From aaf33e220b1412c03b5725abe7cf165c06588fb5 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 7 Jun 2025 13:00:03 +0200 Subject: ... --- hosts/sif/default.nix | 23 ++----- hosts/sif/email/default.nix | 110 ++++++++++++++++++++++++++++++++ hosts/sif/email/relay.crt | 11 ++++ hosts/sif/email/relay.key | 19 ++++++ hosts/sif/email/secrets.yaml | 30 +++++++++ hosts/sif/mail/default.nix | 70 -------------------- hosts/sif/mail/secrets.yaml | 30 --------- hosts/surtr/dns/zones/email.nights.soa | 8 +-- hosts/surtr/dns/zones/li.141.soa | 9 +-- hosts/surtr/dns/zones/li.kleen.soa | 9 +-- hosts/surtr/dns/zones/li.synapse.soa | 2 +- hosts/surtr/dns/zones/org.praseodym.soa | 9 +-- hosts/surtr/email/default.nix | 2 +- 13 files changed, 190 insertions(+), 142 deletions(-) create mode 100644 hosts/sif/email/default.nix create mode 100644 hosts/sif/email/relay.crt create mode 100644 hosts/sif/email/relay.key create mode 100644 hosts/sif/email/secrets.yaml delete mode 100644 hosts/sif/mail/default.nix delete mode 100644 hosts/sif/mail/secrets.yaml diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix index b50cad60..6214569a 100644 --- a/hosts/sif/default.nix +++ b/hosts/sif/default.nix @@ -12,7 +12,7 @@ let in { imports = with flake.nixosModules.systemProfiles; [ ./hw.nix - ./mail ./libvirt ./greetd + ./email ./libvirt ./greetd tmpfs-root bcachefs initrd-all-crypto-modules default-locale openssh rebuild-machines niri-unstable networkmanager flakeInputs.nixos-hardware.nixosModules.lenovo-thinkpad-p1 flakeInputs.impermanence.nixosModules.impermanence @@ -130,6 +130,12 @@ in { useNetworkd = true; }; + environment.etc."NetworkManager/dnsmasq.d/dnssec.conf" = { + text = '' + conf-file=${pkgs.dnsmasq}/share/dnsmasq/trust-anchors.conf + dnssec + ''; + }; environment.etc."NetworkManager/dnsmasq.d/libvirt_dnsmasq.conf" = { text = '' except-interface=virbr0 @@ -372,19 +378,6 @@ in { ]; services = { - uucp = { - enable = true; - nodeName = "sif"; - remoteNodes = { - "ymir" = { - publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG6KNtsCOl5fsZ4rV7udTulGMphJweLBoKapzerWNoLY root@ymir"]; - hostnames = ["ymir.yggdrasil.li" "ymir.niflheim.yggdrasil"]; - }; - }; - - defaultCommands = lib.mkForce []; - }; - avahi.enable = true; fwupd.enable = true; @@ -680,8 +673,6 @@ in { "/var/lib/upower" "/var/lib/postfix" "/etc/NetworkManager/system-connections" - { directory = "/var/uucp"; user = "uucp"; group = "uucp"; mode = "0700"; } - { directory = "/var/spool/uucp"; user = "uucp"; group = "uucp"; mode = "0750"; } ]; files = [ ]; diff --git a/hosts/sif/email/default.nix b/hosts/sif/email/default.nix new file mode 100644 index 00000000..4eda236e --- /dev/null +++ b/hosts/sif/email/default.nix @@ -0,0 +1,110 @@ +{ config, lib, pkgs, ... }: +{ + services.postfix = { + enable = true; + enableSmtp = false; + enableSubmission = false; + setSendmail = true; + networksStyle = "host"; + hostname = "sif.midgard.yggdrasil"; + destination = []; + recipientDelimiter = "+"; + config = { + mydomain = "yggdrasil.li"; + + local_transport = "error:5.1.1 No local delivery"; + alias_database = []; + alias_maps = []; + local_recipient_maps = []; + + inet_interfaces = "loopback-only"; + + message_size_limit = "0"; + + authorized_submit_users = "inline:{ gkleen= }"; + authorized_flush_users = "inline:{ gkleen= }"; + authorized_mailq_users = "inline:{ gkleen= }"; + + smtp_generic_maps = "inline:{ root=root+sif }"; + + mynetworks = ["127.0.0.0/8" "[::1]/128"]; + smtpd_client_restrictions = ["permit_mynetworks" "reject"]; + smtpd_relay_restrictions = ["permit_mynetworks" "reject"]; + + sender_dependent_default_transport_maps = ''regexp:${pkgs.writeText "sender_relay" '' + /@(cip|stud)\.ifi\.(lmu|uni-muenchen)\.de$/ smtp:smtp.ifi.lmu.de + /@ifi\.(lmu|uni-muenchen)\.de$/ smtp:smtpin1.ifi.lmu.de:587 + /@math(ematik)?\.(lmu|uni-muenchen)\.de$/ smtps:smtp.math.lmu.de:465 + /@(campus\.)?lmu\.de$/ smtp:postout.lrz.de + ''}''; + sender_bcc_maps = ''regexp:${pkgs.writeText "sender_bcc" '' + /^uni2work(-[^@]*)?@ifi\.lmu\.de$/ uni2work@ifi.lmu.de + /@ifi\.lmu\.de$/ gregor.kleen@ifi.lmu.de + ''}''; + relayhost = "[surtr.yggdrasil.li]:465"; + default_transport = "relay"; + + smtp_sasl_auth_enable = true; + smtp_sender_dependent_authentication = true; + smtp_sasl_tls_security_options = "noanonymous"; + smtp_sasl_mechanism_filter = ["plain"]; + smtp_sasl_password_maps = "regexp:/run/credentials/postfix.service/sasl_passwd"; + smtp_cname_overrides_servername = false; + smtp_always_send_ehlo = true; + smtp_tls_security_level = "dane"; + + smtp_tls_loglevel = "1"; + smtp_dns_support_level = "dnssec"; + }; + masterConfig = { + submission = { + type = "inet"; + private = false; + command = "smtpd"; + args = [ + "-o" "syslog_name=postfix/$service_name" + ]; + }; + smtp = { }; + smtps = { + type = "unix"; + private = true; + privileged = true; + chroot = false; + command = "smtp"; + args = [ + "-o" "smtp_tls_wrappermode=yes" + "-o" "smtp_tls_security_level=encrypt" + ]; + }; + relay = { + command = "smtp"; + args = [ + "-o" "smtp_fallback_relay=" + "-o" "smtp_tls_security_level=verify" + "-o" "smtp_tls_wrappermode=yes" + "-o" "smtp_tls_cert_file=${./relay.crt}" + "-o" "smtp_tls_key_file=/run/credentials/postfix.service/relay.key" + ]; + }; + }; + }; + + systemd.services.postfix = { + serviceConfig.LoadCredential = [ + "sasl_passwd:${config.sops.secrets."postfix-sasl-passwd".path}" + "relay.key:${config.sops.secrets."relay-key".path}" + ]; + }; + + sops.secrets = { + postfix-sasl-passwd = { + key = "sasl-passwd"; + sopsFile = ./secrets.yaml; + }; + relay-key = { + format = "binary"; + sopsFile = ./relay.key; + }; + }; +} diff --git a/hosts/sif/email/relay.crt b/hosts/sif/email/relay.crt new file mode 100644 index 00000000..ac13e7cb --- /dev/null +++ b/hosts/sif/email/relay.crt @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBjDCCAQygAwIBAgIPQAAAAGgLfNoL/PSMAsutMAUGAytlcTAXMRUwEwYDVQQD +DAx5Z2dkcmFzaWwubGkwHhcNMjUwNDI1MTIwOTQ1WhcNMzUwNDI2MTIxNDQ1WjAR +MQ8wDQYDVQQDDAZna2xlZW4wKjAFBgMrZXADIQB3outi3/3F4YO7Q97WAAaMHW0a +m+Blldrgee+EZnWnD6N1MHMwHwYDVR0jBBgwFoAUTtn+VjMw6Ge1f68KD8dT1CWn +l3YwHQYDVR0OBBYEFFOa4rYZYMbXUVdKv98NB504GUhjMA4GA1UdDwEB/wQEAwID +6DAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAUGAytlcQNzABC0 +0UgIt7gLZrU1TmzGoqPBris8R1DbKOJacicF5CU0MIIjHcX7mPFW8KtB4qm6KcPq +kF6IaEPmgKpX3Nubk8HJik9vhIy9ysfINcVTvzXx8pO1bxbvREJRyA/apj10nzav +yauId0cXHvN6g5RLAMsMAA== +-----END CERTIFICATE----- diff --git a/hosts/sif/email/relay.key b/hosts/sif/email/relay.key new file mode 100644 index 00000000..412a44e0 --- /dev/null +++ b/hosts/sif/email/relay.key @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:lBlTuzOS75pvRmcTKT4KhHMH44RlE2SvCFAUP+GfsXws1Uai7DZ1MmbhvxxCa+pcLW19+sQYxrXLRNZWby1yOeKBJ2UQeYV5LOk9LSL/WIE3FZkCo5Dv0O0gSFKjjb61WN22a4JnHbLWADf/mLT3GZv91XfvFDo=,iv:ho8wQH3UNzX9JPW5gVcUGtxZzdVwsMFus0Z4KYe5t48=,tag:dAgZyHOva2xVVhE1nTl+lg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6eTVRSUdFNUZGZmcxSUlT\nWmlsOGNyWXIzMGNTZjlKbXlhcEdZUXFRVkR3Cll0T0RMd0h2UW16QkR3SHlhYmNZ\nNDFrYXh3Rkp5NWsvcWc3UFJJaHVwT1UKLS0tIHhXVEI0VHBZVkpDQ1FzWENjMmJH\nb1FQWXVUUTBiZ1pKWG00MTNqVEo2SjAKK3VOU+QgRuxWYWEcrJiVMRFCprBICz4F\ngD+9zuPUzPezyJkYwTs+M+wX5GYkXppqm5W58yQLS2UDD38sr+SRjg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1fj65apkhfkrwyv5tx6zcs9nkjg8267fy733qph30sc7zfn7vapjqkd5kne", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzWmJmZDVFazN2bDY1TkNG\nNXpJN2twMFFjZUxMTVdSNzJwQTFiYktrcGdrCjk4eFVHTko0bFVMSlFFWm9tbjMr\nbWNHMEQ1Rm1qUVhodlB1RGw2aDc4TUEKLS0tIERBK0J5NkN4OXJEZ1ZOZXhNc1Jm\naWNnUmZGbTIxdmNkYi9TZ2h2bGs3MVEKPQGaEf7M/5/xvSOfawpIp50fB3QfFSuz\nPgkrPMneaBeUx+uBYMyEFX4rpzLIBR3pnYMjAfoc+bjWaOtGQuEqyQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-04-25T12:14:44Z", + "mac": "ENC[AES256_GCM,data:pObl2bJA93az9E3Ya+hA3ekI8TKKZ9NNTi0KzmWZBOiQwi9FuQYtpnmmT80L1KXWyOKJV6wGdAri3mNe/ue2S0TziSbQ/4+Dj4ubFKgkH7thb5q2dFyxw5FzhYzRQiXFqD/pxcNN9uL0lQI2Al0Eci0zX8Kcd1rAQ6RzLEoSmco=,iv:zo/3QFKTUEDxLy1k5yyU7Z1JMZ7cKdYUc6GHjaTTZKQ=,tag:f63Eja3lBfwJCYAOyEt56g==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/hosts/sif/email/secrets.yaml b/hosts/sif/email/secrets.yaml new file mode 100644 index 00000000..3c74b710 --- /dev/null +++ b/hosts/sif/email/secrets.yaml @@ -0,0 +1,30 @@ +sasl-passwd: