summaryrefslogtreecommitdiff
path: root/hosts/surtr/email
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2023-01-30 12:20:23 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2023-01-30 12:20:23 +0100
commitcfc871cce6aefaa0ff64619780a807cba761c6b2 (patch)
tree965e8276ed36f11698b6c7d6eadab9f88d5f97c5 /hosts/surtr/email
parentaa54fe89b98d354d21141c589332ce7950ef2e59 (diff)
downloadnixos-cfc871cce6aefaa0ff64619780a807cba761c6b2.tar
nixos-cfc871cce6aefaa0ff64619780a807cba761c6b2.tar.gz
nixos-cfc871cce6aefaa0ff64619780a807cba761c6b2.tar.bz2
nixos-cfc871cce6aefaa0ff64619780a807cba761c6b2.tar.xz
nixos-cfc871cce6aefaa0ff64619780a807cba761c6b2.zip
...
Diffstat (limited to 'hosts/surtr/email')
-rw-r--r--hosts/surtr/email/ca/gkleen@sif.key9
-rw-r--r--hosts/surtr/email/default.nix22
-rw-r--r--hosts/surtr/email/spm-keys.json16
3 files changed, 25 insertions, 22 deletions
diff --git a/hosts/surtr/email/ca/gkleen@sif.key b/hosts/surtr/email/ca/gkleen@sif.key
index 4578f4c2..5654d1d7 100644
--- a/hosts/surtr/email/ca/gkleen@sif.key
+++ b/hosts/surtr/email/ca/gkleen@sif.key
@@ -10,14 +10,9 @@
10 "mac": "ENC[AES256_GCM,data:A81DUOL1HrVuDyPUvVzqCk0MZB6PfOc0SRp6fg+EIiup28VIi+m3fbaiekEHGGRCAWJpmVJdS6ZZjfME92apl4264RxGZQ19apEYvdS2U2Oz3yC2G46ms3kUPfo2CGWw9bo2u9dOido3SA6SE7gnxzonAW4/JPpiSQaYCDLhJ68=,iv:+d1a55uqKCzp8DVcDypFgLrp8OPRy2i+r++Eu2xhPHU=,tag:wUvunpEkpa7poQsmrFYMRQ==,type:str]", 10 "mac": "ENC[AES256_GCM,data:A81DUOL1HrVuDyPUvVzqCk0MZB6PfOc0SRp6fg+EIiup28VIi+m3fbaiekEHGGRCAWJpmVJdS6ZZjfME92apl4264RxGZQ19apEYvdS2U2Oz3yC2G46ms3kUPfo2CGWw9bo2u9dOido3SA6SE7gnxzonAW4/JPpiSQaYCDLhJ68=,iv:+d1a55uqKCzp8DVcDypFgLrp8OPRy2i+r++Eu2xhPHU=,tag:wUvunpEkpa7poQsmrFYMRQ==,type:str]",
11 "pgp": [ 11 "pgp": [
12 { 12 {
13 "created_at": "2022-11-07T15:55:22Z", 13 "created_at": "2023-01-30T10:58:17Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAnyLj503gWwWQEwVhWGx7IawWB7ISqFZk3EDGrlBLv3ww\n69Kbr5bqYg4guusvifS9KHBun8sIuHWf6QImZk5ugNBDLjHiHgqZq7mfhHXX0dUh\n0l4BqKsVGFprOOKAPT6hfXzXx0riJiaVSHAyJHyJkSygMgtZvROU2MbI0yqpO8RL\no495NGNGUPd6LQZMfQ/vHu6ZDFdz0O+pyuu6gOkixAMZCtvge4S4pCJnyJ4bW+x9\n=ExO9\n-----END PGP MESSAGE-----\n", 14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAPvQbjiSDLyHSZCnkrXCCY84/Q37oh4owBhYkV+6KuAEw\nuJnPKkKZ1tSZtBqBdGpQbO3pBPaDsYZ4oAQuyAp7ppjEWS5K2uLzsiaWeWv2tWik\n0l4BahpAbfvJr4tX1PRKixd2RT7rB7NpBv5GJ/5XgwxeMZ1t+Rtbzro3jXz8VQPX\nBS7SWk/TcyR2oljQxKCvQe7PZXmQ7Ue4sa5rtBCQwdYKz4c4OiNWE4lIt208xY3x\n=+UgS\n-----END PGP MESSAGE-----\n",
15 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 15 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
