From 21da78256ca24e0f565a00483be46fc2d16f104f Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Mon, 20 May 2024 12:19:05 +0200 Subject: [PATCH 1/4] nuc: configure authentik --- flake.lock | 261 +++++++++++++++++++++++- flake.nix | 7 + hosts/nuc/default.nix | 3 +- hosts/nuc/modules/authentik/default.nix | 18 ++ hosts/thinkpad/modules/networks/uni.nix | 2 +- secrets.nix | 1 + secrets/nuc/authentik.age | 7 + 7 files changed, 287 insertions(+), 12 deletions(-) create mode 100644 hosts/nuc/modules/authentik/default.nix create mode 100644 secrets/nuc/authentik.age diff --git a/flake.lock b/flake.lock index 1ab41db..e4b8d04 100644 --- a/flake.lock +++ b/flake.lock @@ -25,6 +25,50 @@ "type": "github" } }, + "authentik": { + "inputs": { + "authentik-src": "authentik-src", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "flake-utils": "flake-utils", + "napalm": "napalm", + "nixpkgs": [ + "nixpkgs" + ], + "poetry2nix": "poetry2nix" + }, + "locked": { + "lastModified": 1715166702, + "narHash": "sha256-PJxwZoT1JWxMaKRdTLMHN55mdYlhZn2L5VpvyevKkug=", + "owner": "nix-community", + "repo": "authentik-nix", + "rev": "84c3ce6fe7c174ed1a53cbc5e36cf6a70f4dcc1b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "node-22", + "repo": "authentik-nix", + "type": "github" + } + }, + "authentik-src": { + "flake": false, + "locked": { + "lastModified": 1715092773, + "narHash": "sha256-B+ZLD1D/UQty1urQ0qDFo67vjsk/jtssjqIQOY0Oxq4=", + "owner": "goauthentik", + "repo": "authentik", + "rev": "1f5953b5b7e72c085246e8f19b94482dac946d83", + "type": "github" + }, + "original": { + "owner": "goauthentik", + "ref": "version/2024.4.2", + "repo": "authentik", + "type": "github" + } + }, "base16-schemes": { "flake": false, "locked": { @@ -98,7 +142,7 @@ }, "dns": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ] @@ -118,6 +162,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1673956053, @@ -134,6 +194,24 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1712014858, + "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "lanzaboote", @@ -155,6 +233,24 @@ } }, "flake-utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "locked": { "lastModified": 1614513358, "narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=", @@ -169,9 +265,9 @@ "type": "github" } }, - "flake-utils_2": { + "flake-utils_3": { "inputs": { - "systems": "systems_2" + "systems": "systems_4" }, "locked": { "lastModified": 1681202837, @@ -216,11 +312,11 @@ ] }, "locked": { - "lastModified": 1715486357, - "narHash": "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4=", + "lastModified": 1715930644, + "narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=", "owner": "nix-community", "repo": "home-manager", - "rev": "44677a1c96810a8e8c4ffaeaad10c842402647c1", + "rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d", "type": "github" }, "original": { @@ -267,9 +363,9 @@ "lanzaboote": { "inputs": { "crane": "crane", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", - "flake-utils": "flake-utils_2", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ], @@ -291,10 +387,35 @@ "type": "github" } }, + "napalm": { + "inputs": { + "flake-utils": [ + "authentik", + "flake-utils" + ], + "nixpkgs": [ + "authentik", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703102458, + "narHash": "sha256-3pOV731qi34Q2G8e2SqjUXqnftuFrbcq+NdagEZXISo=", + "owner": "nix-community", + "repo": "napalm", + "rev": "edcb26c266ca37c9521f6a97f33234633cbec186", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "napalm", + "type": "github" + } + }, "nix-colors": { "inputs": { "base16-schemes": "base16-schemes", - "nixpkgs-lib": "nixpkgs-lib" + "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { "lastModified": 1707825078, @@ -310,6 +431,28 @@ "type": "github" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "authentik", + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703863825, + "narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "5163432afc817cf8bd1f031418d1869e4c9d5547", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nix-index-database": { "inputs": { "nixpkgs": [ @@ -346,6 +489,24 @@ } }, "nixpkgs-lib": { + "locked": { + "dir": "lib", + "lastModified": 1711703276, + "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib_2": { "locked": { "lastModified": 1697935651, "narHash": "sha256-qOfWjQ2JQSQL15KLh6D7xQhx0qgZlYZTYlcEiRuAMMw=", @@ -412,6 +573,34 @@ "type": "sourcehut" } }, + "poetry2nix": { + "inputs": { + "flake-utils": [ + "authentik", + "flake-utils" + ], + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "authentik", + "nixpkgs" + ], + "systems": "systems_3", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1715017507, + "narHash": "sha256-RN2Vsba56PfX02DunWcZYkMLsipp928h+LVAWMYmbZg=", + "owner": "nix-community", + "repo": "poetry2nix", + "rev": "e6b36523407ae6a7a4dfe29770c30b3a3563b43a", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "poetry2nix", + "type": "github" + } + }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ @@ -466,6 +655,7 @@ "root": { "inputs": { "agenix": "agenix", + "authentik": "authentik", "dns": "dns", "home-manager": "home-manager", "impermanence": "impermanence", @@ -534,6 +724,57 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "id": "systems", + "type": "indirect" + } + }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "authentik", + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1714058656, + "narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "trucksimulatorbot": { "inputs": { "images": "images", diff --git a/flake.nix b/flake.nix index 22d4107..833a3e0 100644 --- a/flake.nix +++ b/flake.nix @@ -28,6 +28,11 @@ }; nix-colors.url = "github:Misterio77/nix-colors"; + authentik = { + # branch to fix https://github.com/nix-community/authentik-nix/issues/24 + url = "github:nix-community/authentik-nix/node-22"; + inputs.nixpkgs.follows = "nixpkgs"; + }; purge = { url = "sourcehut:~rouven/purge"; @@ -56,6 +61,7 @@ , dns , nix-index-database , agenix + , authentik , impermanence , nix-colors , lanzaboote @@ -112,6 +118,7 @@ nix-index-database.nixosModules.nix-index impermanence.nixosModules.impermanence agenix.nixosModules.default + authentik.nixosModules.default ./hosts/nuc ./shared { diff --git a/hosts/nuc/default.nix b/hosts/nuc/default.nix index fca901e..c6f8ffc 100644 --- a/hosts/nuc/default.nix +++ b/hosts/nuc/default.nix @@ -4,10 +4,11 @@ [ # Include the results of the hardware scan. ./hardware-configuration.nix + ./modules/authentik ./modules/networks ./modules/adguard ./modules/backup - ./modules/keycloak + # ./modules/keycloak ./modules/jellyfin ./modules/cache ./modules/matrix diff --git a/hosts/nuc/modules/authentik/default.nix b/hosts/nuc/modules/authentik/default.nix new file mode 100644 index 0000000..6001fb9 --- /dev/null +++ b/hosts/nuc/modules/authentik/default.nix @@ -0,0 +1,18 @@ +{ config, ... }: +let + domain = "auth.${config.networking.domain}"; +in +{ + age.secrets.authentik = { + file = ../../../../secrets/nuc/authentik.age; + }; + services.authentik = { + enable = true; + environmentFile = config.age.secrets.authentik.path; + nginx = { + enable = true; + enableACME = true; + host = domain; + }; + }; +} diff --git a/hosts/thinkpad/modules/networks/uni.nix b/hosts/thinkpad/modules/networks/uni.nix index 8fe1cbd..a832e5d 100644 --- a/hosts/thinkpad/modules/networks/uni.nix +++ b/hosts/thinkpad/modules/networks/uni.nix @@ -23,7 +23,7 @@ identity="rose159e@tu-dresden.de" password="@EDUROAM_AUTH@" phase2="auth=PAP" - bssid_ignore=7c:5a:1c:02:3d:ef 82:5a:1c:02:3d:ef + bssid_ignore=7c:5a:1c:02:3d:ef 82:5a:1c:02:3d:ef 82:5a:1c:02:3d:db ''; extraConfig = '' scan_ssid=1 diff --git a/secrets.nix b/secrets.nix index 3c5a63c..e255c53 100644 --- a/secrets.nix +++ b/secrets.nix @@ -22,6 +22,7 @@ in "secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ]; "secrets/nuc/mullvad.age".publicKeys = [ rouven nuc ]; "secrets/nuc/keycloak/db.age".publicKeys = [ rouven nuc ]; + "secrets/nuc/authentik.age".publicKeys = [ rouven nuc ]; "secrets/nuc/cache.age".publicKeys = [ rouven nuc ]; "secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ]; "secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ]; diff --git a/secrets/nuc/authentik.age b/secrets/nuc/authentik.age new file mode 100644 index 0000000..64c4510 --- /dev/null +++ b/secrets/nuc/authentik.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 uWbAHQ Ugn0lJVRoXJXjny2pI00ucIUmUpAySNhOr2hELEjDDE +1yYbV4zXfF/+XxumG/Nolrjzt8Mha8z2hjqhDpeTYR8 +-> ssh-ed25519 2TRdXg Ojx2JribTuqz8xz/ji6JQ++IFHUfkMnCOggv9/iaYFQ +RDrII1dvf3xpHMxbQupUMoQF23bS19oEeG1IGtC8VqE +--- wt+26KqMhqizDdV2YxvJ81GbFd8eM+92RgUA6V4nQXU ++(E@=v5z&R͊%ҕ+(T:7˭rBQDڞBbz1_+\aIE@!