diff options
| -rw-r--r-- | flake.lock | 18 | ||||
| -rw-r--r-- | hosts/sif/default.nix | 2 | ||||
| -rw-r--r-- | hosts/sif/mail/default.nix | 10 | ||||
| -rw-r--r-- | hosts/sif/mail/secrets.yaml | 6 |
4 files changed, 18 insertions, 18 deletions
| @@ -7,11 +7,11 @@ | |||
| 7 | ] | 7 | ] |
| 8 | }, | 8 | }, |
| 9 | "locked": { | 9 | "locked": { |
| 10 | "lastModified": 1609269962, | 10 | "lastModified": 1610791052, |
| 11 | "narHash": "sha256-YvkJhcBBls39JFZzh/S3oRKyDFAgy2KoW5AzJ+MvNgQ=", | 11 | "narHash": "sha256-2sqrLo1O0OmutNyPZTg5lXDNPDgjcrlvAkQbo7pFUUY=", |
| 12 | "owner": "nix-community", | 12 | "owner": "nix-community", |
| 13 | "repo": "home-manager", | 13 | "repo": "home-manager", |
| 14 | "rev": "8e0c1c55fbb7f16f9fd313275ddf63c97b34394c", | 14 | "rev": "8127799f79ee96129b295d78294f40a54078131f", |
| 15 | "type": "github" | 15 | "type": "github" |
| 16 | }, | 16 | }, |
| 17 | "original": { | 17 | "original": { |
| @@ -23,11 +23,11 @@ | |||
| 23 | }, | 23 | }, |
| 24 | "nixpkgs": { | 24 | "nixpkgs": { |
| 25 | "locked": { | 25 | "locked": { |
| 26 | "lastModified": 1609337906, | 26 | "lastModified": 1610924950, |
| 27 | "narHash": "sha256-xj027twGqdK/xRzxlnM8icyUUF4GANlBevHqLYhqb7w=", | 27 | "narHash": "sha256-SdAb9TXIyPmMUJIUVxDJovO+Gl+TlZ9Z4GmzoQFq5aI=", |
| 28 | "owner": "NixOS", | 28 | "owner": "NixOS", |
| 29 | "repo": "nixpkgs", | 29 | "repo": "nixpkgs", |
| 30 | "rev": "58f3c19b78594e1839abf702fa73ddf9d7a96437", | 30 | "rev": "822e677f0a0b05b1cc6c349e14a57fcbb86afbfa", |
| 31 | "type": "github" | 31 | "type": "github" |
| 32 | }, | 32 | }, |
| 33 | "original": { | 33 | "original": { |
| @@ -51,11 +51,11 @@ | |||
| 51 | ] | 51 | ] |
| 52 | }, | 52 | }, |
| 53 | "locked": { | 53 | "locked": { |
| 54 | "lastModified": 1609306567, | 54 | "lastModified": 1610083436, |
| 55 | "narHash": "sha256-CPVjO4tdmhHW7sOTbo8i9JN7HlNhakwpUi3u3+V6gnY=", | 55 | "narHash": "sha256-Hw7AitbnNq5XqDl6OKqqzB4xz7UqQqrA69BMsCu4Doo=", |
| 56 | "owner": "Mic92", | 56 | "owner": "Mic92", |
| 57 | "repo": "sops-nix", | 57 | "repo": "sops-nix", |
| 58 | "rev": "da343afab9aace88875f24bfb2d90e3d9afaafc4", | 58 | "rev": "4a7bf1c67c987ea65806d0e21e15c747102caaac", |
| 59 | "type": "github" | 59 | "type": "github" |
| 60 | }, | 60 | }, |
| 61 | "original": { | 61 | "original": { |
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix index b54b6caf..29a91445 100644 --- a/hosts/sif/default.nix +++ b/hosts/sif/default.nix | |||
