From 43c9825e49d25fbd2c19abcdeb8f73aee8be2a4c Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Wed, 14 May 2025 10:50:27 +0200
Subject: ...

---
 hosts/surtr/email/default.nix | 14 +++++---------
 hosts/surtr/vpn/default.nix   |  8 ++++++--
 hosts/surtr/vpn/geri.pub      |  2 +-
 3 files changed, 12 insertions(+), 12 deletions(-)

(limited to 'hosts/surtr')

diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index 13b33c7f..4666d1d6 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -215,7 +215,7 @@ in {
         smtpd_client_event_limit_exceptions = "";
 
         milter_default_action = "accept";
-        smtpd_milters = [config.services.opendkim.socket "local:/run/rspamd/rspamd-milter.sock"];
+        smtpd_milters = [config.services.opendkim.socket "local:/run/rspamd/rspamd-milter.sock" "local:/run/postsrsd/postsrsd-milter.sock"];
         non_smtpd_milters = [config.services.opendkim.socket "local:/run/rspamd/rspamd-milter.sock"];
 
         alias_maps = "";
@@ -237,11 +237,6 @@ in {
           ::/0                silent-discard, dsn
         ''}";
 
-        sender_canonical_maps = "tcp:localhost:${toString config.services.postsrsd.forwardPort}";
-        sender_canonical_classes = "envelope_sender";
-        recipient_canonical_maps = "tcp:localhost:${toString config.services.postsrsd.reversePort}";
-        recipient_canonical_classes = ["envelope_recipient" "header_recipient"];
-
         virtual_mailbox_domains = ''pgsql:${pkgs.writeText "virtual_mailbox_domains.cf" ''
           hosts = postgresql:///email
           dbname = email
@@ -366,10 +361,11 @@ in {
 
     services.postsrsd = {
       enable = true;
-      domain = "surtr.yggdrasil.li";
+      domains = [ "surtr.yggdrasil.li" ] ++ concatMap (domain: [".${domain}" domain]) emailDomains;
       separator = "+";
-      excludeDomains = [ "surtr.yggdrasil.li"
-                       ] ++ concatMap (domain: [".${domain}" domain]) emailDomains;
+      extraConfig = ''
+        milter = unix:/run/postsrsd/postsrsd-milter.sock
+      '';
     };
 
     services.opendkim = {
diff --git a/hosts/surtr/vpn/default.nix b/hosts/surtr/vpn/default.nix
index 1bdcf74e..92223144 100644
--- a/hosts/surtr/vpn/default.nix
+++ b/hosts/surtr/vpn/default.nix
@@ -1,4 +1,4 @@
-{ pkgs, config, lib, ... }:
+{ flake, pkgs, config, lib, ... }:
 
 with lib;
 
@@ -22,7 +22,11 @@ in {
         "--load-credential=surtr.priv:/run/credentials/container@vpn.service/surtr.priv"
         "--network-ipvlan=ens3:upstream"
       ];
-      config = {
+      config = let hostConfig = config; in { config, pkgs, ... }: {
+        system.stateVersion = lib.mkIf hostConfig.containers."vpn".ephemeral config.system.nixos.release;
+        system.configurationRevision = mkIf (flake ? rev) flake.rev;
+        nixpkgs.pkgs = hostConfig.nixpkgs.pkgs;
+
         boot.kernel.sysctl = {
           "net.core.rmem_max" = 4194304;
           "net.core.wmem_max" = 4194304;
diff --git a/hosts/surtr/vpn/geri.pub b/hosts/surtr/vpn/geri.pub
index ed5de2b2..2cd9b24e 100644
--- a/hosts/surtr/vpn/geri.pub
+++ b/hosts/surtr/vpn/geri.pub
@@ -1 +1 @@
-sYuQSNZHzfegv8HRz71jnZm2nFLGeRnaGwVonhKUj2k=
+hhER05bvstOTGfiAG3IJsFkBNWCUZHokBXwaiC5d534=
-- 
cgit v1.2.3