-! \ No newline at end of file From 98c489102399c0c1d46a34737e06b0b87ca0bf41 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Mon, 20 May 2024 12:20:28 +0200 Subject: [PATCH 2/4] seafile: configure authentik --- hosts/nuc/modules/seafile/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hosts/nuc/modules/seafile/default.nix b/hosts/nuc/modules/seafile/default.nix index 44833ba..6653c0c 100644 --- a/hosts/nuc/modules/seafile/default.nix +++ b/hosts/nuc/modules/seafile/default.nix @@ -20,9 +20,9 @@ in OAUTH_REDIRECT_URL = 'https://seafile.rfive.de/oauth/callback/' OAUTH_PROVIDER_DOMAIN = 'seafile.rfive.de' - OAUTH_AUTHORIZATION_URL = 'https://auth.rfive.de/realms/master/protocol/openid-connect/auth' - OAUTH_TOKEN_URL = 'https://auth.rfive.de/realms/master/protocol/openid-connect/token' - OAUTH_USER_INFO_URL = 'https://auth.rfive.de/realms/master/protocol/openid-connect/userinfo' + OAUTH_AUTHORIZATION_URL = 'https://auth.rfive.de/application/o/authorize/' + OAUTH_TOKEN_URL = 'https://auth.rfive.de/application/o/token/' + OAUTH_USER_INFO_URL = 'https://auth.rfive.de/application/o/userinfo/' OAUTH_SCOPE = [ "openid", "profile", "email"] OAUTH_ATTRIBUTE_MAP = { "id": (False, "not used"), From f1faf050b7b82f5ce7d476d3ba9a30300635d36b Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Mon, 20 May 2024 12:25:02 +0200 Subject: [PATCH 3/4] secrets: fix authentik --- secrets/nuc/authentik.age | 12 ++++++------ secrets/thinkpad/wireless.age | Bin 763 -> 659 bytes 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/secrets/nuc/authentik.age b/secrets/nuc/authentik.age index 64c4510..4eb5460 100644 --- a/secrets/nuc/authentik.age +++ b/secrets/nuc/authentik.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 uWbAHQ Ugn0lJVRoXJXjny2pI00ucIUmUpAySNhOr2hELEjDDE -1yYbV4zXfF/+XxumG/Nolrjzt8Mha8z2hjqhDpeTYR8 --> ssh-ed25519 2TRdXg Ojx2JribTuqz8xz/ji6JQ++IFHUfkMnCOggv9/iaYFQ -RDrII1dvf3xpHMxbQupUMoQF23bS19oEeG1IGtC8VqE ---- wt+26KqMhqizDdV2YxvJ81GbFd8eM+92RgUA6V4nQXU -+(E@=v5z&R͊%ҕ+(T:7˭rBQDڞBbz1_+\aIE@!-! \ No newline at end of file +-> ssh-ed25519 uWbAHQ P8lLfyQJTLD48yjbIo4r2f9nDxhyYEwdyKtI8YV6Pmo +tBUvWgD29fC/fTmNkhxmCEMUpNtToLprkjcO1r5ZKvo +-> ssh-ed25519 2TRdXg vF2wlEgZccEAiCsGo3Ui1WhvqBba9n+ahObUlJjip00 +2jnqkxGTajSAYXzuRKXNEhEzCLqZFjbKNmzFlgwMZxk +--- Di6ktfCRqwE0fYflVF6xGQOnKbNZdaUr8fhWNE0qvBM +C AU+gƚAޡb胉cratC/ll"7 {\=X#o{)ѭWl{ \ No newline at end of file diff --git a/secrets/thinkpad/wireless.age b/secrets/thinkpad/wireless.age index be8b4dcab8732f9a28d19092763fb9d49595806e..555fe8408563580310301f3d550879a23a0fa11a 100644 GIT binary patch delta 626 zcmV-&0*(Fq1(OAkEPqB(QF1wXOH5@!P-RADNJd6NQDSvLQ+R1KD`ILdL~(CgPH|Ri zcq>&$GzxWfXg5PJLRU6*Gf+ZRZD(yoZfG`jS~NFnZ7^~xNh@tqZ*^08Zf-L;X9_Jo zAaiqQEoEdfH8n9gAVpSsbU9HVMQcrJSb9`WPHjs^b1`N^HGgDDRZ%u|MP+JvYDQ^i zFGEFWVQ)58O?h~43T$F+HhDr=N;pwsF-~!7PB~^oba8lER9Q4yPb*|ZSV(PWQZZ{Z zVp(Ws3N0-yAU0`IVRkE6D``k+F=b&yM>$6;S!