ENC[AES256_GCM,data:L5QOQTEOplm9rQ+PuyDUl492ZTgIgZdRXNCNRaPQ4FLU+ha0GO7rjYWAOtvW7/oVdALrkQveSpBolnLG0nayvkjLpPuA6o9brR6bky52QmhOd8cYN9LMOhJcLJTwpUuvDesXkJD1mWA+ifuPnK6elVEfPuOndzMyw8MEvbPl53yCKQ7HOJc2nGvneD5QFkiHB9W9MmrR1gjGqaCSjZ0ahCnxe/Z2SwqccmBR9l60vt683RXMYbKNLDuSgE7HcXbzF9NstfnoSq7b332y/NgYsXvY0w+f6yPhsDuPhUXU+7gIcPb4+1TFOtdZP8uIPm1aLqG2nNKNhMGt23X8dD5Myy0FF6XmbTj43mDzKJahNel7pT91d+Vac5s08UeyUpQSjtrVMYneVTYbHEwiFPAD7S57LF0kZuE1aXIRF35g6XV3GB4rQDsrBsrZzn9vsGS12L2pdtYFVCvt/dLFlmd/GjPpm4JWyNSg,iv:fUEBrr1iby7+hK8ZesW+77HLMW93c6LpCcoJy8pgXUE=,tag:cW8vKVAebnJqo1gNNwDohQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1MVYrR1ZrUXVhYVIvdTdS + OUxoOGhRZ3p2dFhCYkxta1REYy9FWTFEZVNJCjhpQ0VMcWdkWWQ1blZyVVpGWk81 + UVBTZzNKSis2ZVVNdFA4TldvL05oMWcKLS0tIEl0TU8xQUhkTk83dDhzYU5aeCtR + OVcrdFRaeGxZL2kxT3VzUnBtWEI1Y1UK8LwKTus25P/nQrMJG5MOuR/lD2PCgeLC + WYBIbFusX//mwr1nymyWnHXkfXf8uHzpc6rJGFoa+TuOVU3elYB/Pg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1fj65apkhfkrwyv5tx6zcs9nkjg8267fy733qph30sc7zfn7vapjqkd5kne + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcUs2OGp6WWN5cm9IVDdx + TFRpZTJXQjBXeGp3RytPaFdjR3UyVURnYmhZCnh3SDNYR0J1US9vcEhTbmJCNm5r + emJReml2QTNkTC93M0lpYlpNbTc4TGsKLS0tIGZ4YkE4STQ2dmh4akJVcnZOUVhT + MTNrOGxqZmFWSnl0U3lVTnllbEFTN28KKv/W6tk2YlNQV8fotfjSLg1HOs6OdMj4 + GkZ30jQYfwmFYEA8YPn9JXbVNpprXd0d6ufLl/tAQckT6lsqGhwzeg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-02-02T14:45:23Z" + mac: ENC[AES256_GCM,data:UdM/VmdfqhYm1aFCHaO0mbJA/oyV/J2oKVVmGDa0Co3MWq9aWMqP726O+rLk36W0HOG4fmue//R1Q524au2hMW9bZUFzrubfQt2V78tZRZeHCJSRmOmi1D1EDdfPz9J3oWDvIEgIIsAk5H5EuuH0j6FILye6tzcomNGDAKZbwuc=,iv:a7dJAqkcroLp01gkGKV5gm6gTIIMa/9P8qJn44ISrw0=,tag:R9/6X6mgfVSLK7bmoWRnfQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.1 diff --git a/hosts/sif/mail/default.nix b/hosts/sif/mail/default.nix deleted file mode 100644 index 8d6cd705..00000000 --- a/hosts/sif/mail/default.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - services.postfix = { - enable = true; - enableSmtp = true; - enableSubmission = false; - setSendmail = true; - networksStyle = "host"; - hostname = "sif.midgard.yggdrasil"; - destination = []; - relayHost = "uucp:ymir"; - recipientDelimiter = "+"; - masterConfig = { - uucp = { - type = "unix"; - private = true; - privileged = true; - chroot = false; - command = "pipe"; - args = [ "flags=Fqhu" "user=uucp" ''argv=${config.security.wrapperDir}/uux -z -a $sender - $nexthop!rmail ($recipient)'' ]; - }; - smtps = { - type = "unix"; - private = true; - privileged = true; - chroot = false; - command = "smtp"; - args = [ "-o" "smtp_tls_wrappermode=yes" "-o" "smtp_tls_security_level=encrypt" ]; - }; - }; - config = { - default_transport = "uucp:ymir"; - - inet_interfaces = "loopback-only"; - - authorized_submit_users = ["!uucp" "static:anyone"]; - message_size_limit = "0"; - - sender_dependent_default_transport_maps = ''regexp:${pkgs.writeText "sender_relay" '' - /@(cip|stud)\.ifi\.