...

author: Gregor Kleen <gkleen@yggdrasil.li> 2025-05-14 10:50:27 +0200
committer: Gregor Kleen <gkleen@yggdrasil.li> 2025-05-14 10:50:27 +0200
commit: 43c9825e49d25fbd2c19abcdeb8f73aee8be2a4c (patch)
tree: c1cc8a034395c9bb8188651f6835922b38887f32 /hosts/surtr
parent: 03d49aa8ec6f51c8f51bfb628e614ac537cca8e0 (diff)
download: nixos-43c9825e49d25fbd2c19abcdeb8f73aee8be2a4c.tar
nixos-43c9825e49d25fbd2c19abcdeb8f73aee8be2a4c.tar.gz
nixos-43c9825e49d25fbd2c19abcdeb8f73aee8be2a4c.tar.bz2
nixos-43c9825e49d25fbd2c19abcdeb8f73aee8be2a4c.tar.xz
nixos-43c9825e49d25fbd2c19abcdeb8f73aee8be2a4c.zip
3 files changed, 12 insertions, 12 deletions
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index 13b33c7f..4666d1d6 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -215,7 +215,7 @@ in {
        smtpd_client_event_limit_exceptions = "";
        milter_default_action = "accept";
-        smtpd_milters = [config.services.opendkim.socket "local:/run/rspamd/rspamd-milter.sock"];
+        smtpd_milters = [config.services.opendkim.socket "local:/run/rspamd/rspamd-milter.sock" "local:/run/postsrsd/postsrsd-milter.sock"];
        non_smtpd_milters = [config.services.opendkim.socket "local:/run/rspamd/rspamd-milter.sock"];
        alias_maps = "";
@@ -237,11 +237,6 @@ in {
          ::/0                silent-discard, dsn
        ''}";
-        sender_canonical_maps = "tcp:localhost:${toString config.services.postsrsd.forwardPort}";
-        sender_canonical_classes = "envelope_sender";
-        recipient_canonical_maps = "tcp:localhost:${toString config.services.postsrsd.reversePort}";
-        recipient_canonical_classes = ["envelope_recipient" "header_recipient"];
        virtual_mailbox_domains = ''pgsql:${pkgs.writeText "virtual_mailbox_domains.cf" ''
          hosts = postgresql:///email
          dbname = email
@@ -366,10 +361,11 @@ in {
    services.postsrsd = {
      enable = true;
-      domain = "surtr.yggdrasil.li";
+      domains = [ "surtr.yggdrasil.li" ] ++ concatMap (domain: [".${domain}" domain]) emailDomains;
      separator = "+";
-      excludeDomains = [ "surtr.yggdrasil.li"
+      extraConfig = ''
-                       ] ++ concatMap (domain: [".${domain}" domain]) emailDomains;
+        milter = unix:/run/postsrsd/postsrsd-milter.sock
+      '';
    };
    services.opendkim = {
diff --git a/hosts/surtr/vpn/default.nix b/hosts/surtr/vpn/default.nix
index 1bdcf74e..92223144 100644
--- a/hosts/surtr/vpn/default.nix
+++ b/hosts/surtr/vpn/default.nix
@@ -1,4 +1,4 @@
-{ pkgs, config, lib, ... }:
+{ flake, pkgs, config, lib, ... }:
 with lib;
@@ -22,7 +22,11 @@ in {
        "--load-credential=surtr.priv:/run/credentials/container@vpn.service/surtr.priv"
        "--network-ipvlan=ens3:upstream"
      ];
-      config = {
+      config = let hostConfig = config; in { config, pkgs, ... }: {
+        system.stateVersion = lib.mkIf hostConfig.containers."vpn".ephemeral config.system.nixos.release;
+        system.configurationRevision = mkIf (flake ? rev) flake.rev;
+        nixpkgs.pkgs = hostConfig.nixpkgs.pkgs;
        boot.kernel.sysctl = {
          "net.core.rmem_max" = 4194304;
          "net.core.wmem_max" = 4194304;
diff --git a/hosts/surtr/vpn/geri.pub b/hosts/surtr/vpn/geri.pub
index ed5de2b2..2cd9b24e 100644
--- a/hosts/surtr/vpn/geri.pub
+++ b/hosts/surtr/vpn/geri.pub
@@ -1 +1 @@
-sYuQSNZHzfegv8HRz71jnZm2nFLGeRnaGwVonhKUj2k=
+hhER05bvstOTGfiAG3IJsFkBNWCUZHokBXwaiC5d534=
author	Gregor Kleen <gkleen@yggdrasil.li>	2025-05-14 10:50:27 +0200
committer	Gregor Kleen <gkleen@yggdrasil.li>	2025-05-14 10:50:27 +0200
commit	43c9825e49d25fbd2c19abcdeb8f73aee8be2a4c (patch)
tree	c1cc8a034395c9bb8188651f6835922b38887f32 /hosts/surtr
parent	03d49aa8ec6f51c8f51bfb628e614ac537cca8e0 (diff)
download	nixos-43c9825e49d25fbd2c19abcdeb8f73aee8be2a4c.tar nixos-43c9825e49d25fbd2c19abcdeb8f73aee8be2a4c.tar.gz nixos-43c9825e49d25fbd2c19abcdeb8f73aee8be2a4c.tar.bz2 nixos-43c9825e49d25fbd2c19abcdeb8f73aee8be2a4c.tar.xz nixos-43c9825e49d25fbd2c19abcdeb8f73aee8be2a4c.zip