diff --git a/config/nas.nix b/config/nas.nix index 6ca7ba66..4bc31575 100644 --- a/config/nas.nix +++ b/config/nas.nix @@ -19,7 +19,6 @@ nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-pc-hdd ./services/hostapd.nix - ./services/rspamd.nix ./services/synapse.nix ./services/mautrix-discord.nix ./services/mautrix-telegram.nix diff --git a/config/nixos-8gb-fsn1-1.nix b/config/nixos-8gb-fsn1-1.nix index ae088c6b..82afb31a 100644 --- a/config/nixos-8gb-fsn1-1.nix +++ b/config/nixos-8gb-fsn1-1.nix @@ -28,6 +28,7 @@ ./bittorrent-blocker.nix ./services/akkoma ./services/peertube + ./services/rspamd.nix ]; boot.initrd.availableKernelModules = ["ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sd_mod" "sr_mod"]; diff --git a/secrets/nixos-8gb-fsn1-1.yaml b/secrets/nixos-8gb-fsn1-1.yaml index 079255f9..300d4777 100644 --- a/secrets/nixos-8gb-fsn1-1.yaml +++ b/secrets/nixos-8gb-fsn1-1.yaml @@ -8,6 +8,11 @@ security: restic: password: ENC[AES256_GCM,data:8W1pEFt+1lW2/Y11OrJa+glMM1A=,iv:V0R7PlBMxl/oTJxE10MIDMtbqr98bE/po+/92MGMftY=,tag:juGYo8nQy7IJUX28f2ZznQ==,type:str] services: + rspamd: + dkim: + darkkirb.de: ENC[AES256_GCM,data:UZ53jxzBU8pV/64nCVCa54lJwJHng9xsCmvvf0031NaV+zB3LY2Tp1gBAYDkQdDAdJtLw4s6qmt5PoFjNpw4/WD0ZMaTBFMew4BNIQu6CD6CumtBafMPnUKRyRmPccoU/uoeXjsa09sLB/44l3BSqr4nR6wu8JLWD2dH38Tn3KWmT9MuoeHJJFJDpjhhhideFbbLx9R+NvLsIiPLHKNcJZ0/GbLbfDicFVehcqPHaPfVCt2bwKKBm3Qo4o3W56hJnzSKwcY4I9JxcKE9efdMBaYY0yqpSaotqDnuIMl5ZV23+CTsVt6hv8X+o3qEMLQjM3cFhEU1V+LrdTS9peBI+7cb5Sh2py4ICdzptm0BRnbG1HbYBzFWc/YQalffUHlP31Dl15dZkC8HBszNeZ05lb6f116Ehq3qE0aOs4thZeFBMrfPrrnqjrf/P7en4tg6reBmz5CHyQRyrJ2m9eRtw17BpWvf0mnMDBKZ6cKeimvJxXKIt8VNNYqj96aK96qkgGCmrvJ+O1EIgf/Zc1v1UfiZa4UqH8yqyqwulgtd961IKwsE0H5LElok3LX5dGJlhHHGMbAdAmLreXZb7EzKflqNex2lmW1r8rC7ZQ07f0aNpWRCSmUhQ29V77u4K679ODpTBg/zcHBovBHO2XabA3vPDr0tEJLfyD9EkVsrZvnh8ltYQFkDLWkUfgaQg8fa++CIg0iNAyjuoohbMV7JXyVvlYvWLrZslxGzY0nzeD8orpj67s+phUpDYKZgxQtULeyN75COqmABVqknk7DUrG7TlPmRLU+ixcorEjriNHzpXTA7peQ2Q0XCY5gSK6CpvHvYT4k3xSbPfFx0BTeRwMKjHmhG9sNsOtEjfnhleUvcKDDyRVtemF8guhyvJ8