| @@ -20,7 +20,7 @@ | |||
| 20 | nvm0.device = "/dev/disk/by-uuid/fe641e81-0812-4181-a5f6-382ebba509bb"; | 20 | nvm0.device = "/dev/disk/by-uuid/fe641e81-0812-4181-a5f6-382ebba509bb"; |
| 21 | nvm1.device = "/dev/disk/by-uuid/43df1ba8-1728-4193-8855-920a82d4494a"; | 21 | nvm1.device = "/dev/disk/by-uuid/43df1ba8-1728-4193-8855-920a82d4494a"; |
| 22 | }; | 22 | }; |
| 23 | availableKernelModules = [ "drbg" "nvme" "fbcon" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; | 23 | availableKernelModules = [ "drbg" "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; |
| 24 | kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" ]; | 24 | kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" ]; |
| 25 | }; | 25 | }; |
| 26 | 26 | ||
diff --git a/hosts/sif/mail/default.nix b/hosts/sif/mail/default.nix index 2addba9d..29bfb4f1 100644 --- a/hosts/sif/mail/default.nix +++ b/hosts/sif/mail/default.nix | |||
| @@ -38,23 +38,23 @@ | |||
| 38 | /@ifi\.(lmu|uni-muenchen)\.de$/ smtp:smtpin1.ifi.lmu.de:587 | 38 | /@ifi\.(lmu|uni-muenchen)\.de$/ smtp:smtpin1.ifi.lmu.de:587 |
| 39 | /@(campus\.)?lmu\.de$/ smtp:postout.lrz.de | 39 | /@(campus\.)?lmu\.de$/ smtp:postout.lrz.de |
| 40 | ''}''; | 40 | ''}''; |
| 41 | sender_bcc_maps = ''texthash:${pkgs.writeText "sender_bcc" '' | 41 | sender_bcc_maps = ''regexp:${pkgs.writeText "sender_bcc" '' |
| 42 | uni2work@ifi.lmu.de uni2work@ifi.lmu.de | 42 | /^uni2work(-[^@]*)?@ifi\.lmu\.de$/ uni2work@ifi.lmu.de |
| 43 | @ifi.lmu.de gregor.kleen@ifi.lmu.de | 43 | /@ifi\.lmu\.de$/ gregor.kleen@ifi.lmu.de |
| 44 | ''}''; | 44 | ''}''; |
| 45 | 45 | ||
| 46 | smtp_sasl_auth_enable = true; | 46 | smtp_sasl_auth_enable = true; |
| 47 | smtp_sender_dependent_authentication = true; | 47 | smtp_sender_dependent_authentication = true; |
| 48 | smtp_sasl_tls_security_options = "noanonymous"; | 48 | smtp_sasl_tls_security_options = "noanonymous"; |
| 49 | smtp_sasl_mechanism_filter = ["plain"]; | 49 | smtp_sasl_mechanism_filter = ["plain"]; |
| 50 | smtp_sasl_password_maps = "texthash:/var/db/postfix/sasl_passwd"; | 50 | smtp_sasl_password_maps = "regexp:/var/db/postfix/sasl_passwd"; |
| 51 | smtp_cname_overrides_servername = false; | 51 | smtp_cname_overrides_servername = false; |
| 52 | smtp_always_send_ehlo = true; | 52 | smtp_always_send_ehlo = true; |
| 53 | smtp_tls_security_level = "dane"; | ||
| 53 | 54 | ||
| 54 | smtp_tls_loglevel = "1"; | 55 | smtp_tls_loglevel = "1"; |
