june/fi-nix-infra
1
0
Fork 0
forked from fi/nix-infra
Code Pull requests Activity

Migrate mail-1 to sops-nix

Browse source
This commit is contained in:
Fiona Grzebien 2026-05-24 02:23:59 +02:00
commit e35aa9aabd
Signed by: fi
SSH key fingerprint: SHA256:HQgl5VGC4+Yw3ds/0I/DqTge63SPBXvXwhNG/gRW26U
4 changed files with 130 additions and 122 deletions
Download patch file Download diff file Expand all files Collapse all files

89
config/hosts/mail-1/simple-nixos-mailserver.nix
View file

@ -15,55 +15,55 @@
domains = [ "grzb.de" "vs.grzb.de" "wg.grzb.de" "nekover.se" ];
loginAccounts = {
"fiona@grzb.de" = {
hashedPasswordFile = "/secrets/mail-fiona-grzb-de.secret";
hashedPasswordFile = "/run/secrets/mail-fiona-grzb-de";
aliases = [ "@grzb.de" ];
catchAll = [ "grzb.de" ];
};
"yuri@nekover.se" = {
hashedPasswordFile = "/secrets/mail-yuri-nekover-se.secret";
hashedPasswordFile = "/run/secrets/mail-yuri-nekover-se";
aliases = [ "@nekover.se" ];
catchAll = [ "nekover.se" ];
};
"mio@vs.grzb.de" = {
hashedPasswordFile = "/secrets/mail-mio-vs-grzb-de.secret";
hashedPasswordFile = "/run/secrets/mail-mio-vs-grzb-de";
sendOnly = true;
aliases = [ "root@vs.grzb.de" ];
};
"fubuki@wg.grzb.de" = {
hashedPasswordFile = "/secrets/mail-fubuki-wg-grzb-de.secret";
hashedPasswordFile = "/run/secrets/mail-fubuki-wg-grzb-de";
sendOnly = true;
aliases = [ "root@wg.grzb.de" ];
};
"cloud@nekover.se" = {
hashedPasswordFile = "/secrets/mail-cloud-nekover-se.secret";
hashedPasswordFile = "/run/secrets/mail-cloud-nekover-se";
sendOnly = true;
};
"status@nekover.se" = {
hashedPasswordFile = "/secrets/mail-status-nekover-se.secret";
hashedPasswordFile = "/run/secrets/mail-status-nekover-se";
sendOnly = true;
};
"matrix@nekover.se" = {
hashedPasswordFile = "/secrets/mail-matrix-nekover-se.secret";
hashedPasswordFile = "/run/secrets/mail-matrix-nekover-se";
sendOnly = true;
aliases = [ "nyareply@nekover.se" ];
};
"nekomesh@nekover.se" = {
hashedPasswordFile = "/secrets/mail-nekomesh-nekover-se.secret";
hashedPasswordFile = "/run/secrets/mail-nekomesh-nekover-se";
sendOnly = true;
aliases = [ "nyareply@nekover.se" ];
};
"social@nekover.se" = {
hashedPasswordFile = "/secrets/mail-social-nekover-se.secret";
hashedPasswordFile = "/run/secrets/mail-social-nekover-se";
sendOnly = true;
aliases = [ "nyareply@nekover.se" ];
};
"id@nekover.se" = {
hashedPasswordFile = "/secrets/mail-id-nekover-se.secret";
hashedPasswordFile = "/run/secrets/mail-id-nekover-se";
sendOnly = true;
aliases = [ "nyareply@nekover.se" ];
};
"forgejo@nekover.se" = {
hashedPasswordFile = "/secrets/mail-forgejo-nekover-se.secret";
hashedPasswordFile = "/run/secrets/mail-forgejo-nekover-se";
sendOnly = true;
aliases = [ "nyareply@nekover.se" ];
};
@ -79,4 +79,71 @@
proxy_interfaces = "212.53.203.19";
};
};
sops.secrets."mail-fiona-grzb-de" = {
mode = "0440";
owner = "root";
group = "root";
restartUnits = [ "postfix.service" ];
};
sops.secrets."mail-yuri-nekover-se" = {
mode = "0440";
owner = "root";
group = "root";
restartUnits = [ "postfix.service" ];
};
sops.secrets."mail-mio-vs-grzb-de" = {
mode = "0440";
owner = "root";
group = "root";
restartUnits = [ "postfix.service" ];
};
sops.secrets."mail-fubuki-wg-grzb-de" = {
mode = "0440";
owner = "root";
group = "root";
restartUnits = [ "postfix.service" ];
};
sops.secrets."mail-cloud-nekover-se" = {
mode = "0440";
owner = "root";
group = "root";
restartUnits = [ "postfix.service" ];
};
sops.secrets."mail-status-nekover-se" = {
mode = "0440";
owner = "root";
group = "root";
restartUnits = [ "postfix.service" ];
};
sops.secrets."mail-matrix-nekover-se" = {
mode = "0440";
owner = "root";
group = "root";
restartUnits = [ "postfix.service" ];
};
sops.secrets."mail-nekomesh-nekover-se" = {
mode = "0440";
owner = "root";
group = "root";
restartUnits = [ "postfix.service" ];
};
sops.secrets."mail-social-nekover-se" = {
mode = "0440";
owner = "root";
group = "root";
restartUnits = [ "postfix.service" ];
};
sops.secrets."mail-id-nekover-se" = {
mode = "0440";
owner = "root";
group = "root";
restartUnits = [ "postfix.service" ];
};
sops.secrets."mail-forgejo-nekover-se" = {
mode = "0440";
owner = "root";
group = "root";
restartUnits = [ "postfix.service" ];
};
}