(lmu|uni-muenchen)\.de$/ smtp:smtp.ifi.lmu.de - /@ifi\.(lmu|uni-muenchen)\.de$/ smtp:smtpin1.ifi.lmu.de:587 - /@math(ematik)?\.(lmu|uni-muenchen)\.de$/ smtps:smtp.math.lmu.de:465 - /@(campus\.)?lmu\.de$/ smtp:postout.lrz.de - ''}''; - sender_bcc_maps = ''regexp:${pkgs.writeText "sender_bcc" '' - /^uni2work(-[^@]*)?@ifi\.lmu\.de$/ uni2work@ifi.lmu.de - /@ifi\.lmu\.de$/ gregor.kleen@ifi.lmu.de - ''}''; - - smtp_sasl_auth_enable = true; - smtp_sender_dependent_authentication = true; - smtp_sasl_tls_security_options = "noanonymous"; - smtp_sasl_mechanism_filter = ["plain"]; - smtp_sasl_password_maps = "regexp:/var/db/postfix/sasl_passwd"; - smtp_cname_overrides_servername = false; - smtp_always_send_ehlo = true; - smtp_tls_security_level = "dane"; - - smtp_tls_loglevel = "1"; - smtp_dns_support_level = "dnssec"; - }; - }; - - sops.secrets.postfix-sasl-passwd = { - key = "sasl-passwd"; - path = "/var/db/postfix/sasl_passwd"; - owner = "postfix"; - sopsFile = ./secrets.yaml; - }; -} diff --git a/hosts/sif/mail/secrets.yaml b/hosts/sif/mail/secrets.yaml deleted file mode 100644 index 3c74b710..00000000 --- a/hosts/sif/mail/secrets.yaml +++ /dev/null @@ -1,30 +0,0 @@ -sasl-passwd: ENC[AES256_GCM,data:L5QOQTEOplm9rQ+PuyDUl492ZTgIgZdRXNCNRaPQ4FLU+ha0GO7rjYWAOtvW7/oVdALrkQveSpBolnLG0nayvkjLpPuA6o9brR6bky52QmhOd8cYN9LMOhJcLJTwpUuvDesXkJD1mWA+ifuPnK6elVEfPuOndzMyw8MEvbPl53yCKQ7HOJc2nGvneD5QFkiHB9W9MmrR1gjGqaCSjZ0ahCnxe/Z2SwqccmBR9l60vt683RXMYbKNLDuSgE7HcXbzF9NstfnoSq7b332y/NgYsXvY0w+f6yPhsDuPhUXU+7gIcPb4+1TFOtdZP8uIPm1aLqG2nNKNhMGt23X8dD5Myy0FF6XmbTj43mDzKJahNel7pT91d+Vac5s08UeyUpQSjtrVMYneVTYbHEwiFPAD7S57LF0kZuE1aXIRF35g6XV3GB4rQDsrBsrZzn9vsGS12L2pdtYFVCvt/dLFlmd/GjPpm4JWyNSg,iv:fUEBrr1iby7+hK8ZesW+77HLMW93c6LpCcoJy8pgXUE=,tag:cW8vKVAebnJqo1gNNwDohQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1MVYrR1ZrUXVhYVIvdTdS - OUxoOGhRZ3p2dFhCYkxta1REYy9FWTFEZVNJCjhpQ0VMcWdkWWQ1blZyVVpGWk81 - UVBTZzNKSis2ZVVNdFA4TldvL05oMWcKLS0tIEl0TU8xQUhkTk83dDhzYU5aeCtR - OVcrdFRaeGxZL2kxT3VzUnBtWEI1Y1UK8LwKTus25P/nQrMJG5MOuR/lD2PCgeLC - WYBIbFusX//mwr1nymyWnHXkfXf8uHzpc6rJGFoa+TuOVU3elYB/Pg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1fj65apkhfkrwyv5tx6zcs9nkjg8267fy733qph30sc7zfn7vapjqkd5kne - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcUs2OGp6WWN5cm9IVDdx - TFRpZTJXQjBXeGp3RytPaFdjR3UyVURnYmhZCnh3SDNYR0J1US9vcEhTbmJCNm5r - emJReml2QTNkTC93M0lpYlpNbTc4TGsKLS0tIGZ4YkE4STQ2dmh4akJVcnZOUVhT - MTNrOGxqZmFWSnl0U3lVTnllbEFTN28KKv/W6tk2YlNQV8fotfjSLg1HOs6OdMj4 - GkZ30jQYfwmFYEA8YPn9JXbVNpprXd0d6ufLl/tAQckT6lsqGhwzeg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-02-02T14:45:23Z" - mac: ENC[AES256_GCM,data:UdM/VmdfqhYm1aFCHaO0mbJA/oyV/J2oKVVmGDa0Co3MWq9aWMqP726O+rLk36W0HOG4fmue//R1Q524au2hMW9bZUFzrubfQt2V78tZRZeHCJSRmOmi1D1EDdfPz9J3oWDvIEgIIsAk5H5EuuH0j6FILye6tzcomNGDAKZbwuc=,iv:a7dJAqkcroLp01gkGKV5gm6gTIIMa/9P8qJn44ISrw0=,tag:R9/6X6mgfVSLK7bmoWRnfQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.1 diff --git a/hosts/surtr/dns/zones/email.nights.soa b/hosts/surtr/dns/zones/email.nights.soa index 913a88d4..34209a99 100644 --- a/hosts/surtr/dns/zones/email.nights.soa +++ b/hosts/surtr/dns/zones/email.nights.soa @@ -1,7 +1,7 @@ $ORIGIN nights.email. $TTL 3600 @ IN SOA ns.yggdrasil.li. hostmaster.yggdrasil.li ( - 2023013000 ; serial + 2025060700 ; serial 10800 ; refresh 3600 ; retry 604800 ; expire @@ -27,11 +27,7 @@ $TTL 3600 _acme-challenge IN NS ns.yggdrasil.li. -ymir._domainkey IN TXT ( - "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" - "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" - "7vlsns1FApFRsp9mja0UZNObyKD1M6tP9Ep7lS76tFGMk+WDvXRJH5LEsyCpu7sSyl1r/O0M4K+KldRCqLlZd7rf8F5P8T0dn1azk05g7F4p0N/y9GNdzXbPZ9u0eZdI7SEdh8ZoOZp7NVZiBFfbWLSS5ZtyA2kbBa4i7GJ/cuAbEKOmqAkeQPiu96TGIcyjkXjS6mTPI+9UmKZYZC+OM8XdJ02y5KRoonCc19ZS8CAwEAAQ==" -) +ymir._domainkey IN CNAME ymir._domainkey.yggdrasil.li. _xmpp-client._tcp IN SRV 5 0 5222 ymir.yggdrasil.li. _xmpp-server._tcp IN SRV 5 0 5269 ymir.yggdrasil.li. diff --git a/hosts/surtr/dns/zones/li.141.soa b/hosts/surtr/dns/zones/li.141.soa index ab117f09..78d137bb 100644 --- a/hosts/surtr/dns/zones/li.141.soa +++ b/hosts/surtr/dns/zones/li.141.soa @@ -1,7 +1,7 @@ $ORIGIN 141.li. $TTL 3600 @ IN SOA ns.yggdrasil.li. hostmaster.yggdrasil.li ( - 2025020900 ; serial + 2025060701 ; serial 10800 ; refresh 3600 ; retry 604800 ; expire @@ -45,11 +45,8 @@ ymir IN AAAA 2a03:4000:6:d004:: ymir IN MX 0 ymir.yggdrasil.li ymir IN TXT "v=spf1 redirect=ymir.yggdrasil.li" -ymir._domainkey IN TXT ( - "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" - "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" - "7vlsns1FApFRsp9mja0UZNObyKD1M6tP9Ep7lS76tFGMk+WDvXRJH5LEsyCpu7sSyl1r/O0M4K+KldRCqLlZd7rf8F5P8T0dn1azk05g7F4p0N/y9GNdzXbPZ9u0eZdI7SEdh8ZoOZp7NVZiBFfbWLSS5ZtyA2kbBa4i7GJ/cuAbEKOmqAkeQPiu96TGIcyjkXjS6mTPI+9UmKZYZC+OM8XdJ02y5KRoonCc19ZS8CAwEAAQ==" -) +ymir._domainkey IN CNAME ymir._domainkey.yggdrasil.li. +surtr._domainkey IN CNAME surtr._domainkey.yggdrasil.li. _xmpp-client._tcp IN SRV 5 0 5222 ymir.yggdrasil.li. _xmpp-server._tcp IN SRV 5 0 5269 ymir.yggdrasil.li. diff --git a/hosts/surtr/dns/zones/li.kleen.soa b/hosts/surtr/dns/zones/li.kleen.soa index a1c7d35a..5dd3e697 100644 --- a/hosts/surtr/dns/zones/li.kleen.soa +++ b/hosts/surtr/dns/zones/li.kleen.soa @@ -1,7 +1,7 @@ $ORIGIN kleen.li. $TTL 3600 @ IN SOA ns.yggdrasil.li. hostmaster.yggdrasil.li ( - 2023013000 ; serial + 2025060701 ; serial 10800 ; refresh 3600 ; retry 604800 ; expire @@ -27,11 +27,8 @@ $TTL 3600 _acme-challenge IN NS