{1@FKIJnbV5gPIchgAYE3nGG)Y=P z3Y1~y&&xtOk$?a5V2>rSwrDGQUWNuIPFJh8fPaQj^43{xvo-rAa}!l1bi&sl#z3aF zt@I`<^z5wEco8$Zd?s=_W^T#|2W-18Y}z{u!91oU!F*`L?T91+-`+pJTB>FxNCBX2 zQ>z(bCsIpR$lm*iB?5P$Ew%% z=xcXG4ooeKI!zeNX;iuD*2OKQb@whYk8)1>2!O6{6Ca0ZQDEwym|Vq}dVav>pnX}) z&t&8};DC}XmEH6Gynhq delta 731 zcmV<10wn#D1^We%EPqXUPB1}mcywb|VOKR+OLli=RB&cVLUC7TId5k{T3BOPQf+21 zT6#EbMG8S{dRj?OIcRN4NGnKEdT(k&Sx06=Yjsw4Ml@GOXH{n_cSKl2V?t{yK?*HC zAaiqQEoEdfH8n9gAVpSsbU9HVW@BM$H!)*SYcVryc1%@hRex%0H#ap=G(t~IIAnNG zG-+~pOj0*=bvQv|3N}bNVoXnJHDpFKVOB|KYE5cmG)-c8M|x26RrW@AiH zHY+tW3N1b$UM**GWnpt=AZ#F2VM|;fD?V^0C3zr5bA2l;DO3tZHB4G!a8g<{c0xo= zQ+GscIb?cjHh*Y!SxP}lQD;F*YHfKmOm=E$Vr5B5FlcKqOj&hVP)lS&Q$kEIY)oQ7 z3O8ppY-2+&V|rD2GiWt3NNa6%Zg@{CR!K`iYYHtbEg)1cN=P&}GH7{sNJMK{S1WB# zZFE;rYj`$nZb(&VGiX>sdRI<#R%J#pRSLm4*e^DM&3~9g7lQaBY?+e(T||-G!Y+Wl z_GVIlS1K~i3QR|L$sf`^@W!+lh*Sn9o%u%@EOi+qZOiyLr*RIjb9HhiD+Iu;@%^s+ zkh{>0)`H6aUF*Dk1Z)?Qna<(jPP;me01I3jA~bd2^Y$(kkP?2|VBOpUH=f2l${@6c zE^MyiM1O2=@C@;cg^=GK#T1+zTVc!Incq;O_+%DJ&ld z(TK{_7}NA|KKI`&iz^e1jbbQzhx02_PzrcTfM?nz2=Nj-rE$=h7_vA09-ywIBYW_6gaFbZ`J>SuvF1$6ro>8`YQQ)1qvpBbV^34!6UYk zHXJi%$%cgsvr&{%Lc4>jZMt+fujz*gV6)OW-YO&ZtklZu9<(#pHl3fzwRB0!n`r{S NiY3z5k+k_EHlKbfCQ$$Y From f0647c2356e254320089e8f59c5bcdff74c3020f Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Mon, 20 May 2024 12:25:13 +0200 Subject: [PATCH 4/4] falkenstein: move mail to /var --- hosts/falkenstein/modules/backup/default.nix | 2 ++ hosts/falkenstein/modules/mail/dovecot2.nix | 5 ++++- hosts/falkenstein/modules/mail/postfix.nix | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/hosts/falkenstein/modules/backup/default.nix b/hosts/falkenstein/modules/backup/default.nix index db55135..3ef84b6 100644 --- a/hosts/falkenstein/modules/backup/default.nix +++ b/hosts/falkenstein/modules/backup/default.nix @@ -10,6 +10,8 @@ source_directories = [ "/var/lib" "/var/log" + "/var/mail" + "/var/sieve" "/root" ]; diff --git a/hosts/falkenstein/modules/mail/dovecot2.nix b/hosts/falkenstein/modules/mail/dovecot2.nix index 4a4cd97..256cde2 100644 --- a/hosts/falkenstein/modules/mail/dovecot2.nix +++ b/hosts/falkenstein/modules/mail/dovecot2.nix @@ -13,7 +13,7 @@ in enableImap = true; enableQuota = false; enableLmtp = true; - mailLocation = "maildir:~/Maildir"; + mailLocation = "maildir:/var/mail/%n"; sslServerCert = "/var/lib/acme/${hostname}/fullchain.pem"; sslServerKey = "/var/lib/acme/${hostname}/key.pem"; protocols = [ "imap" "sieve" ]; @@ -114,6 +114,9 @@ in } client_limit = 1 } + plugin { + sieve = file:/var/sieve/%u;active=/var/sieve/%u.sieve + } ''; }; }; diff --git a/hosts/falkenstein/modules/mail/postfix.nix b/hosts/falkenstein/modules/mail/postfix.nix index 7246361..cbc6856 100644 --- a/hosts/falkenstein/modules/mail/postfix.nix +++ b/hosts/falkenstein/modules/mail/postfix.nix @@ -36,7 +36,7 @@ in sslCert = "/var/lib/acme/${hostname}/fullchain.pem"; sslKey = "/var/lib/acme/${hostname}/key.pem"; config = { - home_mailbox = "Maildir/"; + # home_mailbox = "Maildir/"; smtp_helo_name = config.networking.fqdn; smtpd_banner = "${config.networking.fqdn} ESMTP $mail_name"; smtp_use_tls = true;