mirror of
https://github.com/Mic92/nixos-wiki-infra.git
synced 2024-11-25 09:43:28 +01:00
add opendkim
This commit is contained in:
parent
1793b92249
commit
8cd224475c
@ -6,6 +6,7 @@
|
||||
inputs.sops-nix.nixosModules.sops
|
||||
inputs.srvos.nixosModules.hardware-hetzner-cloud
|
||||
inputs.srvos.nixosModules.mixins-telegraf
|
||||
./postfix.nix
|
||||
./single-disk.nix
|
||||
./monitoring.nix
|
||||
{
|
||||
|
46
modules/postfix.nix
Normal file
46
modules/postfix.nix
Normal file
@ -0,0 +1,46 @@
|
||||
{ config, ... }:
|
||||
|
||||
let
|
||||
domain = "wiki.nixos.org";
|
||||
in
|
||||
{
|
||||
services.opendkim.enable = true;
|
||||
services.opendkim.domains = domain;
|
||||
services.opendkim.selector = "mail";
|
||||
services.opendkim.user = config.services.postfix.user;
|
||||
services.opendkim.group = config.services.postfix.group;
|
||||
sops.secrets.opendkim-private-key.owner = config.services.postfix.user;
|
||||
|
||||
services.opendkim.keyPath = "/run/opendkim-keys";
|
||||
systemd.tmpfiles.rules = [
|
||||
"f /run/opendkim-keys/${config.services.opendkim.selector}.private 0600 ${config.services.postfix.user} ${config.services.postfix.group} - - - ${config.sops.secrets.opendkim-private-key.path}"
|
||||
];
|
||||
|
||||
# postfix configuration for sending emails only
|
||||
services.postfix = {
|
||||
enable = true;
|
||||
hostname = domain;
|
||||
inherit domain;
|
||||
|
||||
config = {
|
||||
smtp_tls_note_starttls_offer = "yes";
|
||||
|
||||
smtp_dns_support_level = "dnssec";
|
||||
smtp_tls_security_level = "dane";
|
||||
|
||||
tls_medium_cipherlist = "AES128+EECDH:AES128+EDH";
|
||||
|
||||
smtpd_relay_restrictions = "permit_mynetworks permit_sasl_authenticated defer_unauth_destination";
|
||||
mydestination = "localhost.$mydomain, localhost, $myhostname";
|
||||
myorigin = "$mydomain";
|
||||
|
||||
milter_default_action = "accept";
|
||||
milter_protocol = "6";
|
||||
smtpd_milters = "unix:/run/opendkim/opendkim.sock";
|
||||
non_smtpd_milters = "unix:/run/opendkim/opendkim.sock";
|
||||
|
||||
inet_interfaces = "loopback-only";
|
||||
inet_protocols = "all";
|
||||
};
|
||||
};
|
||||
}
|
@ -1,6 +1,7 @@
|
||||
nixos-wiki: ENC[AES256_GCM,data:PDVoovlVdCYr/rI6a8igNp8D7B6Ni+yY,iv:x/+Yro8tbSnEY+ELYx+UJKRzveidrpqHp7iC7e3ymc4=,tag:pgLVTxGqmOOQ6FMUgTLaYQ==,type:str]
|
||||
nixos-wiki-github-client-secret: ENC[AES256_GCM,data:ggkzMlolTHxo4Jh4fBN4Ot5RJgESovrRjZ6FmQkVuLAgQfX22KjE4w==,iv:plmxJQoRcaFZ1hmFHgOnUofp2pHrNITdL/a1d3tFtag=,tag:28MHko3esZKKXJps4GlTSQ==,type:str]
|
||||
