summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--flake.lock18
-rw-r--r--hosts/sif/default.nix2
-rw-r--r--hosts/sif/mail/default.nix10
-rw-r--r--hosts/sif/mail/secrets.yaml6
4 files changed, 18 insertions, 18 deletions
diff --git a/flake.lock b/flake.lock
index d9afa42f..7409e3ec 100644
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
7 ] 7 ]
8 }, 8 },
9 "locked": { 9 "locked": {
10 "lastModified": 1609269962, 10 "lastModified": 1610791052,
11 "narHash": "sha256-YvkJhcBBls39JFZzh/S3oRKyDFAgy2KoW5AzJ+MvNgQ=", 11 "narHash": "sha256-2sqrLo1O0OmutNyPZTg5lXDNPDgjcrlvAkQbo7pFUUY=",
12 "owner": "nix-community", 12 "owner": "nix-community",
13 "repo": "home-manager", 13 "repo": "home-manager",
14 "rev": "8e0c1c55fbb7f16f9fd313275ddf63c97b34394c", 14 "rev": "8127799f79ee96129b295d78294f40a54078131f",
15 "type": "github" 15 "type": "github"
16 }, 16 },
17 "original": { 17 "original": {
@@ -23,11 +23,11 @@
23 }, 23 },
24 "nixpkgs": { 24 "nixpkgs": {
25 "locked": { 25 "locked": {
26 "lastModified": 1609337906, 26 "lastModified": 1610924950,
27 "narHash": "sha256-xj027twGqdK/xRzxlnM8icyUUF4GANlBevHqLYhqb7w=", 27 "narHash": "sha256-SdAb9TXIyPmMUJIUVxDJovO+Gl+TlZ9Z4GmzoQFq5aI=",
28 "owner": "NixOS", 28 "owner": "NixOS",
29 "repo": "nixpkgs", 29 "repo": "nixpkgs",
30 "rev": "58f3c19b78594e1839abf702fa73ddf9d7a96437", 30 "rev": "822e677f0a0b05b1cc6c349e14a57fcbb86afbfa",
31 "type": "github" 31 "type": "github"
32 }, 32 },
33 "original": { 33 "original": {
@@ -51,11 +51,11 @@
51 ] 51 ]
52 }, 52 },
53 "locked": { 53 "locked": {
54 "lastModified": 1609306567, 54 "lastModified": 1610083436,
55 "narHash": "sha256-CPVjO4tdmhHW7sOTbo8i9JN7HlNhakwpUi3u3+V6gnY=", 55 "narHash": "sha256-Hw7AitbnNq5XqDl6OKqqzB4xz7UqQqrA69BMsCu4Doo=",
56 "owner": "Mic92", 56 "owner": "Mic92",
57 "repo": "sops-nix", 57 "repo": "sops-nix",
58 "rev": "da343afab9aace88875f24bfb2d90e3d9afaafc4", 58 "rev": "4a7bf1c67c987ea65806d0e21e15c747102caaac",
59 "type": "github" 59 "type": "github"
60 }, 60 },
61 "original": { 61 "original": {
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
index b54b6caf..29a91445 100644
--- a/hosts/sif/default.nix
+++ b/hosts/sif/default.nix
@@ -20,7 +20,7 @@
20 nvm0.device = "/dev/disk/by-uuid/fe641e81-0812-4181-a5f6-382ebba509bb"; 20 nvm0.device = "/dev/disk/by-uuid/fe641e81-0812-4181-a5f6-382ebba509bb";
21 nvm1.device = "/dev/disk/by-uuid/43df1ba8-1728-4193-8855-920a82d4494a"; 21 nvm1.device = "/dev/disk/by-uuid/43df1ba8-1728-4193-8855-920a82d4494a";
22 }; 22 };
23 availableKernelModules = [ "drbg" "nvme" "fbcon" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; 23 availableKernelModules = [ "drbg" "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
24 kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" ]; 24 kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" ];
25 }; 25 };
26 26
diff --git a/hosts/sif/mail/default.nix b/hosts/sif/mail/default.nix
index 2addba9d..29bfb4f1 100644
--- a/hosts/sif/mail/default.nix
+++ b/hosts/sif/mail/default.nix
@@ -38,23 +38,23 @@
38 /@ifi\.(lmu|uni-muenchen)\.de$/ smtp:smtpin1.ifi.lmu.de:587 38 /@ifi\.(lmu|uni-muenchen)\.de$/ smtp:smtpin1.ifi.lmu.de:587
39 /@(campus\.)?lmu\.de$/ smtp:postout.lrz.de 39 /@(campus\.)?lmu\.de$/ smtp:postout.lrz.de
40 ''}''; 40 ''}'';