| 55 | smtp_dns_support_level = "dnssec"; | 56 | smtp_dns_support_level = "dnssec"; |
| 56 | }; | 57 | }; |
| 57 | useDane = true; | ||
| 58 | }; | 58 | }; |
| 59 | 59 | ||
| 60 | sops.secrets.postfix-sasl-passwd = { | 60 | sops.secrets.postfix-sasl-passwd = { |
diff --git a/hosts/sif/mail/secrets.yaml b/hosts/sif/mail/secrets.yaml index 00422f82..06a2ad40 100644 --- a/hosts/sif/mail/secrets.yaml +++ b/hosts/sif/mail/secrets.yaml | |||
| @@ -1,11 +1,11 @@ | |||
| 1 | sasl-passwd: ENC[AES256_GCM,data:RDZHUgQJHH7IzJD5j+LOuQb4OuPopUEa6CwDRoD/FqoHFW/YKarF3Hxxu4HKA5GDf3SRrFOcPBXmf+0f1CucUQwJQh4nY4fmDVqrH0UXRowuAkIhYpt0sLXlzrOzSeZz788A9xK4AGPzEOx1va7GOqJIaPJ+pyyzazQsSgCJaFkUMriCfKbZ0zhRCr0pk2RPLOLKGuo2mDFf5c3EZYAn7vEzhZj+B3XbNWotV/JXTX7JPK6GPcsX2RMKEYBdmxZzrMCTTFU23W1DbiDJ01mxJh3ckIX+KTmaWNoVg4Tong1vBe2wxKchXajmykwFLJFR1Kj5wv4uAxy2qNvKtQIF/LJosG6LXcdk5QDQBXUINqswupBdV8lt08mk53JHLJPXcV8RpEHT3NUL,iv:2u203xTmUEfWIJDB2ZkOKzhYQrV4TGT7rfOd0md+VOw=,tag:RJ/iLbbq8B8dMmXGWjok/g==,type:str] | 1 | sasl-passwd: ENC[AES256_GCM,data:S81uICROGm/E0TC3xJyPXbVLjOO+PsRyJBoWINFZGzeh8F0nXx1ewiiSXtNl9trTbxlSgf5jnBvtbyd75N0OcyqBf0db5tJtvU42DO5I4qFo4R67FzpKzKWMF4AJuFGP1aKkPsPIc41WTfLemKCfbEhVfQj9qEFLR9TC8iqzSZa0bztCuLoKi0vrAO/4JZnzUe3n7FXy+ER6oYK9JoKwaXc9KYdwQC3QYCby2iSq+GvRs7FL4x6/Zr8FzVCXHYMaW/Qg9dCn/g2NnEnOsH0pEASuKRPJKh8x5dtQg9v3jRK6NIDjEkXeuBnSOaeQiAcYc784foIlI7Q=,iv:zCsYZtU51zJR9XqaCvMtc5aGZwSccIrPzhznubEoEjo=,tag:0/v4Cp/0xLrfEX7H953bOA==,type:str] |
| 2 | sops: | 2 | sops: |
| 3 | kms: [] | 3 | kms: [] |
| 4 | gcp_kms: [] | 4 | gcp_kms: [] |
| 5 | azure_kv: [] | 5 | azure_kv: [] |
| 6 | hc_vault: [] | 6 | hc_vault: [] |
| 7 | lastmodified: '2021-01-02T19:29:40Z' | 7 | lastmodified: '2021-01-18T09:46:15Z' |
| 8 | mac: ENC[AES256_GCM,data:g8wNpsFXiGoENSteWa1w1UkF8LQwnwtoeEHskKhGqAlCFtA1cVdyFSItm8/h1/eqJl/NWXRGU25XpZysCAkJi+uCq4bNGjV+gjqeIT8Dv5teQbVwthoFqkE/s3jew35+f29/xxb5Cro6EihlTrs5Lt3wExv2+NUdim1aeNgR+4Q=,iv:bj/igDT7GPiCjj4BwE7ihM8wR8CbJeXu/s550rc+QEw=,tag:KKt6tWlqxu5C/L/ZYbQL3g==,type:str] | 8 | mac: ENC[AES256_GCM,data:Idvsviv6CGibT+s7TSYUNmYO6gELqahJq33+k8YQhhwDKC6+s3Wqjq3xDkVjPcgq32GQolzmv20s93vQSHVuTKcH9jpXmIlwVZmZFFV7ejuA3QScOqqNNynh1m1ba/eZCGgIZiSlRuv7wqs7wz2uHN9eY3prsDkG1vxpc7UC18g=,iv:S9S/N3vW2TXcNYsc/w+3pDJT+BOQaAw8vgqYwRUtbU4=,tag:jPRXDzy29ewkq/Nzcayfnw==,type:str] |
| 9 | pgp: | 9 | pgp: |
| 10 | - created_at: '2021-01-02T19:29:14Z' | 10 | - created_at: '2021-01-02T19:29:14Z' |
| 11 | enc: | | 11 | enc: | |