fix: stalwart new config format

feat: switch to stalwart
fix: disable fwpud
2024-11-29 23:34:35 +01:00 · 2024-11-29 21:20:08 +01:00 · 2024-11-29 13:48:10 +01:00
8 changed files with 12 additions and 11 deletions
--- a/config/services/idmail.nix
+++ b/config/services/idmail.nix
@ -73,6 +73,8 @@ in
  systemd.services.idmail.serviceConfig.RestartSec = "60"; # Retry every minute

  services.nginx = {
+    enable = true;
+    recommendedSetup = true;
    upstreams.idmail = {
      servers."127.0.0.1:3000" = { };
      extraConfig = ''
@ -82,7 +84,7 @@ in
    };
    virtualHosts.${idmailDomain} = {
      forceSSL = true;
-      useACMEWildcardHost = true;
+      useACMEHost = domain;
      locations."/" = {
        proxyPass = "http://idmail";
        proxyWebsockets = true;
--- a/config/services/stalwart.nix
+++ b/config/services/stalwart.nix
@ -125,6 +125,8 @@ in
    }
  ];
  services.nginx = {
+    enable = true;
+    recommendedSetup = true;
    upstreams.stalwart = {
      servers."127.0.0.1:8080" = { };
      extraConfig = ''
@ -136,7 +138,7 @@ in
      {
        ${domain} = {
          forceSSL = true;
-          useACMEWildcardHost = true;
+          useACMEHost = domain;
          extraConfig = ''
            client_max_body_size 512M;
          '';
@ -154,7 +156,7 @@ in
        ]
        (_: {
          forceSSL = true;
-          useACMEWildcardHost = true;
+          useACMEHost = domain;
          locations."/".proxyPass = "http://stalwart";
        });
  };
@ -203,17 +205,12 @@ in
    enable = true;
    settings =
      let
-        case = field: check: value: data: {
-          "if" = field;
-          ${check} = value;
-          "then" = data;
-        };
        ifthen = field: data: {
          "if" = field;
          "then" = data;
        };
        otherwise = value: { "else" = value; };
-        is-smtp = case "listener" "eq" "smtp";
+        is-smtp = ifthen "listener = 'smtp'";
        is-authenticated = data: {
          "if" = "!is_empty(authenticated_as)";
          "then" = data;
--- a/config/support/physical.nix
+++ b/config/support/physical.nix
@ -12,7 +12,8 @@
  };

  services = {
-    fwupd.enable = !minimal;
+    # Enable if you're feeling very fwupd that day
+    #fwupd.enable = !minimal;
    smartd.enable = !minimal;
    thermald.enable = builtins.elem config.nixpkgs.hostPlatform.system [ "x86_64-linux" ];
  };
--- a/hosts/maddy/default.nix
+++ b/hosts/maddy/default.nix
@ -2,7 +2,7 @@
  imports = [
    ../../config/basic
    ../../config/support/initrd-ssh.nix
-    ../../config/services/maddy.nix
+    # ../../config/services/maddy.nix
    ../../config/support/zfs.nix

    ./net.nix
--- a/hosts/mailnix/net.nix
+++ b/hosts/mailnix/net.nix
@ -52,6 +52,7 @@
    };
  };
  networking.nftables.firewall.zones.untrusted.interfaces = [ "lan01" ];
+  users.groups.acme.members = [ "nginx" ];
  security.acme.certs = {
    "${config.secrets.secrets.global.domains.mail_public}" = {
      domain = config.secrets.secrets.global.domains.mail_public;
--- a/hosts/mailnix/secrets/generated/buildSSHKey.age
+++ b/hosts/mailnix/secrets/generated/buildSSHKey.age
--- a/hosts/mailnix/secrets/generated/dhparams.pem.age
+++ b/hosts/mailnix/secrets/generated/dhparams.pem.age
--- a/secrets/secrets.nix.age
+++ b/secrets/secrets.nix.age
Author	SHA1	Message	Date
Patrick	27e1a7cc3f	fix: stalwart new config format	2024-11-29 23:34:35 +01:00
Patrick	57454a768b	feat: switch to stalwart	2024-11-29 21:20:08 +01:00
Patrick	00f45973b8	fix: disable fwpud	2024-11-29 13:48:10 +01:00