diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2023-01-30 12:20:23 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2023-01-30 12:20:23 +0100 |
commit | cfc871cce6aefaa0ff64619780a807cba761c6b2 (patch) | |
tree | 965e8276ed36f11698b6c7d6eadab9f88d5f97c5 /hosts/surtr/email | |
parent | aa54fe89b98d354d21141c589332ce7950ef2e59 (diff) | |
download | nixos-cfc871cce6aefaa0ff64619780a807cba761c6b2.tar nixos-cfc871cce6aefaa0ff64619780a807cba761c6b2.tar.gz nixos-cfc871cce6aefaa0ff64619780a807cba761c6b2.tar.bz2 nixos-cfc871cce6aefaa0ff64619780a807cba761c6b2.tar.xz nixos-cfc871cce6aefaa0ff64619780a807cba761c6b2.zip |
...
Diffstat (limited to 'hosts/surtr/email')
-rw-r--r-- | hosts/surtr/email/ca/gkleen@sif.key | 9 | ||||
-rw-r--r-- | hosts/surtr/email/default.nix | 22 | ||||
-rw-r--r-- | hosts/surtr/email/spm-keys.json | 16 |
3 files changed, 25 insertions, 22 deletions
diff --git a/hosts/surtr/email/ca/gkleen@sif.key b/hosts/surtr/email/ca/gkleen@sif.key index 4578f4c2..5654d1d7 100644 --- a/hosts/surtr/email/ca/gkleen@sif.key +++ b/hosts/surtr/email/ca/gkleen@sif.key | |||
@@ -10,14 +10,9 @@ | |||
10 | "mac": "ENC[AES256_GCM,data:A81DUOL1HrVuDyPUvVzqCk0MZB6PfOc0SRp6fg+EIiup28VIi+m3fbaiekEHGGRCAWJpmVJdS6ZZjfME92apl4264RxGZQ19apEYvdS2U2Oz3yC2G46ms3kUPfo2CGWw9bo2u9dOido3SA6SE7gnxzonAW4/JPpiSQaYCDLhJ68=,iv:+d1a55uqKCzp8DVcDypFgLrp8OPRy2i+r++Eu2xhPHU=,tag:wUvunpEkpa7poQsmrFYMRQ==,type:str]", | 10 | "mac": "ENC[AES256_GCM,data:A81DUOL1HrVuDyPUvVzqCk0MZB6PfOc0SRp6fg+EIiup28VIi+m3fbaiekEHGGRCAWJpmVJdS6ZZjfME92apl4264RxGZQ19apEYvdS2U2Oz3yC2G46ms3kUPfo2CGWw9bo2u9dOido3SA6SE7gnxzonAW4/JPpiSQaYCDLhJ68=,iv:+d1a55uqKCzp8DVcDypFgLrp8OPRy2i+r++Eu2xhPHU=,tag:wUvunpEkpa7poQsmrFYMRQ==,type:str]", |
11 | "pgp": [ | 11 | "pgp": [ |
12 | { | 12 | { |
13 | "created_at": "2022-11-07T15:55:22Z", | 13 | "created_at": "2023-01-30T10:58:17Z", |
14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAnyLj503gWwWQEwVhWGx7IawWB7ISqFZk3EDGrlBLv3ww\n69Kbr5bqYg4guusvifS9KHBun8sIuHWf6QImZk5ugNBDLjHiHgqZq7mfhHXX0dUh\n0l4BqKsVGFprOOKAPT6hfXzXx0riJiaVSHAyJHyJkSygMgtZvROU2MbI0yqpO8RL\no495NGNGUPd6LQZMfQ/vHu6ZDFdz0O+pyuu6gOkixAMZCtvge4S4pCJnyJ4bW+x9\n=ExO9\n-----END PGP MESSAGE-----\n", | 14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAPvQbjiSDLyHSZCnkrXCCY84/Q37oh4owBhYkV+6KuAEw\nuJnPKkKZ1tSZtBqBdGpQbO3pBPaDsYZ4oAQuyAp7ppjEWS5K2uLzsiaWeWv2tWik\n0l4BahpAbfvJr4tX1PRKixd2RT7rB7NpBv5GJ/5XgwxeMZ1t+Rtbzro3jXz8VQPX\nBS7SWk/TcyR2oljQxKCvQe7PZXmQ7Ue4sa5rtBCQwdYKz4c4OiNWE4lIt208xY3x\n=+UgS\n-----END PGP MESSAGE-----\n", |
15 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | 15 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" |
16 | }, | ||
17 | { | ||
