From c66c893ef54d8aa48d02d95b945f923d51c16b13 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sun, 24 Jan 2021 15:16:31 +0100 Subject: bump --- hosts/sif/default.nix | 2 +- hosts/sif/mail/default.nix | 10 +++++----- hosts/sif/mail/secrets.yaml | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) (limited to 'hosts') diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix index b54b6caf..29a91445 100644 --- a/hosts/sif/default.nix +++ b/hosts/sif/default.nix @@ -20,7 +20,7 @@ nvm0.device = "/dev/disk/by-uuid/fe641e81-0812-4181-a5f6-382ebba509bb"; nvm1.device = "/dev/disk/by-uuid/43df1ba8-1728-4193-8855-920a82d4494a"; }; - availableKernelModules = [ "drbg" "nvme" "fbcon" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + availableKernelModules = [ "drbg" "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" ]; }; diff --git a/hosts/sif/mail/default.nix b/hosts/sif/mail/default.nix index 2addba9d..29bfb4f1 100644 --- a/hosts/sif/mail/default.nix +++ b/hosts/sif/mail/default.nix @@ -38,23 +38,23 @@ /@ifi\.(lmu|uni-muenchen)\.de$/ smtp:smtpin1.ifi.lmu.de:587 /@(campus\.)?lmu\.de$/ smtp:postout.lrz.de ''}''; - sender_bcc_maps = ''texthash:${pkgs.writeText "sender_bcc" '' - uni2work@ifi.lmu.de uni2work@ifi.lmu.de - @ifi.lmu.de gregor.kleen@ifi.lmu.de + sender_bcc_maps = ''regexp:${pkgs.writeText "sender_bcc" '' + /^uni2work(-[^@]*)?@ifi\.lmu\.de$/ uni2work@ifi.lmu.de + /@ifi\.lmu\.de$/ gregor.kleen@ifi.lmu.de ''}''; smtp_sasl_auth_enable = true; smtp_sender_dependent_authentication = true; smtp_sasl_tls_security_options = "noanonymous"; smtp_sasl_mechanism_filter = ["plain"]; - smtp_sasl_password_maps = "texthash:/var/db/postfix/sasl_passwd"; + smtp_sasl_password_maps = "regexp:/var/db/postfix/sasl_passwd"; smtp_cname_overrides_servername = false; smtp_always_send_ehlo = true; + smtp_tls_security_level = "dane"; smtp_tls_loglevel = "1"; smtp_dns_support_level = "dnssec"; }; - useDane = true; }; sops.secrets.postfix-sasl-passwd = { diff --git a/hosts/sif/mail/secrets.yaml b/hosts/sif/mail/secrets.yaml index 00422f82..06a2ad40 100644 --- a/hosts/sif/mail/secrets.yaml +++ b/hosts/sif/mail/secrets.yaml @@ -1,11 +1,11 @@ -sasl-passwd: ENC[AES256_GCM,data:RDZHUgQJHH7IzJD5j+LOuQb4OuPopUEa6CwDRoD/FqoHFW/YKarF3Hxxu4HKA5GDf3SRrFOcPBXmf+0f1CucUQwJQh4nY4fmDVqrH0UXRowuAkIhYpt0sLXlzrOzSeZz788A9xK4AGPzEOx1va7GOqJIaPJ+pyyzazQsSgCJaFkUMriCfKbZ0zhRCr0pk2RPLOLKGuo2mDFf5c3EZYAn7vEzhZj+B3XbNWotV/JXTX7JPK6GPcsX2RMKEYBdmxZzrMCTTFU23W1DbiDJ01mxJh3ckIX+KTmaWNoVg4Tong1vBe2wxKchXajmykwFLJFR1Kj5wv4uAxy2qNvKtQIF/LJosG6LXcdk5QDQBXUINqswupBdV8lt08mk53JHLJPXcV8RpEHT3NUL,iv:2u203xTmUEfWIJDB2ZkOKzhYQrV4TGT7rfOd0md+VOw=,tag:RJ/iLbbq8B8dMmXGWjok/g==,type:str] +sasl-passwd: ENC[AES256_GCM,data:S81uICROGm/E0TC3xJyPXbVLjOO+PsRyJBoWINFZGzeh8F0nXx1ewiiSXtNl9trTbxlSgf5jnBvtbyd75N0OcyqBf0db5tJtvU42DO5I4qFo4R67FzpKzKWMF4AJuFGP1aKkPsPIc41WTfLemKCfbEhVfQj9qEFLR9TC8iqzSZa0bztCuLoKi0vrAO/4JZnzUe3n7FXy+ER6oYK9JoKwaXc9KYdwQC3QYCby2iSq+GvRs7FL4x6/Zr8FzVCXHYMaW/Qg9dCn/g2NnEnOsH0pEASuKRPJKh8x5dtQg9v3jRK6NIDjEkXeuBnSOaeQiAcYc784foIlI7Q=,iv:zCsYZtU51zJR9XqaCvMtc5aGZwSccIrPzhznubEoEjo=,tag:0/v4Cp/0xLrfEX7H953bOA==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] - lastmodified: '2021-01-02T19:29:40Z' - mac: ENC[AES256_GCM,data:g8wNpsFXiGoENSteWa1w1UkF8LQwnwtoeEHskKhGqAlCFtA1cVdyFSItm8/h1/eqJl/NWXRGU25XpZysCAkJi+uCq4bNGjV+gjqeIT8Dv5teQbVwthoFqkE/s3jew35+f29/xxb5Cro6EihlTrs5Lt3wExv2+NUdim1aeNgR+4Q=,iv:bj/igDT7GPiCjj4BwE7ihM8wR8CbJeXu/s550rc+QEw=,tag:KKt6tWlqxu5C/L/ZYbQL3g==,type:str] + lastmodified: '2021-01-18T09:46:15Z' + mac: ENC[AES256_GCM,data:Idvsviv6CGibT+s7TSYUNmYO6gELqahJq33+k8YQhhwDKC6+s3Wqjq3xDkVjPcgq32GQolzmv20s93vQSHVuTKcH9jpXmIlwVZmZFFV7ejuA3QScOqqNNynh1m1ba/eZCGgIZiSlRuv7wqs7wz2uHN9eY3prsDkG1vxpc7UC18g=,iv:S9S/N3vW2TXcNYsc/w+3pDJT+BOQaAw8vgqYwRUtbU4=,tag:jPRXDzy29ewkq/Nzcayfnw==,type:str] pgp: - created_at: '2021-01-02T19:29:14Z' enc: | -- cgit v1.2.3