mailserver fixes

2024-11-15 05:13:10 +01:00 · 2023-05-24 16:37:45 +02:00 · 2023-05-24 16:37:45 +02:00 · d337c62451
parent 6972c8d5dd
commit d337c62451
5 changed files with 84 additions and 68 deletions
--- a/hosts/falkenstein-1/default.nix
+++ b/hosts/falkenstein-1/default.nix
@ -5,6 +5,7 @@
    [
      # Include the results of the hardware scan.
      ./hardware-configuration.nix
+      ./modules/mail
      ./modules/networks
      ./modules/nginx
      ./modules/purge
@ -38,10 +39,6 @@
    htop-vim
    helix
  ];
-  users.users.rouven = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" ];
-  };
  programs.git = {
    enable = true;
    config = {
@ -52,7 +49,10 @@
  services.qemuGuest.enable = true;

  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
+  services.openssh = {
+    enable = true;
+    passwordAuthentication = false;
+  };
  users.users.root.openssh.authorizedKeys.keyFiles = [
    #../../keys/ssh/rouven-thinkpad
    ../../keys/ssh/rouven-pixel
--- a/hosts/falkenstein-1/modules/mail/default.nix
+++ b/hosts/falkenstein-1/modules/mail/default.nix
@ -1,8 +1,17 @@
 { ... }:
 {
-  mailserver = {
+  sops.secrets."mail/rouven".owner = config.users.users.postfix.name;
+  mailserver = rec {
    enable = true;
    fqdn = "mail.rfive.de";
    domains = [ "rfive.de" ];
+    loginAccounts = {
+      "rouven@rfive.de" = {
+        name = "Rouven Seifert";
+        hashedPasswordFile = config.sops.secrets."mail/rouven".path;
+
+      };
+    };
+    certificateScheme = 3;
  };
 }
--- a/hosts/falkenstein-1/modules/nginx/default.nix
+++ b/hosts/falkenstein-1/modules/nginx/default.nix
@ -7,6 +7,11 @@
    recommendedProxySettings = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
+    
+    virtualHosts."rfive.de" = {
+      enableACME = true;
+      forceSSL = true;
+    };
  };
  security.acme = {
    acceptTerms = true;
--- a/secrets/falkenstein-1.yaml
+++ b/secrets/falkenstein-1.yaml
@ -1,5 +1,7 @@
 purge:
    environment: ENC[AES256_GCM,data:+QIP6MzKi0a6PJxNuQHOYBNW6rWEcoij1KCKwManSBUxEH3ftG5mZYMtd+OIdL5FPa29qxeHPbSU18MhAcAt9KNykKwjfEa1NqFloYrCF7VDUb7TbD//1TeW8/ni4LdcgimRHEGQhlDiymgZB/5kR1wdse4+9uafoLOZJb05cyN9OFWwEOM/LQHaJq0RLcmEIx7OEs0/jXU2boNcAX1tMpfxoiIj5U0P94K6pj5odeo8SYGB0yflYM0O0hSqGkdSG4GihfvTzg2i8w==,iv:VuzQcs6eQukZJ8dCSuL/1LYr6ir18nJVKcALx0Uzcss=,tag:cBPliz+7je0AhJwffSgHVg==,type:str]
+mail:
+    rouven: ENC[AES256_GCM,data:aUUH36pDczOufIgDKWz3obcQOloKBpydZfXMUDHGrsJ3h8O0kZYFmq389L86PJ2YISTd7Jv8PfUYPdLi3e80UggKh7SdtP/bBw==,iv:XgZNmCR+XZhjMxV6H2mtepqt4YUADG+45m9P8jdLVNY=,tag:p2RNQ7uBNctJqm69kXxTug==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -15,8 +17,8 @@ sops:
            NGlZbU8rcWJRbGE5OEFHdUNqZ2xUS2sK/r7qJHfTP0REcM2PYM95XT0onnCYXzam
            20BgfynX3PJE2QVcgl8rr7ssuKxESi+tY/1VB0l8Tryxe6hr/p5IVg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-04-12T15:47:08Z"
-    mac: ENC[AES256_GCM,data:PjfDBSXMzeCY+1I2iqMEOcCsYZ49x7j/xbfyUg/gm1B6iBfOZHLk6hBxR2y2ZTH60TMv21b6ymxa+HseXjtuVYkIfJlf0wz3R+xxEtGAIzuT9jhfoBj+0Xq4n53f5zZQBFlpYbsJjxD/e4ER9q+gEIlMKILN/AITe0xXDrCXvaY=,iv:mdX+1Echz6qW9ZtKBF79NEgPEcwkTEDU9W7OXGFasg4=,tag:c3nHdpZCxc2Nt1gd+zJ+Ww==,type:str]
+    lastmodified: "2023-05-24T14:31:20Z"
+    mac: ENC[AES256_GCM,data:5nqafjSaGX6mU+V2BiKiM2hW3eGKBx8594epZM84N03xlOd0vyBQfGB7e0F4lvL0xyHyeJpqmTAiedPoqmHS/9bwe2y9CsmVdhhICEnLofHBkf2ckCZlPsyvWqvjokNVJ7zyz2xWDI+CnmPphTY0tMoJclzi5cLqnecB/hmizFY=,iv:40eNtolJgTIh06IVLNMbbr3ktbJuF8i5CBWy0JOkJxA=,tag:QCnMT8w7Ejdy1QssQnuolQ==,type:str]
    pgp:
        - created_at: "2023-04-12T15:47:07Z"
          enc: |-
--- a/users/rouven/modules/accounts/default.nix
+++ b/users/rouven/modules/accounts/default.nix
@ -38,66 +38,66 @@ in
    msmtp.enable = true;
  };
  accounts.email.accounts = {
-    # "rouven@rfive.de" = rec {