18 | "created_at": "2022-11-07T15:55:22Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4Dgwm4NZSaLAcSAQdA6ksiCbMWMGNLINj9knm+fZSLmCts8JkDWsWxm6VkSCgw\nB/EhaM8A6dWTJYG8T1hSFLak+FVl64g7ZeDW7dCp2sqJAMJ6DOOADsbWv2daVYP0\n0l4Bg39WApIorvMyTuZkmIwAQezucXJpI2rP/ZtximsG+ykFU2xpymL0+nCLbAcU\nRmVEiJERyrhWXVIQo0Czicis11LwS9thp4xseejpFAoSR5yse7oIAm8NJ6SRCpWg\n=bfoG\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "F1AF20B9511B63F681A14E8D51AEFBCD1DEF68F8" | ||
21 | } | 16 | } |
22 | ], | 17 | ], |
23 | "unencrypted_suffix": "_unencrypted", | 18 | "unencrypted_suffix": "_unencrypted", |
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix index 0d1ccf30..0e2a78eb 100644 --- a/hosts/surtr/email/default.nix +++ b/hosts/surtr/email/default.nix | |||
@@ -663,13 +663,18 @@ in { | |||
663 | }; | 663 | }; |
664 | }; | 664 | }; |
665 | 665 | ||
666 | security.acme.domains = { | 666 | security.acme.rfc2136Domains = { |
667 | "surtr.yggdrasil.li" = {}; | 667 | "surtr.yggdrasil.li" = { |
668 | } // listToAttrs (map (domain: nameValuePair "spm.${domain}" {}) spmDomains) | 668 | restartUnits = [ "postfix.service" "dovecot2.service" ]; |
669 | // listToAttrs (concatMap (domain: | 669 | }; |
670 | map (subdomain: nameValuePair subdomain {}) | 670 | } // listToAttrs (map (domain: nameValuePair "spm.${domain}" { restartUnits = ["nginx.service"]; }) spmDomains) |
671 | [domain "mailin.${domain}" "mailsub.${domain}" "imap.${domain}" "mta-sts.${domain}"] | 671 | // listToAttrs (concatMap (domain: [ |
672 | ) emailDomains); | 672 | (nameValuePair domain { restartUnits = ["postfix.service" "dovecot2.service"]; }) |
673 | (nameValuePair "mailin.${domain}" { restartUnits = ["postfix.service"]; }) | ||
674 | (nameValuePair "mailsub.${domain}" { restartUnits = ["postfix.service"]; }) | ||
675 | (nameValuePair "imap.${domain}" { restartUnits = ["dovecot2.service"]; }) | ||
676 | (nameValuePair "mta-sts.${domain}" { restartUnits = ["nginx.service"]; }) | ||
677 | ]) emailDomains); | ||
673 | 678 | ||
674 | systemd.services.postfix = { | 679 | systemd.services.postfix = { |
675 | serviceConfig.LoadCredential = [ | 680 | serviceConfig.LoadCredential = [ |
@@ -824,6 +829,9 @@ in { | |||
824 | }; | 829 | }; |
825 | }; | 830 | }; |
826 | systemd.services."postfix-ccert-sender-policy" = { | 831 | systemd.services."postfix-ccert-sender-policy" = { |
832 | after = [ "postgresql.service" ]; | ||
833 | bindsTo = [ "postgresql.service" ]; | ||
834 | |||
827 | serviceConfig = { | 835 | serviceConfig = { |
828 | Type = "notify"; | 836 | Type = "notify"; |
829 | 837 | ||
diff --git a/hosts/surtr/email/spm-keys.json b/hosts/surtr/email/spm-keys.json index cefe27b1..92d07326 100644 --- a/hosts/surtr/email/spm-keys.json +++ b/hosts/surtr/email/spm-keys.json | |||
@@ -5,19 +5,19 @@ | |||
5 | "gcp_kms": null, | 5 | "gcp_kms": null, |