ns.yggdrasil.li. -ymir._domainkey IN TXT ( - "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" - "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" - "7vlsns1FApFRsp9mja0UZNObyKD1M6tP9Ep7lS76tFGMk+WDvXRJH5LEsyCpu7sSyl1r/O0M4K+KldRCqLlZd7rf8F5P8T0dn1azk05g7F4p0N/y9GNdzXbPZ9u0eZdI7SEdh8ZoOZp7NVZiBFfbWLSS5ZtyA2kbBa4i7GJ/cuAbEKOmqAkeQPiu96TGIcyjkXjS6mTPI+9UmKZYZC+OM8XdJ02y5KRoonCc19ZS8CAwEAAQ==" -) +ymir._domainkey IN CNAME ymir._domainkey.yggdrasil.li. +surtr._domainkey IN CNAME surtr._domainkey.yggdrasil.li. _xmpp-client._tcp IN SRV 5 0 5222 ymir.yggdrasil.li. _xmpp-server._tcp IN SRV 5 0 5269 ymir.yggdrasil.li. diff --git a/hosts/surtr/dns/zones/li.synapse.soa b/hosts/surtr/dns/zones/li.synapse.soa index 086d4a85..247cf025 100644 --- a/hosts/surtr/dns/zones/li.synapse.soa +++ b/hosts/surtr/dns/zones/li.synapse.soa @@ -1,7 +1,7 @@ $ORIGIN synapse.li. $TTL 3600 @ IN SOA ns.yggdrasil.li. hostmaster.yggdrasil.li ( - 2023092100 ; serial + 2025060701 ; serial 10800 ; refresh 3600 ; retry 604800 ; expire diff --git a/hosts/surtr/dns/zones/org.praseodym.soa b/hosts/surtr/dns/zones/org.praseodym.soa index df505b4c..2b97ca19 100644 --- a/hosts/surtr/dns/zones/org.praseodym.soa +++ b/hosts/surtr/dns/zones/org.praseodym.soa @@ -1,7 +1,7 @@ $ORIGIN praseodym.org. $TTL 3600 @ IN SOA ns.yggdrasil.li. hostmaster.yggdrasil.li ( - 2023013000 ; serial + 2025060701 ; serial 10800 ; refresh 3600 ; retry 604800 ; expire @@ -32,11 +32,8 @@ surtr IN AAAA 2a03:4000:52:ada:: surtr IN MX 0 ymir.yggdrasil.li surtr IN TXT "v=spf1 redirect=yggdrasil.li" -ymir._domainkey IN TXT ( - "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" - "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" - "7vlsns1FApFRsp9mja0UZNObyKD1M6tP9Ep7lS76tFGMk+WDvXRJH5LEsyCpu7sSyl1r/O0M4K+KldRCqLlZd7rf8F5P8T0dn1azk05g7F4p0N/y9GNdzXbPZ9u0eZdI7SEdh8ZoOZp7NVZiBFfbWLSS5ZtyA2kbBa4i7GJ/cuAbEKOmqAkeQPiu96TGIcyjkXjS6mTPI+9UmKZYZC+OM8XdJ02y5KRoonCc19ZS8CAwEAAQ==" -) +ymir._domainkey IN CNAME ymir._domainkey.yggdrasil.li. +surtr._domainkey IN CNAME surtr._domainkey.yggdrasil.li. _xmpp-client._tcp IN SRV 5 0 5222 ymir.yggdrasil.li. _xmpp-server._tcp IN SRV 5 0 5269 ymir.yggdrasil.li. diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix index 0a42b808..87c42fbd 100644 --- a/hosts/surtr/email/default.nix +++ b/hosts/surtr/email/default.nix @@ -392,7 +392,7 @@ in { enable = true; user = "postfix"; group = "postfix"; socket = "local:/run/opendkim/opendkim.sock"; - domains = ''csl:${concatStringsSep "," (["surtr.yggdrasil.li"] ++ emailDomains)}''; + domains = ''csl:${concatStringsSep "," (["surtr.yggdrasil.li" "yggdrasil.li" "141.li" "kleen.li" "synapse.li" "praseodym.org"] ++ emailDomains)}''; selector = "surtr"; configFile = builtins.toFile "opendkim.conf" '' Syslog true -- cgit v1.2.3