l domsen: fixes & domains

This commit is contained in:
lassulus 2023-07-23 23:12:17 +02:00
parent fe89b7544e
commit 794590866b

View File

@ -96,6 +96,7 @@ in {
file_uploads = on file_uploads = on
''; '';
systemd.services.nextcloud-setup.after = [ "secret-nextcloud_pw.service" ];
krebs.secret.files.nextcloud_pw = { krebs.secret.files.nextcloud_pw = {
path = "/run/nextcloud.pw"; path = "/run/nextcloud.pw";
owner.name = "nextcloud"; owner.name = "nextcloud";
@ -121,18 +122,17 @@ in {
# MAIL STUFF # MAIL STUFF
# TODO: make into its own module # TODO: make into its own module
# workaround for android 7
security.acme.certs."lassul.us".keyType = "rsa4096";
services.roundcube = { services.roundcube = {
enable = true; enable = true;
hostName = "mail.lassul.us"; hostName = "mail.lassul.us";
extraConfig = '' extraConfig = ''
$config['smtp_port'] = 25; $config['smtp_debug'] = true;
$config['smtp_host'] = "localhost:25";
''; '';
}; };
services.dovecot2 = { services.dovecot2 = {
enable = true; enable = true;
showPAMFailure = true;
mailLocation = "maildir:~/Mail"; mailLocation = "maildir:~/Mail";
sslServerCert = "/var/lib/acme/lassul.us/fullchain.pem"; sslServerCert = "/var/lib/acme/lassul.us/fullchain.pem";
sslServerKey = "/var/lib/acme/lassul.us/key.pem"; sslServerKey = "/var/lib/acme/lassul.us/key.pem";
@ -142,6 +142,17 @@ in {
{ predicate = "-p tcp --dport imaps"; target = "ACCEPT"; } { predicate = "-p tcp --dport imaps"; target = "ACCEPT"; }
]; ];
environment.systemPackages = [
(pkgs.writers.writeDashBin "debug_exim" ''
set -ef
export PATH="${lib.makeBinPath [ pkgs.coreutils ]}"
echo "$@" >> /tmp/xxx
/run/wrappers/bin/shadow_verify_arg "${config.lass.usershadow.pattern}" "$2" "$3" 2>>/tmp/xxx1
echo "ok" >> /tmp/yyy
exit 23
'')
];
krebs.exim-smarthost = { krebs.exim-smarthost = {
authenticators.PLAIN = '' authenticators.PLAIN = ''
driver = plaintext driver = plaintext
@ -153,6 +164,7 @@ in {
public_name = LOGIN public_name = LOGIN
server_prompts = "Username:: : Password::" server_prompts = "Username:: : Password::"
server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}} server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
# server_condition = ''${run{/run/current-system/sw/bin/debug_exim ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}}
''; '';
internet-aliases = [ internet-aliases = [
{ from = "dma@ubikmedia.de"; to = "domsen"; } { from = "dma@ubikmedia.de"; to = "domsen"; }
@ -180,14 +192,13 @@ in {
"alewis.de" "alewis.de"
"jarugadesign.de" "jarugadesign.de"
"beesmooth.ch" "beesmooth.ch"
"event-extra.de"
]; ];
dkim = [ dkim = [
{ domain = "ubikmedia.eu"; } { domain = "ubikmedia.eu"; }
{ domain = "apanowicz.de"; } { domain = "apanowicz.de"; }
{ domain = "beesmooth.ch"; } { domain = "beesmooth.ch"; }
]; ];
ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
ssl_key = "/var/lib/acme/lassul.us/key.pem";
}; };
users.users.UBIK-SFTP = { users.users.UBIK-SFTP = {