-    #   address = "rouven@rfive.de";
-    #   gpg.key = gpg-default-key;
-    #   realName = "Rouven Seifert";
-    #   userName = address;
-    #   passwordCommand = "${pkgs.coreutils}/bin/cat $XDG_RUNTIME_DIR/secrets/email/rfive";
-    #   imap = {
-    #     host = "pro1.mail.ovh.net";
-    #     port = 993;
-    #   };
-    #   smtp = {
-    #     host = "pro1.mail.ovh.net";
-    #     port = 587;
-    #     tls.useStartTls = true;
-    #   };
-    #   msmtp.enable = true;
-    #   mbsync = {
-    #     enable = true;
-    #     create = "maildir";
-    #     expunge = "both";
-    #     groups.rfive = {
-    #       channels.inbox = {
-    #         nearPattern = "INBOX";
-    #         farPattern = "INBOX";
-    #         extraConfig.Create = "near";
-    #       };
-    #       channels.trash = {
-    #         nearPattern = "Trash";
-    #         farPattern = "Gel&APY-schte Elemente";
-    #         extraConfig.Create = "near";
-    #       };
-    #       channels.sent = {
-    #         nearPattern = "Sent";
-    #         farPattern = "Gesendete Elemente";
-    #         extraConfig.Create = "near";
-    #       };
-    #       channels.junk = {
-    #         nearPattern = "Junk";
-    #         farPattern = "Junk-E-Mail";
-    #         extraConfig.Create = "near";
-    #       };
-    #       channels.drafts = {
-    #         nearPattern = "Drafts";
-    #         farPattern = "Entw&APw-rfe";
-    #         extraConfig.Create = "near";
-    #       };
-    #     };
-    #     extraConfig = {
-    #       account = {
-    #         AuthMechs = "Login";
-    #       };
-    #     };
-    #   };
-    #   neomutt = let c = mbsync.groups.rfive.channels; in
-    #     {
-    #       enable = true;
-    #       mailboxName = " 󰒋 rfive.de";
-    #       extraMailboxes = lib.lists.forEach [ c.sent c.trash c.junk c.drafts ] (x: x.nearPattern);
-    #     };
-    # };
+    "rouven@rfive.de" = rec {
+      address = "rouven@rfive.de";
+      gpg.key = gpg-default-key;
+      realName = "Rouven Seifert";
+      userName = "rouven";
+      passwordCommand = "${pkgs.coreutils}/bin/cat $XDG_RUNTIME_DIR/secrets/email/rfive";
+      imap = {
+        host = "mail.rfive.de";
+        port = 993;
+      };
+      smtp = {
+        host = "mail.rfive.de";
+        port = 587;
+        tls.useStartTls = true;
+      };
+      msmtp.enable = true;
+      mbsync = {
+        enable = true;
+        create = "maildir";
+        expunge = "both";
+        groups.rfive = {
+          channels.inbox = {
+            nearPattern = "INBOX";
+            farPattern = "INBOX";
+            extraConfig.Create = "near";
+          };
+          channels.trash = {
+            nearPattern = "Trash";
+            farPattern = "Trash";
+            extraConfig.Create = "near";
+          };
+          channels.sent = {
+            nearPattern = "Sent";
+            farPattern = "Sent";
+            extraConfig.Create = "near";
+          };
+          channels.junk = {
+            nearPattern = "Junk";
+            farPattern = "Junk";
+            extraConfig.Create = "near";
+          };
+          channels.drafts = {
+            nearPattern = "Drafts";
+            farPattern = "Drafts";
+            extraConfig.Create = "near";
+          };
+        };
+        extraConfig = {
+          account = {
+            AuthMechs = "Login";
+          };
+        };
+      };
+      neomutt = let c = mbsync.groups.rfive.channels; in
+        {
+          enable = true;
+          mailboxName = " 󰒋 rfive.de";
+          extraMailboxes = lib.lists.forEach [ c.sent c.trash c.junk c.drafts ] (x: x.nearPattern);
+        };
+    };
    "TU-Dresden" = rec {
      address = "rouven.seifert@mailbox.tu-dresden.de";
      gpg.key = gpg-default-key;