16 },
17 {
18 "created_at": "2022-11-07T15:55:22Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4Dgwm4NZSaLAcSAQdA6ksiCbMWMGNLINj9knm+fZSLmCts8JkDWsWxm6VkSCgw\nB/EhaM8A6dWTJYG8T1hSFLak+FVl64g7ZeDW7dCp2sqJAMJ6DOOADsbWv2daVYP0\n0l4Bg39WApIorvMyTuZkmIwAQezucXJpI2rP/ZtximsG+ykFU2xpymL0+nCLbAcU\nRmVEiJERyrhWXVIQo0Czicis11LwS9thp4xseejpFAoSR5yse7oIAm8NJ6SRCpWg\n=bfoG\n-----END PGP MESSAGE-----\n",
20 "fp": "F1AF20B9511B63F681A14E8D51AEFBCD1DEF68F8"
21 } 16 }
22 ], 17 ],
23 "unencrypted_suffix": "_unencrypted", 18 "unencrypted_suffix": "_unencrypted",
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index 0d1ccf30..0e2a78eb 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -663,13 +663,18 @@ in {
663 }; 663 };
664 }; 664 };
665 665
666 security.acme.domains = { 666 security.acme.rfc2136Domains = {
667 "surtr.yggdrasil.li" = {}; 667 "surtr.yggdrasil.li" = {
668 } // listToAttrs (map (domain: nameValuePair "spm.${domain}" {}) spmDomains) 668 restartUnits = [ "postfix.service" "dovecot2.service" ];
669 // listToAttrs (concatMap (domain: 669 };
670 map (subdomain: nameValuePair subdomain {}) 670 } // listToAttrs (map (domain: nameValuePair "spm.${domain}" { restartUnits = ["nginx.service"]; }) spmDomains)
671 [domain "mailin.${domain}" "mailsub.${domain}" "imap.${domain}" "mta-sts.${domain}"] 671 // listToAttrs (concatMap (domain: [
672 ) emailDomains); 672 (nameValuePair domain { restartUnits = ["postfix.service" "dovecot2.service"]; })
673 (nameValuePair "mailin.${domain}" { restartUnits = ["postfix.service"]; })
674 (nameValuePair "mailsub.${domain}" { restartUnits = ["postfix.service"]; })
675 (nameValuePair "imap.${domain}" { restartUnits = ["dovecot2.service"]; })
676 (nameValuePair "mta-sts.${domain}" { restartUnits = ["nginx.service"]; })
677 ]) emailDomains);
673 678
674 systemd.services.postfix = { 679 systemd.services.postfix = {
675 serviceConfig.LoadCredential = [ 680 serviceConfig.LoadCredential = [
@@ -824,6 +829,9 @@ in {
824 }; 829 };
825 }; 830 };
826 systemd.services."postfix-ccert-sender-policy" = { 831 systemd.services."postfix-ccert-sender-policy" = {
832 after = [ "postgresql.service" ];
833 bindsTo = [ "postgresql.service" ];
834
827 serviceConfig = { 835 serviceConfig = {
828 Type = "notify"; 836 Type = "notify";
829 837
diff --git a/hosts/surtr/email/spm-keys.json b/hosts/surtr/email/spm-keys.json
index cefe27b1..92d07326 100644
--- a/hosts/surtr/email/spm-keys.json
+++ b/hosts/surtr/email/spm-keys.json
@@ -5,19 +5,19 @@
5 "gcp_kms": null, 5 "gcp_kms": null,
6 "azure_kv": null, 6 "azure_kv": null,
