From b3f6e37765d4eaa4624fc466a8595ed721bff599 Mon Sep 17 00:00:00 2001 From: Fiona Grzebien Date: Sun, 17 May 2026 02:12:42 +0200 Subject: [PATCH] Remove mail-2 --- config/hosts/mail-2/acme.nix | 9 --- config/hosts/mail-2/configuration.nix | 81 --------------------------- config/hosts/mail-2/default.nix | 8 --- config/hosts/mail-2/postfix.nix | 37 ------------ config/hosts/mail-2/secrets.nix | 21 ------- 5 files changed, 156 deletions(-) delete mode 100644 config/hosts/mail-2/acme.nix delete mode 100644 config/hosts/mail-2/configuration.nix delete mode 100644 config/hosts/mail-2/default.nix delete mode 100644 config/hosts/mail-2/postfix.nix delete mode 100644 config/hosts/mail-2/secrets.nix diff --git a/config/hosts/mail-2/acme.nix b/config/hosts/mail-2/acme.nix deleted file mode 100644 index c6a353c..0000000 --- a/config/hosts/mail-2/acme.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: -{ - security.acme.certs = { - "mail-2.grzb.de" = { - listenHTTP = ":80"; - reloadServices = [ "postfix.service" ]; - }; - }; -} diff --git a/config/hosts/mail-2/configuration.nix b/config/hosts/mail-2/configuration.nix deleted file mode 100644 index f1fa002..0000000 --- a/config/hosts/mail-2/configuration.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ pkgs, ... }: -{ - boot.loader.grub = { - enable = true; - device = "/dev/vda"; - }; - - systemd.network = { - enable = true; - networks = { - "enp6s18" = { - matchConfig.Name = "enp6s18"; - address = [ - "10.201.41.100/24" - ]; - routes = [ - { - Gateway = "10.201.41.1"; - Destination = "10.201.0.0/16"; - } - { - Gateway = "10.201.41.1"; - Destination = "10.202.0.0/16"; - } - { - Gateway = "10.201.41.1"; - Destination = "172.21.87.0/24"; - } - { - Gateway = "10.201.41.1"; - Destination = "217.160.117.160/32"; - } - ]; - linkConfig.RequiredForOnline = "routable"; - }; - "wg0" = { - matchConfig.Name = "wg0"; - address = [ - "172.18.50.2/24" - ]; - DHCP = "no"; - gateway = [ - "172.18.50.1" - ]; - }; - }; - netdevs = { - "wg0" = { - netdevConfig = { - Kind = "wireguard"; - Name = "wg0"; - }; - wireguardConfig = { - PrivateKeyFile = "/secrets/wireguard-mail-2-wg0-privatekey.secret"; - }; - wireguardPeers = [{ - PublicKey = "Nnf7x+Yd+l8ZkK2BTq1lK3iiTYgdrgL9PQ/je8smug4="; - PresharedKeyFile = "/secrets/wireguard-lifeline-mail-2-mail-2-psk.secret"; - Endpoint = "217.160.117.160:51820"; - AllowedIPs = [ "0.0.0.0/0" ]; - PersistentKeepalive = 25; - }]; - }; - }; - }; - - networking = { - hostName = "mail-2"; - useDHCP = false; - firewall = { - enable = true; - allowedTCPPorts = [ 25 80 ]; - }; - }; - - environment.systemPackages = with pkgs; [ - wireguard-tools - ]; - - system.stateVersion = "23.05"; -} diff --git a/config/hosts/mail-2/default.nix b/config/hosts/mail-2/default.nix deleted file mode 100644 index ab5c757..0000000 --- a/config/hosts/mail-2/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: -{ - imports = [ - ./configuration.nix - ./postfix.nix - ./acme.nix - ]; -} diff --git a/config/hosts/mail-2/postfix.nix b/config/hosts/mail-2/postfix.nix deleted file mode 100644 index b7e54f3..0000000 --- a/config/hosts/mail-2/postfix.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, ... }: -{ - # Postfix relay configuration, see: https://www.postfix.org/STANDARD_CONFIGURATION_README.html#backup - services.postfix = { - enable = true; - hostname = "mail-2.grzb.de"; - relayDomains = [ - "grzb.de" - "nekover.se" - ]; - sslCert = "${config.security.acme.certs."mail-2.grzb.de".directory}/fullchain.pem"; - sslKey = "${config.security.acme.certs."mail-2.grzb.de".directory}/key.pem"; - extraConfig = '' - message_size_limit = 20971520 - smtpd_relay_restrictions = permit_mynetworks reject_unauth_destination - proxy_interfaces = 217.160.117.160 - relay_recipient_maps = - smtp_tls_ciphers = high - smtp_tls_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL - smtp_tls_mandatory_ciphers = high - smtp_tls_mandatory_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL - smtp_tls_mandatory_protocols = TLSv1.3, TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3 - smtp_tls_protocols = TLSv1.3, TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3 - smtpd_tls_auth_only = yes - smtpd_tls_ciphers = high - smtpd_tls_eecdh_grade = ultra - smtpd_tls_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL - smtpd_tls_loglevel = 1 - smtpd_tls_mandatory_ciphers = high - smtpd_tls_mandatory_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL - smtpd_tls_mandatory_protocols = TLSv1.3, TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3 - smtpd_tls_protocols = TLSv1.3, TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3 - tls_preempt_cipherlist = yes - tls_random_source = dev:/dev/urandom - ''; - }; -} diff --git a/config/hosts/mail-2/secrets.nix b/config/hosts/mail-2/secrets.nix deleted file mode 100644 index 67beb5b..0000000 --- a/config/hosts/mail-2/secrets.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ keyCommandEnv, ... }: -{ - deployment.keys = { - "wireguard-mail-2-wg0-privatekey.secret" = { - keyCommand = keyCommandEnv ++ [ "pass" "wireguard/mail-2-wg0-privatekey" ]; - destDir = "/secrets"; - user = "root"; - group = "systemd-network"; - permissions = "0640"; - uploadAt = "pre-activation"; - }; - "wireguard-lifeline-mail-2-mail-2-psk.secret" = { - keyCommand = keyCommandEnv ++ [ "pass" "wireguard/lifeline-mail-2/psk" ]; - destDir = "/secrets"; - user = "root"; - group = "systemd-network"; - permissions = "0640"; - uploadAt = "pre-activation"; - }; - }; -}