6 | "azure_kv": null, | 6 | "azure_kv": null, |
7 | "hc_vault": null, | 7 | "hc_vault": null, |
8 | "age": null, | 8 | "age": [ |
9 | { | ||
10 | "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq", | ||
11 | "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4UndNL21iM2plWnJPS1FC\nK0JCWDhtT25UaW93azZFZXdRR2V2Wmd6d1FJCmJFbEVzUzNKOHBKK0dvVUJMNjRG\nR25nbHBIU2tKSjVRS0tWdU1GVldkNTgKLS0tIG5yTDJmU1dLZk5VQ2xMSjRJVVd1\nblFkeGVqYm12Y3AyUmVKc3hEWk9Cd3MKkJMsM1B5AYx7Y133EQsMMddMGAqWuFNl\nMGQtdf7dyF2UmKFRZRztJiH+z5vf0UY9pHpQHYvW77NMHbtzo/360Q==\n-----END AGE ENCRYPTED FILE-----\n" | ||
12 | } | ||
13 | ], | ||
9 | "lastmodified": "2022-05-19T18:42:23Z", | 14 | "lastmodified": "2022-05-19T18:42:23Z", |
10 | "mac": "ENC[AES256_GCM,data:dQAeiVPBGotOd3dnD9P3o1dlDIrOom369SAlzY9VHe4y/Bck8brrx4fUjjxfFB9/Oew83Pdpl1WXbVp6RVrsdY/xTmVD+1bgZJJRJ5KYe0QcoWl4Sv1E6Y1b5jKZVYbeiCU7NI6gITmM5sLNBzEm2WYsYBtRCxWMh3iGV7ZqmAk=,iv:loxamarLwR6NCHaH/K8tq8XQj7Xl+Onbgu3hEYZycKQ=,tag:WojOpPzi/ajmzBAKKJ7g1Q==,type:str]", | 15 | "mac": "ENC[AES256_GCM,data:dQAeiVPBGotOd3dnD9P3o1dlDIrOom369SAlzY9VHe4y/Bck8brrx4fUjjxfFB9/Oew83Pdpl1WXbVp6RVrsdY/xTmVD+1bgZJJRJ5KYe0QcoWl4Sv1E6Y1b5jKZVYbeiCU7NI6gITmM5sLNBzEm2WYsYBtRCxWMh3iGV7ZqmAk=,iv:loxamarLwR6NCHaH/K8tq8XQj7Xl+Onbgu3hEYZycKQ=,tag:WojOpPzi/ajmzBAKKJ7g1Q==,type:str]", |
11 | "pgp": [ | 16 | "pgp": [ |
12 | { | 17 | { |
13 | "created_at": "2022-05-19T18:42:23Z", | 18 | "created_at": "2023-01-30T11:02:06Z", |
14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAy74slNS/OZAJ2BczfZtCWNdIfrCpT9qg3K17zaam930w\nWRVJeL/4JLyaCvDybqNjyoi7TkCxMtKNu5LzWv+c7iTQgAwyH/aRdaLx4HmEnwqW\n0l4BsKAIB+GNBAO/HUrjrxc16euyNPP0zbguiEUxhzNGb3xwngixbcDBIe8d4yXa\nHQ+mhjG35wQbjcPrQFUvZ5YWkwthL3pY1Jx8l/9V8ajTC3SbHlI2akbun6EMuoZo\n=LKNF\n-----END PGP MESSAGE-----\n", | 19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAlJMfokF5FgwyUTPEyFucysg7qXbeSbIxupFJDtAwqn8w\nq3mrEfNT36IccWSoLy+x0hR+VuQPg5cmptv8fV4I5QXZ6TVVgFzgioVn2kNOuFdB\n0l4BtfZmibSpsdtd+kShIOpf8S0Jdai/VuvByOtJ5fX0UmVxEJpYXd3KtYZcuBFT\ny2RPDdTibNmxcj7KW8R53hzrGM11oumnYMu7DeKPwIFUt1Elzmymw6u0NPRuHAMt\n=SwFl\n-----END PGP MESSAGE-----\n", |
15 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | 20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" |
16 | }, | ||
17 | { | ||
18 | "created_at": "2022-05-19T18:42:23Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAT8dopGD88h4G6EBdFbDWizpUreWer6d7U+ii48YYe2Aw\nh8NZe+WplrMmjIWalVylf/MqQKlAwbOZBj5PpFIxFXKvtRxGGYKZ7mBj7kkFaDKG\n0l4BkYVQRhouZdVFcpTtTPlG7ATVpJQAi8UiBuO0HhQBmxQUGLl5vM9bvb9cY5mH\nBnBOWYzff/f0Jl8gn3tGMr9Sxeg7VRcCm+YGMPMQSimKbEZnXUjGEYuflXzopY09\n=6n0A\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
21 | } | 21 | } |
22 | ], | 22 | ], |
23 | "unencrypted_suffix": "_unencrypted", | 23 | "unencrypted_suffix": "_unencrypted", |