B4nY+yxI3kuRBrpkSUxvBSq66cyTEmEfoRtWOqIe7fmSZyu451TL02XJUU96c8QimGLkI8VO4k9PLNL8YUbzAbF/IIjpV362f4JMb9hSyf5bw9JBNhOZNXrFkRLDCgH66XQbYBGS3e4MfZJnLj2x5jzXMPYbrPMZFjtfMEzVDfI+E/nmlrfn3MoHqdiKbV1bYlqIl2F5ldnAvTsBk0fucg5OmckP32ZGA7QsNBbqD16typ8F+69V7JKxo9jH5uY8x2i+lNtNTll5sdh9cuna23zdGywdJDgP/M0hKLlIja5ZzWPyOD34Z40T9A39nHUAyl4AwNFw==,iv:Z1YILn9vpune1u6AvGTb8/5XPjj6hxhb0JJPD3J9CM4=,tag:+mYRcGJbLJQPUNO1Xq6Geg==,type:str] + miifox.net: ENC[AES256_GCM,data:qeNWj5YNgdCWkaXEGEQYBi2Gh7vVj7PrqElJVbWpL/XMSq1l9q1m5Ip6WwmSoKMCoaa7UX0fJC0r7pNJTAMwIvNfxnFlpCVWRhPBadEeBc8UuZVVkNFs2A7EHjKWLZu4/AhAh84dK2U++bESkeBPadS0Cvpy9onWB6D8cNtAnzpZNtH5h251P1DddS0AVBBFB4xWMcF4nbs5EJ5nh9bwQlvYrhw5+ryRvRXD+ePl+bp2FcTIHp9v9EuXKSaXOfuNLybQp6ynwbS9B+veji3VVy+0bWmaTS3HaaCUVEzSCz1AS41nTflwQwj9FQjj+C5t117e5eYMItQufgJSWBBjIh5dbuw7DR9ZnLV70scPY75WekSWsoeoktk/Agh5duhoAVTWoB6kDQ3Uo5ksVbgKAdgRg8toTCE7VV8gTv1rLNJVKxjNSuw15iiOvxCS87u91xlWm/x2VM4Bc+cvxNutGXTtSR226Wssp6TDBTVd31l97m9NgeqhlQXyTg04hf3xCfEsXAxTkrgvOryygHt3UtGIiBh5szwo7EZewW4yjlQCJfvQX6BcPPj0m02IYGtwCA94U4jbYj4cncWouc/N5GEth6BRDHBmOmGzGD7Rfke/5aVcAv8HiOcSXE5dENH9RjRmEjNT7ptu0+bPcQYl/bFSBhRl3+Q4GpgMFflf6LKetYd5Xg1Bp1INSIJSxxf8gKaKZU5wT2kbkXG6lQ7+Y0WCJQ0RNDcMkZrn7uFkBDQ80EMT+nt6/qudnawPUmbMpuUw5cnpZKqRyiABIpKHiDCb7Fvyr5OEwXNvu2ErReBSVe1c7CMfbUwd0Y+NJwDdfNHxAOhCxVQjH/XCAnlJn8EklzIPglF2lueHE1Cg4wBjQBYQM+/VbA188YgEgci+SwmhtDHF4XUIx8dn5MCDInMJ5IcBKmji6eFj4EAs5Vyn5ZrmKZvoYct30O9nkC/s+/CTiH6XYOT6IWU8shEkR58hI9j0rdgYgK3TCi9xD/jnn6x4cvab4keyb33XccDYMPrTx4wnkGH4ZR6+ISt8xJrB5ypBbV4MWwB1OxCLrShUpxxQ2mEe7DlHVKhX9GUvLJyVlyCCegOgAkn+V33dlbPBjT/+jMWZcaJ0xaltz+Zr1VHtEb1TVd+rnaZpX/bg7RvNH2xoBOIDw4OijS+CBVhLvs2ZuYRfOYEYnUM4ZqFv+cxza/XcrikBtVw9ng7w1zcugA==,iv:i+/p0hu7642gRARmESnLlAlCYhlD7P1P2q3GGIDmAIU=,tag:2CU3sY5w/ldCDFlkmLP/9A==,type:str] + chir.rs: