feat: add maddy

This commit is contained in:
truxnell 2024-03-17 20:43:37 +11:00
parent 28f355a8cc
commit 6d098efd74
4 changed files with 74 additions and 8 deletions

View file

@ -0,0 +1,30 @@
state_dir /dev/shm/maddy/state
runtime_dir /dev/shm/maddy/run
openmetrics tcp://0.0.0.0:9749 { }
smtp tcp://0.0.0.0:2525 {
debug {env:DEBUG}
io_debug {env:DEBUG}
source {env:SMTP_DOMAIN} {
deliver_to &remote_queue
}
default_source {
reject
}
}
target.queue remote_queue {
debug {env:DEBUG}
target &remote_smtp
}
target.smtp remote_smtp {
debug {env:DEBUG}
attempt_starttls yes
require_tls yes
auth plain {env:SMTP_USERNAME} {env:SMTP_PASSWORD}
targets tls://{env:SMTP_SERVER}:{env:SMTP_PORT}
}

View file

@ -1,16 +1,18 @@
{ inputs, outputs, config, ... }: {
# init secret
config.sops.secrets."system/networking/dcloudflare-dyndns/apiTokenFile".sopsFile = ./cloudflare-dyndns.sops.yaml;
config.sops.secrets."system/networking/dcloudflare-dyndns/domains".sopsFile = ./cloudflare-dyndns.sops.yaml;
config.sops.secrets."system/mail/maddy/envFile" = {
sopsFile = ./maddy.sops.yaml;
owner = "maddy";
group = "maddy";
};
# Cloudflare dynamic dns to keep my DNS records pointed at home
services.maddy = {
#
config.services.maddy = {
enable = true;
ipv6 = false;
proxied = true;
apiTokenFile = config.secret.sops."system/networking/dcloudflare-dyndns/apiTokenFile".path;
domains = config.secret.sops."system/networking/dcloudflare-dyndns/domains".path;
secrets = [ config.sops.secrets."system/mail/maddy/envFile".path ];
config = builtins.readFile ./maddy.conf;
};
}

View file

@ -0,0 +1,33 @@
system:
mail:
maddy:
envFile: ENC[AES256_GCM,data:RXFxnPsEHb3ji+EA3ijOt75aQEyZ7KQOPFBCGQKA/pxgU9atRZHULRSoC/sEykiCln3qBQ8Bbbh3fca5hwlsqv736poriuuq6gSs2tljWxDWsgn+qX1aSx0d9DkfhKPOKfxwmEsTEjNo/VkWm8EZBeDZDEhZLUO1S3kx79TRUCHrz9g=,iv:pLDRR20CqD6MzhDWxG3OncyXv5gPm3x25xnRZZF7wzM=,tag:E8uD9F+GU4vKPgoB4rqQyw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMVG5tTjNwRGl1SGRUdGlN
bFlLQk5KN05SNE13QlBkUzBqRmpKLzYxcG1RCm9UNExzZnBaaGV5VkJ1V1lRK0JW
UUpBOG1GUGwzc3d5OXJCdGY4WmxrMDgKLS0tIGc4WGsrOEs2eWhscDNKMUo3Szdy
UFdLbnVpSnVQOFJqdTMyOGRydE9uV0EKyWYhuiZYsAVoCgxnGwG/H3MKxKT7xqpG
Zdoy473YslSq/xwOfZA76useXmrwtkVEZ2JoVZ4TYnkNKYv0Ag5CDA==
-----END AGE ENCRYPTED FILE-----
- recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBOEtJRWZBd1VCMVBBK29N
eXdSSFJiL2ludW5YaDRILzd5UjZWQkZNZmhRCjFHSEcybTBLTTh4K0FvUVg0eTlk
aHBvV25ramtrRE0xdndsdFZDTjZnTFEKLS0tIDNSR0dxMWQrUVZCa2pIQjJkZlUv
dTBRVFRidE0xVWJhV04rWitHTEVqcTgKbRV3ttX0zAZBdlDMRdheMW8XS1YhTLGo
1Cg29Rm2AsEm774EssZ/JpZeE91qKb2F4Q47C1WQJDqVg5IE78vVbA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-17T07:53:40Z"
mac: ENC[AES256_GCM,data:z1SqvWfpDrHBGNMDPdHW7cXWA0Svnvyf+EoQ2zUBqkMP3zTn772sUolCx98ujGEZeAk07ABQ9Yhl7Q7ibgB75x04lOFlFZ9FYvMVfDofTyg9YKxnDe+CBN9Jn7N8+lz/MxBs2VWMXkEmAk0rAK6pfTsbfltfCIYzZxH8TP+EIfc=,iv:sJ5vuNKmFQavIhjS6KWZC4c2ZXcDrOYL2sowZSPpG78=,tag:/di0NtclJRe+pX6+zjC+Ow==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View file

@ -22,6 +22,7 @@
../common/optional/firefox.nix
../common/optional/sops-nix.nix
../common/optional/cloudflare-dyndns.nix
../common/optional/maddy.nix
];