age-key: ENC[AES256_GCM,data:ldlaCHNf99r6zaihQHXPZ0QyY6/KGZR3oRMKo7xiKH7EVjgmKzS8knjDDqwq29D25L1jbVPAmScPEHppbM58xU7nOx4lIpl3qKE=,iv:EHKnKwdHqlKwGrBNbCaoaB8m6xgYSJecUBJgtdZn8kU=,tag:xVs3HfQ8Qip65CIGti9k0w==,type:str]
|
||||
opendkim-private-key: ENC[AES256_GCM,data:qG2OIGGv0weUD0iKy8pZ450USg8RAtNLP5ar8LKSL4hP2+uWINRhjQ73w2GZKNq2/deW9bZEM1F3uxLFmxOocTq/CPcO3LWNbaezKns/Xhq5BbX/sIU+ht9Z2AAG86ZmLw251U+xR/VyEE3kdPIhePma+0qcJBPdu8e7CGxzqBooCw9XplLYrMljVrISlIoAhKHEgSqCpyqnQeoxOxSuXvecuErYB5aCstp8W2L20CK89hLHAIONo4vbXxLfwKmt4mMNqOhQxsaoaqPaNFVNO56QhK7+CY4Erhs/GyH3DJ+YdmVwo+rwqvhtegCJcdaKSTmYoWl6xpgg8zKKLJNkO4V0ijrDhgEJ0tSWdvp95Enh1pZ0kN/OuzW/O6z0lkWrcP3i4tdkCaE5ZxoD5P3u/dwQQop5MNdospvUdN5t3ehxCsFvWemSWC4hygdNBOnKA2Zm+JQLjx8gd5fcuOeONTRU2InE/He4otv4jwzCKH9nNJui2L8se0odi/xmZFQb6cfg2xamQUkQ9PgeoSxUgnoBOKdWSZ8A7D+FznI+zAKiZFhBHm6jwGnXQ8MPxlvPRB6fLO+1pOmDBtss0wR7Pywh6e83HFeYwz9L55B1KpFCQHt2pNr8iXjE2c7EEGuH5I1e5svA656yd7p5UiuiKYz7/8P9CgmEyoZ/Zljmk3Z7laCzwlXVpEVPy+R0nu2uiCDN4RIoayf0al/2wPtHZlGLXsECXh1eRjXicM8I2eOyVauBMns14brMdlBVB7eHRZVq96fUxpgwUhnC00unGSqICPBNRk0aCs62aRbbPjs9VC9N/CjqnzIKohi4CNSZHNCkFCFtxVmhO9P0zIsZn6ukUohNpde+PY4X4uuq3PkGEHfRE0zYfB4AgaoIvK/IISEo/Fv+eCIynfCYGq1W/VA8bZ8Kwubz2ixYseo2hHbpCiwysyF71Xcv5RH6OF0j15fpH7Jb4ELx+PL/AMcC4MF+erBWphHTu0Vw61OqeBGYFqXZemGCkNNw4xkIH+8QqipV5XRw7zDFeUYfqjz/VEmCf12TCiXhWjafkSH4H7W9F0fdWeHSPvI4PAIY+MGF/A0wxmN/jrYq+QRSpFb6StxTC9sBU6lUuLwzVOcvOZr5r5s3jMOFpTufVU7wD1FYsZI1ZfAGAeW99vq6i9PWSnmqtq8xaKbZwfhoWm1lJ1ogs4DGI0yAxQeX4blCdazQOYrg3Q==,iv:oNcXuUpfKyKMqHcLAUwFVEjo7BIIOiErbNQ4+LvXHJM=,tag:6jLuPC+cv6yh/he1I6Hurw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@ -43,8 +44,8 @@ sops:
|
||||
NzdoVWR3TlBrZHYzYzBKelc0UTRvbUkK6O1Lpi6hcMHyFA3E8yJO+1LkXR/10xnW
|
||||
ViKILGcsw4AdsRGNL5fHxQECR11WsEARetpX5GlixC0lvS/Til8YWA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-10-24T15:17:00Z"
|
||||
mac: ENC[AES256_GCM,data:jPInsdN9mTROhh+fyYb4JSy937fuSGr6lhRIZhDc8alOO7TYnF9GSbum3KPPHYLm8LPKLQK19umyik7a5P/c983sfRHhaOibAugtPQT3fzw0/jAjwUJ9F4t9zhrZ6k7KfU9eO/34vFM0uKYhq+wUV9ztgDLJbARmtO0Dka1ks7w=,iv:NudkNhomCsFlqkU/QjQcrsqoTdAJC7HzJDpRuqHCx7s=,tag:K20RqA4EcDmm5V27ZGPGpg==,type:str]
|
||||
lastmodified: "2024-03-06T18:18:39Z"
|
||||
mac: ENC[AES256_GCM,data:JdNzSTClf86FUFPFGHBxR53ZHAoRizkhRyDY6whRHiLx+jOXMOCJTfgsX2zIJVd84o0B6+KDfXYgPd1vuZw1IiYOe3YO+Uv/xnFTl5NX4zneKkTXBlvoZmunaejcOqR3fqKcWtqk+wMZ4erL1HQDd6bRwa0ChQ3r6hD7jV5YAWg=,iv:VcHV9Z+MC++grdCpQMVhhkgwo/fgJFuBaKAxMx/nHv4=,tag:okBYubC59jHyI3or7aIdzw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
Loading…
Reference in New Issue
Block a user