ENC[AES256_GCM,data:fjzOKyQfeH+wMYawt7sIAsafCcmAPCkIGkP6vxPFWL/JTM6yIXxoI3CK2f2dTQ225Ckq0s0LH1ypJYoPpiChjGgW0x9kA3qtsba0B5fuKTf810FZa5ip4HROArmV/j0LwuNgy0rMWBOlUZAEbybGBs+odI0aBEuZDdR2hiKTE/iwKrzq2rVF19XKTNQ9xaQRyf6nZ2yjVjRYQAxr7mBXZyMe6ewfPHncVEDu5qJ+OC5Q144T+PDt+EhFhGtI7w5Su0xICwm+FckF88qWjJ8dl0qF59dbBUw8GVNfvK+P92dY2ldYyTFyUIDreieqf0EMY7pA8YvgMJzI9iR46Bj/ZcDRI4SfnaRqf35i/SXeejfWOz9aSczKK00F33G8ZWV9f++Xi9rqBaUpfVcGIrZTMzGnRXN5bRMbH4g3RUZQIBNax/e2+h7bMfdo2e/GZLvdPsWLxNtNxpRNO0bdk9nYd+tYP3xnyrGnbkMwzRRT5QQVsUohTKVZW5YhCkJMtOfcbha2QaVal8SS3iKeCsQxhmqChnTO+wSYZEJBKT8xO/Im713Fc3IIRQpmIwwY0uGurhYoHZD+LVN1VyqD9yk8O1BHSZsf5SKcGUO23rwDG+szAjeXGL2TXYzS8eBa/7YsV3AHAL6PEvvJGlcGQnWZwuQjJDo261WXtW5heEzWIIPxQECyrRoaQcvsFek53EpAnznelBNqPUHfMsKGoUuPFZOqGjpwzd16hvY0AXsZOSN2M0HDgM08QTn4hkNejGF3w66TgwBEsT2G+eA0Pac7wUQI6ay0DCSWCAd0HB0mgaxxsBhBajeDSChfnt22idtO4AvEMJNpnfdCvgu/MJghLQno7d9yHosSh/XnZc1X46tXY4//NaplC1F2upo/i6Wk/5/psGWv4qLaO3iqO+gHdBZDLvEoLVehcsgiWUpAZ0/yx6oqClC7I6+U4Qwrd/y/IdxcO+xPW44Q6Aexht1c/NPr4S1Q4SPK7ehqrTqbAfRxas1Rw44JQKBrfauf3oN29UVKYdTQrL+eVklLvniIYPecd4AZxNdfiJ4bJH2YgxrPuKEGzupaZMOqebUdWJ+mE6dUunUxWsVHH0lv48Log/uZuSkZi+iSCxDyOjYcUUwBTOZ+HXn8BfrdRRqC6efBzR1jgHlQ5bK9hR4OD0lNjPlFmz9YlwT8FnZzL1Ai+m1cdiikP9bLOE08zrryFaFbkuNn8Q==,iv:A5ztdHhJjGS+UV676MwaRcIHZLJVgids4t1igN/pSyI=,tag:pt8uDOI3ybxRNPXpZHJYuw==,type:str] nix: cache-key: ENC[AES256_GCM,data:aLUW21G4ubmxS97LOwvUY+9ovrk02tZwq3D6tSO5tK9DwhySEuquQIHKsmuhsQtuCZRDLPgRh+T1XIKykWxv0S42NhdMGiE6GuRs8SbnEwcYMHwEPwHHMppG38G+EEKmTA==,iv:nm0yWYS8xk2C5mn3lpSEocqmCFOx2rL57euMfcXOXHA=,tag:WXEAMiMS9S/0hKrd63mBLQ==,type:str] bunny-key: ENC[AES256_GCM,data:Jby03Y/0MjzED+fGNn8dLQkVhR9D5mhz8gzkG27hxQ1UezdzhxaPV56fIeCmn8yDespwMLMjEXPiIsM/GFS0y58ctl7OHuEW,iv:3R8+z/KuRaqybs4KbfZtrXiIAMZ5oCIH8tZhFN8MjWs=,tag:VIb442EBs0TlLfwWNvMmng==,type:str] @@ -77,8 +82,8 @@ sops: N1lNTTRhSDFsczd4VjNudUU2NEt4MUEKdVJIJmaoGcwUHa0BGB45jqYnm9aPVZxP dl1vkMx8EAiKhWKbBwQm5fFZcNh371rspGE7KOXmwNbNWef5bVfHpQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-12-04T12:33:55Z" - mac: ENC[AES256_GCM,data:32UzO0QJVp1YtEaL67k9BCckx3G2E7eX7Sa+MORwidjGCEg2UrEzn15DlBuLKHr/iaZzOO3eQSODnJXBGCv6h5m8WOCFyieCHClC3HpiOGPAaUPSZjx5xD5Lnvaziy6q5sZe7a+3DnQf3G8ajb2YSwB+CsjuRjAulnZJzxvKCQA=,iv:K795ZLX86GekNWlkJUmVZSaclEL3URABH33nD+/TG5E=,tag:R33H43tw1zUta7Pqu1nEWQ==,type:str] + lastmodified: "2022-12-07T10:10:35Z" + mac: ENC[AES256_GCM,data:UiENOfBCIQ3XZbhuQDumNH8TCm1iYQl75AIM0Hk7gsduH62J66914joXfX3D0qdmGaO9V9RoU+YZySTe0bJJXTsbQBV1ZMFfQFWMfDZCWprSYY0w+VA3aeFicrXOkJrvkDL0RklkNZRthiVvA/K0jIcOc9a3KhQ4AYg4NvpuK4o=,iv:D992NSKogA/St7mJXKKVi5fxcjyW+n2lqbgim54ABQI=,tag:jEH6qPDA/C79XSQ5AkWVuw==,type:str] pgp: - created_at: "2022-02-02T17:50:42Z" enc: | diff --git a/zones/int.chir.rs.nix b/zones/int.chir.rs.nix index eff5fdd6..c810a453 100644 --- a/zones/int.chir.rs.nix +++ b/zones/int.chir.rs.nix @@ -15,7 +15,7 @@ in { SOA = { nameServer = "ns1.chir.rs."; adminEmail = "lotte@chir.rs"; - serial = 16; + serial = 17; }; NS = [ "ns1.chir.rs." @@ -76,27 +76,27 @@ in { } ]; /* - subdomains = { - _tcp.subdomains."*".TLSA = [ - { - certUsage = "dane-ee"; - selector = "spki"; - match = "sha256"; - certificate = "0b85bd8fd152ed8b29a25e7fd69c083138a7bd35d79aea62c111efcf17ede23f"; - ttl = zoneTTL; - } - ]; - _udp.subdomains."*".TLSA = [ - { - certUsage = "dane-ee"; - selector = "spki"; - match = "sha256"; - certificate = "0b85bd8fd152ed8b29a25e7fd69c083138a7bd35d79aea62c111efcf17ede23f"; - ttl = zoneTTL; - } - ]; - }; - */ + subdomains = { + _tcp.subdomains."*".TLSA = [ + { + certUsage = "dane-ee"; + selector = "spki"; + match = "sha256"; + certificate = "0b85bd8fd152ed8b29a25e7fd69c083138a7bd35d79aea62c111efcf17ede23f"; + ttl = zoneTTL; + } + ]; + _udp.subdomains."*".TLSA = [ + { + certUsage = "dane-ee"; + selector = "spki"; + match = "sha256"; + certificate = "0b85bd8fd152ed8b29a25e7fd69c083138a7bd35d79aea62c111efcf17ede23f"; + ttl = zoneTTL; + } + ]; + }; + */ HTTPS = [ { svcPriority = 1; @@ -260,7 +260,7 @@ in { hydra.CNAME = [(ttl zoneTTL (cname "nas"))]; mastodon.CNAME = [(ttl zoneTTL (cname "nas"))]; matrix.CNAME = [(ttl zoneTTL (cname "nas"))]; - rspamd.CNAME = [(ttl zoneTTL (cname "nas"))]; + rspamd.CNAME = [(ttl zoneTTL (cname "nixos-8gb-fsn1-1"))]; drone.CNAME = [(ttl zoneTTL (cname "nas"))]; moa.CNAME = [(ttl zoneTTL (cname "nas"))]; matrix-admin.CNAME = [(ttl zoneTTL (cname "nas"))];