//1TeW8/ni4LdcgimRHEGQhlDiymgZB/5kR1wdse4+9uafoLOZJb05cyN9OFWwEOM/LQHaJq0RLcmEIx7OEs0/jXU2boNcAX1tMpfxoiIj5U0P94K6pj5odeo8SYGB0yflYM0O0hSqGkdSG4GihfvTzg2i8w==,iv:VuzQcs6eQukZJ8dCSuL/1LYr6ir18nJVKcALx0Uzcss=,tag:cBPliz+7je0AhJwffSgHVg==,type:str] +mail: + rouven: ENC[AES256_GCM,data:aUUH36pDczOufIgDKWz3obcQOloKBpydZfXMUDHGrsJ3h8O0kZYFmq389L86PJ2YISTd7Jv8PfUYPdLi3e80UggKh7SdtP/bBw==,iv:XgZNmCR+XZhjMxV6H2mtepqt4YUADG+45m9P8jdLVNY=,tag:p2RNQ7uBNctJqm69kXxTug==,type:str] sops: kms: [] gcp_kms: [] @@ -15,8 +17,8 @@ sops: NGlZbU8rcWJRbGE5OEFHdUNqZ2xUS2sK/r7qJHfTP0REcM2PYM95XT0onnCYXzam 20BgfynX3PJE2QVcgl8rr7ssuKxESi+tY/1VB0l8Tryxe6hr/p5IVg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-04-12T15:47:08Z" - mac: ENC[AES256_GCM,data:PjfDBSXMzeCY+1I2iqMEOcCsYZ49x7j/xbfyUg/gm1B6iBfOZHLk6hBxR2y2ZTH60TMv21b6ymxa+HseXjtuVYkIfJlf0wz3R+xxEtGAIzuT9jhfoBj+0Xq4n53f5zZQBFlpYbsJjxD/e4ER9q+gEIlMKILN/AITe0xXDrCXvaY=,iv:mdX+1Echz6qW9ZtKBF79NEgPEcwkTEDU9W7OXGFasg4=,tag:c3nHdpZCxc2Nt1gd+zJ+Ww==,type:str] + lastmodified: "2023-05-24T14:31:20Z" + mac: ENC[AES256_GCM,data:5nqafjSaGX6mU+V2BiKiM2hW3eGKBx8594epZM84N03xlOd0vyBQfGB7e0F4lvL0xyHyeJpqmTAiedPoqmHS/9bwe2y9CsmVdhhICEnLofHBkf2ckCZlPsyvWqvjokNVJ7zyz2xWDI+CnmPphTY0tMoJclzi5cLqnecB/hmizFY=,iv:40eNtolJgTIh06IVLNMbbr3ktbJuF8i5CBWy0JOkJxA=,tag:QCnMT8w7Ejdy1QssQnuolQ==,type:str] pgp: - created_at: "2023-04-12T15:47:07Z" enc: |- diff --git a/users/rouven/modules/accounts/default.nix b/users/rouven/modules/accounts/default.nix index 226745f..789f1b1 100644 --- a/users/rouven/modules/accounts/default.nix +++ b/users/rouven/modules/accounts/default.nix @@ -38,66 +38,66 @@ in msmtp.enable = true; }; accounts.email.accounts = { - # "rouven@rfive.de" = rec { - # address = "rouven@rfive.de"; - # gpg.key = gpg-default-key; - # realName = "Rouven Seifert"; - # userName = address; - # passwordCommand = "${pkgs.coreutils}/bin/cat $XDG_RUNTIME_DIR/secrets/email/rfive"; - # imap = { - # host = "pro1.mail.ovh.net"; - # port = 993; - # }; - # smtp = { - # host = "pro1.mail.ovh.net"; - # port = 587; - # tls.useStartTls = true; - # }; - # msmtp.enable = true; - # mbsync = { - # enable = true; - # create = "maildir"; - # expunge = "both"; - # groups.rfive = { - # channels.inbox = { - # nearPattern = "INBOX"; - # farPattern = "INBOX"; - # extraConfig.Create = "near"; - # }; - # channels.trash = { - # nearPattern = "Trash"; - # farPattern = "Gel&APY-schte Elemente"; - # extraConfig.Create = "near"; - # }; - # channels.sent = { - # nearPattern = "Sent"; - # farPattern = "Gesendete Elemente"; - # extraConfig.Create = "near"; - # }; - # channels.junk = { - # nearPattern = "Junk"; - # farPattern = "Junk-E-Mail"; - # extraConfig.Create = "near"; - # }; - # channels.drafts = { - # nearPattern = "Drafts"; - # farPattern = "Entw&APw-rfe"; - # extraConfig.Create = "near"; - # }; - # }; - # extraConfig = { - # account = { - # AuthMechs = "Login"; - # }; - # }; - # }; - # neomutt = let c = mbsync.groups.rfive.channels; in - # { - # enable = true; - # mailboxName = " 󰒋 rfive.de"; - # extraMailboxes = lib.lists.forEach [ c.sent c.trash c.junk c.drafts ] (x: x.nearPattern); - # }; - # }; + "rouven@rfive.de" = rec { + address = "rouven@rfive.de"; + gpg.key = gpg-default-key; + realName = "Rouven Seifert"; + userName = "rouven"; + passwordCommand = "${pkgs.coreutils}/bin/cat $XDG_RUNTIME_DIR/secrets/email/rfive"; + imap = { + host = "mail.rfive.de"; + port = 993; + }; + smtp = { + host = "mail.rfive.de"; + port = 587; + tls.useStartTls = true; + }; + msmtp.enable = true; + mbsync = { + enable = true; + create = "maildir"; + expunge = "both"; + groups.rfive = { + channels.inbox = { + nearPattern = "INBOX"; + farPattern = "INBOX"; + extraConfig.Create = "near"; + }; + channels.trash = { + nearPattern = "Trash"; + farPattern = "Trash"; + extraConfig.Create = "near"; + }; + channels.sent = { + nearPattern = "Sent"; + farPattern = "Sent"; + extraConfig.Create = "near"; + }; + channels.junk = { + nearPattern = "Junk"; + farPattern = "Junk"; + extraConfig.Create = "near"; + }; + channels.drafts = { + nearPattern = "Drafts"; + farPattern = "Drafts"; + extraConfig.Create = "near"; + }; + }; + extraConfig = { + account = { + AuthMechs = "Login"; + }; + }; + }; + neomutt = let c = mbsync.groups.rfive.channels; in + { + enable = true; + mailboxName = " 󰒋 rfive.de"; + extraMailboxes = lib.lists.forEach [ c.sent c.trash c.junk c.drafts ] (x: x.nearPattern); + }; + }; "TU-Dresden" = rec { address = "rouven.seifert@mailbox.tu-dresden.de"; gpg.key = gpg-default-key;