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": null, 8 "age": [
9 {
10 "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4UndNL21iM2plWnJPS1FC\nK0JCWDhtT25UaW93azZFZXdRR2V2Wmd6d1FJCmJFbEVzUzNKOHBKK0dvVUJMNjRG\nR25nbHBIU2tKSjVRS0tWdU1GVldkNTgKLS0tIG5yTDJmU1dLZk5VQ2xMSjRJVVd1\nblFkeGVqYm12Y3AyUmVKc3hEWk9Cd3MKkJMsM1B5AYx7Y133EQsMMddMGAqWuFNl\nMGQtdf7dyF2UmKFRZRztJiH+z5vf0UY9pHpQHYvW77NMHbtzo/360Q==\n-----END AGE ENCRYPTED FILE-----\n"
12 }
13 ],
9 "lastmodified": "2022-05-19T18:42:23Z", 14 "lastmodified": "2022-05-19T18:42:23Z",
10 "mac": "ENC[AES256_GCM,data:dQAeiVPBGotOd3dnD9P3o1dlDIrOom369SAlzY9VHe4y/Bck8brrx4fUjjxfFB9/Oew83Pdpl1WXbVp6RVrsdY/xTmVD+1bgZJJRJ5KYe0QcoWl4Sv1E6Y1b5jKZVYbeiCU7NI6gITmM5sLNBzEm2WYsYBtRCxWMh3iGV7ZqmAk=,iv:loxamarLwR6NCHaH/K8tq8XQj7Xl+Onbgu3hEYZycKQ=,tag:WojOpPzi/ajmzBAKKJ7g1Q==,type:str]", 15 "mac": "ENC[AES256_GCM,data:dQAeiVPBGotOd3dnD9P3o1dlDIrOom369SAlzY9VHe4y/Bck8brrx4fUjjxfFB9/Oew83Pdpl1WXbVp6RVrsdY/xTmVD+1bgZJJRJ5KYe0QcoWl4Sv1E6Y1b5jKZVYbeiCU7NI6gITmM5sLNBzEm2WYsYBtRCxWMh3iGV7ZqmAk=,iv:loxamarLwR6NCHaH/K8tq8XQj7Xl+Onbgu3hEYZycKQ=,tag:WojOpPzi/ajmzBAKKJ7g1Q==,type:str]",
11 "pgp": [ 16 "pgp": [
12 { 17 {
13 "created_at": "2022-05-19T18:42:23Z", 18 "created_at": "2023-01-30T11:02:06Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAy74slNS/OZAJ2BczfZtCWNdIfrCpT9qg3K17zaam930w\nWRVJeL/4JLyaCvDybqNjyoi7TkCxMtKNu5LzWv+c7iTQgAwyH/aRdaLx4HmEnwqW\n0l4BsKAIB+GNBAO/HUrjrxc16euyNPP0zbguiEUxhzNGb3xwngixbcDBIe8d4yXa\nHQ+mhjG35wQbjcPrQFUvZ5YWkwthL3pY1Jx8l/9V8ajTC3SbHlI2akbun6EMuoZo\n=LKNF\n-----END PGP MESSAGE-----\n", 19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAlJMfokF5FgwyUTPEyFucysg7qXbeSbIxupFJDtAwqn8w\nq3mrEfNT36IccWSoLy+x0hR+VuQPg5cmptv8fV4I5QXZ6TVVgFzgioVn2kNOuFdB\n0l4BtfZmibSpsdtd+kShIOpf8S0Jdai/VuvByOtJ5fX0UmVxEJpYXd3KtYZcuBFT\ny2RPDdTibNmxcj7KW8R53hzrGM11oumnYMu7DeKPwIFUt1Elzmymw6u0NPRuHAMt\n=SwFl\n-----END PGP MESSAGE-----\n",
15 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" 20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
16 },
17 {
18 "created_at": "2022-05-19T18:42:23Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAT8dopGD88h4G6EBdFbDWizpUreWer6d7U+ii48YYe2Aw\nh8NZe+WplrMmjIWalVylf/MqQKlAwbOZBj5PpFIxFXKvtRxGGYKZ7mBj7kkFaDKG\n0l4BkYVQRhouZdVFcpTtTPlG7ATVpJQAi8UiBuO0HhQBmxQUGLl5vM9bvb9cY5mH\nBnBOWYzff/f0Jl8gn3tGMr9Sxeg7VRcCm+YGMPMQSimKbEZnXUjGEYuflXzopY09\n=6n0A\n-----END PGP MESSAGE-----\n",
20 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
21 } 21 }
22 ], 22 ],
23 "unencrypted_suffix": "_unencrypted", 23 "unencrypted_suffix": "_unencrypted",