summaryrefslogtreecommitdiff
path: root/hosts/surtr
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/surtr')
-rw-r--r--hosts/surtr/email/default.nix14
-rw-r--r--hosts/surtr/vpn/default.nix8
-rw-r--r--hosts/surtr/vpn/geri.pub2
3 files changed, 12 insertions, 12 deletions
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index 13b33c7f..4666d1d6 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -215,7 +215,7 @@ in {
215 smtpd_client_event_limit_exceptions = ""; 215 smtpd_client_event_limit_exceptions = "";
216 216
217 milter_default_action = "accept"; 217 milter_default_action = "accept";
218 smtpd_milters = [config.services.opendkim.socket "local:/run/rspamd/rspamd-milter.sock"]; 218 smtpd_milters = [config.services.opendkim.socket "local:/run/rspamd/rspamd-milter.sock" "local:/run/postsrsd/postsrsd-milter.sock"];
219 non_smtpd_milters = [config.services.opendkim.socket "local:/run/rspamd/rspamd-milter.sock"]; 219 non_smtpd_milters = [config.services.opendkim.socket "local:/run/rspamd/rspamd-milter.sock"];
220 220
221 alias_maps = ""; 221 alias_maps = "";
@@ -237,11 +237,6 @@ in {
237 ::/0 silent-discard, dsn 237 ::/0 silent-discard, dsn
238 ''}"; 238 ''}";
239 239
240 sender_canonical_maps = "tcp:localhost:${toString config.services.postsrsd.forwardPort}";
241 sender_canonical_classes = "envelope_sender";
242 recipient_canonical_maps = "tcp:localhost:${toString config.services.postsrsd.reversePort}";
243 recipient_canonical_classes = ["envelope_recipient" "header_recipient"];
244
245 virtual_mailbox_domains = ''pgsql:${pkgs.writeText "virtual_mailbox_domains.cf" '' 240 virtual_mailbox_domains = ''pgsql:${pkgs.writeText "virtual_mailbox_domains.cf" ''
246 hosts = postgresql:///email 241 hosts = postgresql:///email
247 dbname = email 242 dbname = email
@@ -366,10 +361,11 @@ in {
366 361
367 services.postsrsd = { 362 services.postsrsd = {
368 enable = true; 363 enable = true;
369 domain = "surtr.yggdrasil.li"; 364 domains = [ "surtr.yggdrasil.li" ] ++ concatMap (domain: [".${domain}" domain]) emailDomains;
370 separator = "+"; 365 separator = "+";
371 excludeDomains = [ "surtr.yggdrasil.li" 366 extraConfig = ''
372 ] ++ concatMap (domain: [".${domain}" domain]) emailDomains; 367 milter = unix:/run/postsrsd/postsrsd-milter.sock
368 '';
373 }; 369 };
374 370
375 services.opendkim = { 371 services.opendkim = {
diff --git a/hosts/surtr/vpn/default.nix b/hosts/surtr/vpn/default.nix
index 1bdcf74e..92223144 100644
--- a/hosts/surtr/vpn/default.nix
+++ b/hosts/surtr/vpn/default.nix
@@ -1,4 +1,4 @@
1{ pkgs, config, lib, ... }: 1{ flake, pkgs, config, lib, ... }:
2 2
3with lib; 3with lib;
4 4
@@ -22,7 +22,11 @@ in {
22 "--load-credential=surtr.priv:/run/credentials/container@vpn.service/surtr.priv" 22 "--load-credential=surtr.priv:/run/credentials/container@vpn.service/surtr.priv"
23 "--network-ipvlan=ens3:upstream" 23 "--network-ipvlan=ens3:upstream"
24 ]; 24 ];
25 config = { 25 config = let hostConfig = config; in { config, pkgs, ... }: {
26 system.stateVersion = lib.mkIf hostConfig.containers."vpn".ephemeral config.system.nixos.release;
27 system.configurationRevision = mkIf (flake ? rev) flake.rev;
28 nixpkgs.pkgs = hostConfig.nixpkgs.pkgs;
29
26 boot.kernel.sysctl = { 30 boot.kernel.sysctl = {
27 "net.core.rmem_max" = 4194304; 31 "net.core.rmem_max" = 4194304;
28 "net.core.wmem_max" = 4194304; 32 "net.core.wmem_max" = 4194304;
diff --git a/hosts/surtr/vpn/geri.pub b/hosts/surtr/vpn/geri.pub
index ed5de2b2..2cd9b24e 100644
--- a/hosts/surtr/vpn/geri.pub
+++ b/hosts/surtr/vpn/geri.pub
@@ -1 +1 @@
sYuQSNZHzfegv8HRz71jnZm2nFLGeRnaGwVonhKUj2k= hhER05bvstOTGfiAG3IJsFkBNWCUZHokBXwaiC5d534=
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-26 21:45:30 +0000