41 sender_bcc_maps = ''texthash:${pkgs.writeText "sender_bcc" '' 41 sender_bcc_maps = ''regexp:${pkgs.writeText "sender_bcc" ''
42 uni2work@ifi.lmu.de uni2work@ifi.lmu.de 42 /^uni2work(-[^@]*)?@ifi\.lmu\.de$/ uni2work@ifi.lmu.de
43 @ifi.lmu.de gregor.kleen@ifi.lmu.de 43 /@ifi\.lmu\.de$/ gregor.kleen@ifi.lmu.de
44 ''}''; 44 ''}'';
45 45
46 smtp_sasl_auth_enable = true; 46 smtp_sasl_auth_enable = true;
47 smtp_sender_dependent_authentication = true; 47 smtp_sender_dependent_authentication = true;
48 smtp_sasl_tls_security_options = "noanonymous"; 48 smtp_sasl_tls_security_options = "noanonymous";
49 smtp_sasl_mechanism_filter = ["plain"]; 49 smtp_sasl_mechanism_filter = ["plain"];
50 smtp_sasl_password_maps = "texthash:/var/db/postfix/sasl_passwd"; 50 smtp_sasl_password_maps = "regexp:/var/db/postfix/sasl_passwd";
51 smtp_cname_overrides_servername = false; 51 smtp_cname_overrides_servername = false;
52 smtp_always_send_ehlo = true; 52 smtp_always_send_ehlo = true;
53 smtp_tls_security_level = "dane";
53 54
54 smtp_tls_loglevel = "1"; 55 smtp_tls_loglevel = "1";
55 smtp_dns_support_level = "dnssec"; 56 smtp_dns_support_level = "dnssec";
56 }; 57 };
57 useDane = true;
58 }; 58 };
59 59
60 sops.secrets.postfix-sasl-passwd = { 60 sops.secrets.postfix-sasl-passwd = {
diff --git a/hosts/sif/mail/secrets.yaml b/hosts/sif/mail/secrets.yaml
index 00422f82..06a2ad40 100644
--- a/hosts/sif/mail/secrets.yaml
+++ b/hosts/sif/mail/secrets.yaml
@@ -1,11 +1,11 @@
1sasl-passwd: ENC[AES256_GCM,data:RDZHUgQJHH7IzJD5j+LOuQb4OuPopUEa6CwDRoD/FqoHFW/YKarF3Hxxu4HKA5GDf3SRrFOcPBXmf+0f1CucUQwJQh4nY4fmDVqrH0UXRowuAkIhYpt0sLXlzrOzSeZz788A9xK4AGPzEOx1va7GOqJIaPJ+pyyzazQsSgCJaFkUMriCfKbZ0zhRCr0pk2RPLOLKGuo2mDFf5c3EZYAn7vEzhZj+B3XbNWotV/JXTX7JPK6GPcsX2RMKEYBdmxZzrMCTTFU23W1DbiDJ01mxJh3ckIX+KTmaWNoVg4Tong1vBe2wxKchXajmykwFLJFR1Kj5wv4uAxy2qNvKtQIF/LJosG6LXcdk5QDQBXUINqswupBdV8lt08mk53JHLJPXcV8RpEHT3NUL,iv:2u203xTmUEfWIJDB2ZkOKzhYQrV4TGT7rfOd0md+VOw=,tag:RJ/iLbbq8B8dMmXGWjok/g==,type:str] 1sasl-passwd: ENC[AES256_GCM,data:S81uICROGm/E0TC3xJyPXbVLjOO+PsRyJBoWINFZGzeh8F0nXx1ewiiSXtNl9trTbxlSgf5jnBvtbyd75N0OcyqBf0db5tJtvU42DO5I4qFo4R67FzpKzKWMF4AJuFGP1aKkPsPIc41WTfLemKCfbEhVfQj9qEFLR9TC8iqzSZa0bztCuLoKi0vrAO/4JZnzUe3n7FXy+ER6oYK9JoKwaXc9KYdwQC3QYCby2iSq+GvRs7FL4x6/Zr8FzVCXHYMaW/Qg9dCn/g2NnEnOsH0pEASuKRPJKh8x5dtQg9v3jRK6NIDjEkXeuBnSOaeQiAcYc784foIlI7Q=,iv:zCsYZtU51zJR9XqaCvMtc5aGZwSccIrPzhznubEoEjo=,tag:0/v4Cp/0xLrfEX7H953bOA==,type:str]
2sops: 2sops:
3 kms: [] 3 kms: []
4 gcp_kms: [] 4 gcp_kms: []
5 azure_kv: [] 5 azure_kv: []
6 hc_vault: [] 6 hc_vault: []
7 lastmodified: '2021-01-02T19:29:40Z' 7 lastmodified: '2021-01-18T09:46:15Z'
8 mac: ENC[AES256_GCM,data:g8wNpsFXiGoENSteWa1w1UkF8LQwnwtoeEHskKhGqAlCFtA1cVdyFSItm8/h1/eqJl/NWXRGU25XpZysCAkJi+uCq4bNGjV+gjqeIT8Dv5teQbVwthoFqkE/s3jew35+f29/xxb5Cro6EihlTrs5Lt3wExv2+NUdim1aeNgR+4Q=,iv:bj/igDT7GPiCjj4BwE7ihM8wR8CbJeXu/s550rc+QEw=,tag:KKt6tWlqxu5C/L/ZYbQL3g==,type:str] 8 mac: ENC[AES256_GCM,data:Idvsviv6CGibT+s7TSYUNmYO6gELqahJq33+k8YQhhwDKC6+s3Wqjq3xDkVjPcgq32GQolzmv20s93vQSHVuTKcH9jpXmIlwVZmZFFV7ejuA3QScOqqNNynh1m1ba/eZCGgIZiSlRuv7wqs7wz2uHN9eY3prsDkG1vxpc7UC18g=,iv:S9S/N3vW2TXcNYsc/w+3pDJT+BOQaAw8vgqYwRUtbU4=,tag:jPRXDzy29ewkq/Nzcayfnw==,type:str]
9 pgp: 9 pgp:
10 - created_at: '2021-01-02T19:29:14Z' 10 - created_at: '2021-01-02T19:29:14Z'
11 enc: | 11 enc: |