From 869b3c9c0bc1ad38f51f5468a14891e9b0343d6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charlotte=20=F0=9F=A6=9D=20Delenk?= Date: Thu, 20 Jan 2022 09:57:32 +0100 Subject: [PATCH] add postfixadmin --- config/services/postfixadmin.nix | 36 +++++++++++++++++++++++++++ secrets/nixos-8gb-fsn1-1/secrets.yaml | 7 ++++-- 2 files changed, 41 insertions(+), 2 deletions(-) create mode 100644 config/services/postfixadmin.nix diff --git a/config/services/postfixadmin.nix b/config/services/postfixadmin.nix new file mode 100644 index 00000000..9234e072 --- /dev/null +++ b/config/services/postfixadmin.nix @@ -0,0 +1,36 @@ +{ ... }: { + services.postfixadmin = { + enable = true; + adminEmail = "lotte@chir.rs"; + database = { + dbname = "postfix"; + host = "localhost"; + passwordFile = "/run/secrets/services/postfixadmin/dbpassword"; + username = "postfixadmin"; + }; + hostName = "mail.chir.rs"; + setupPasswordFile = "/run/secrets/services/postfixadmin/setupPassword"; + }; + sops.secrets."services/postfixadmin/dbpassword" = { + owner = "nginx"; + }; + sops.secrets."services/postfixadmin/setupPassword" = { + owner = "nginx"; + }; + services.postgresql.ensureDatabases = [ "postfix" ]; + services.postgresql.ensureUsers = [ + { + name = "postfixadmin"; + ensurePermissions = { + "DATABASE \"postfix\"" = "ALL PRIVILEGES"; + }; + } + ]; + services.nginx.virtualHosts."mail.chir.rs" = { + forceSSL = true; + http2 = true; + listenAddresses = [ "0.0.0.0" "[::]" ]; + sslCertificate = "/var/lib/acme/chir.rs/cert.pem"; + sslCertificateKey = "/var/lib/acme/chir.rs/key.pem"; + }; +} diff --git a/secrets/nixos-8gb-fsn1-1/secrets.yaml b/secrets/nixos-8gb-fsn1-1/secrets.yaml index 6b8a18a6..cafcd040 100644 --- a/secrets/nixos-8gb-fsn1-1/secrets.yaml +++ b/secrets/nixos-8gb-fsn1-1/secrets.yaml @@ -13,6 +13,9 @@ services: gitea.nix: ENC[AES256_GCM,data:8Re9/GdZ7d/PV11nT0CLzqFj3SaJ6bu12VV14AAY+G446liX1w6nCB5L33w7SXLxnbIQV/x6LTAn+YZ5hNxLdHHxaPYF60L+HvmSNee6Jz6bGjMphGaAB1e+smNTqV5AU+FUqnL9wpr6y3wE+gm00I52HJQ44Mx2CVXPvB2NYpbJo7CrHQ9NdW67C+Ub5eoxwcl6FxLKst9dZ6+FwAmzkhrAuog9u7TnboX7Bx6sEn8Kl6XM/0mIG6L6,iv:sk2fZ+uOrSzXtuDO+n3ozNesEg1S8DC2bRqnqudufz0=,tag:H3cKnTLDqb4rHoYfCV+6eg==,type:str] minio_scrape: ENC[AES256_GCM,data:w+VescGVui8/70HsSP/WCQG/E9fU0X45BXF2qwPNE2vnYM9XyCreHezX218Vb5qDOU3vRl71CJGVH4nv28nBgWvtu017ITfh56CX9dZt7tFAUx198WqXxW1Xc+D9NggWHXUFyAD80+dkzoPH2mUrdhBYeXwlhwyp9+DLF0Up00kdLsjDtSHpDiKKoIvzk3m0K00GZkMtOOENpomAoqtUduUupYRmL1GaHBMJ+XcuLuyvfSI3uSK9BzFxIfNPcJdrP2F28g==,iv:xe7BrC5mLz48efufLup5v0x/aI0kaqXNQ07l4G6kUdg=,tag:yepSZfc3034JaYo2pp15CA==,type:str] old-homepage: ENC[AES256_GCM,data:DgOLD0YCRXsRSvrjQ/pK4RpYdzcO/j2Ifg4eYXFivrEVVj5ooPKeeeJAMX+L+XOjjNmHo5r8o0AvBnvJ4TeGto3VOQynkxw5apvkedR5ecC654Sz5+bRGr2bgtVzujiLH7+IiB3ljH9KYflYASvfmumowmR8R6074GNGKZlH2F7UYDKDdbd48p4pOFWP3Lv5/1iDvJ7Ve3hVASZqiUlS4elMa+8T0HYKkJyxWb76AT+t0M54ps6xgqDYbjrmbO2+UK95Z8DanOk06tk1t30=,iv:2/KdwQ86SO/LFeHTGNDVY+d4ZQnujK7OGuBuGEwkCbU=,tag:7yOVg0V29aGMTT8O5422kw==,type:str] + postfixadmin: + dbpassword: ENC[AES256_GCM,data:37kEiKKgJVRIzzWXY3o/Wpk5UQ==,iv:LAJXgMr/rTMkds1r1kEWzhwNb6aPzsAhqUEeoLyBDbo=,tag:TI7oYxdpNzw2dXA4hLmVnQ==,type:str] + setupPassword: ENC[AES256_GCM,data:2BiQLOZZ6zCh4F+DkeNpMGLeXoxmMtDkuAU4XGBNvso+f4jupowalLkhTG/kA8yUL6BWOxwtJGMEp5wO,iv:0guj3/elSzoOe/00wgi5Z4R4lVfWeWt8mUDao3RXK6I=,tag:1lFUqfeSGV04mfxaVrmSMg==,type:str] email: darkkirb@darkkirb.de: ENC[AES256_GCM,data:DgVyvDHsviJuGqM+YP4jjytnzJE=,iv:KhEJz2+Nl9sxjRe0FmHOXi64QtsxDZhagnYt08sqU4E=,tag:vrhBg9qWBiSLPop/5jyIwA==,type:str] lotte@chir.rs: ENC[AES256_GCM,data:bkzYVXizG/inJ/MS57G2pEiUkA==,iv:jviAx1B83wPhc128msfSs7oYwRQH+j7PU0aAmNbwi88=,tag:ylYl5k9R5BdLGAXOXVeLZg==,type:str] @@ -41,8 +44,8 @@ sops: Ync4ejJHR0RXTkpqVzFRQXhEVlFVZjgKPo209jJf8Lwn1j3VmLC+j0633zdbt2yf bPwO7dlKYGbGeGObprNtBXBS2cUXHeuQ45vRpTtg1cpxYK+TfNH8vQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-01-19T13:37:49Z" - mac: ENC[AES256_GCM,data:yHvblUegvh9UvFYLC1PNmFWgKiXPKdJs15N0YYcCoV9IfzCBs2LgwyIFixU8aw5wU59QbuMKMD9rQ232XX++mFVENrO1GLSq0okitWD43IIpOk1o7PjCXmjiVR2L883wunCiQxPd8MJYLHI78IQQkQtagZAwZ8tUn+/8B1irfuY=,iv:xGECnQTuUj5oDJgTtcmbf1CAVdtkhGg+y4unIPgdbUc=,tag:DTegWEqMMlpZMNaDY0wNww==,type:str] + lastmodified: "2022-01-20T08:56:25Z" + mac: ENC[AES256_GCM,data:o7Ssj3mTwoYQN4TeveWxqn9oP/d7ZBw0I/KRfthhFv0ry+avBuIAr4ocgSKC6oCwnp3rNCr3pEsN+wN4kpidQ213ytvP8tSegn936i8WiU2ozD/jBHlRtRQg1abDau8rOps6W65dMBrqoGUDRVdrIsfp63K3myT8pv74u9dkYew=,iv:LU3chaUBP6FOhdR0Ua3YF+OsyEb2utmlnGxacZIcqc4=,tag:WgWXaduAXEbXj3czGHM+CA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.1