chvp/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

mail: Use oauth and mfauth to access work mail directly instead of forwarding

Browse source
This commit is contained in:
Charlotte Van Petegem 2023-11-10 12:11:22 +01:00
parent 83e00a1a81
commit 5045e2b167
No known key found for this signature in database
GPG key ID: 019E764B7184435A
7 changed files with 86 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

28
modules/services/mail/default.nix
View file

@ -59,10 +59,6 @@ in
hashedPasswordFile = config.age.secrets."passwords/services/mail/hallo@robbe.be".path;
aliases = [ "@robbe.be" "@robbevp.be" ];
};
"ugent@cvpetegem.be" = {
hashedPasswordFile = config.age.secrets."passwords/services/mail/ugent@cvpetegem.be".path;
aliases = [ "charlotte.vanpetegem@ugent.be" ];
};
"webmaster@vanpetegem.me".hashedPasswordFile = config.age.secrets."passwords/services/mail/webmaster@vanpetegem.me".path;
};
indexDir = "${config.chvp.cachePrefix}/var/lib/dovecot/indices";
@ -83,16 +79,6 @@ in
certificateFile = certFile;
keyFile = keyFile;
dkimKeyDirectory = "${config.chvp.dataPrefix}/var/dkim";
policydSPFExtraConfig = ''
whitelist = 40.92.0.0/15,40.107.0.0/16,52.100.0.0/14,104.47.0.0/17,2a01:111:f400::/48,2a01:111:f403::/49,2a01:111:f403:8000::/50,2a01:111:f403:c000::/51,2a01:111:f403:f000::/52
'';
};
services.postfix = {
config.sender_dependent_default_transport_maps = [ "hash:/etc/postfix/sender_map" ];
mapFiles.sender_map = pkgs.writeText "postfix-sender-map" ''
charlotte.vanpetegem@ugent.be smtp:[127.0.0.1]:9797
'';
};
services.rspamd.extraConfig = ''
@ -103,20 +89,7 @@ in
}
'';
systemd.services.tunnel = {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
script = "${pkgs.openssh}/bin/ssh -i ${config.age.secrets."files/services/tunnel/key".path} -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -o ControlPath=none -NT -p $SSH_PORT -L 0.0.0.0:9797:$CONN_HOST:$CONN_PORT $USER@$SSH_HOST";
serviceConfig = {
RestartSec = "5s";
Restart = "on-failure";
EnvironmentFile = config.age.secrets."files/services/tunnel/env".path;
};
};
age.secrets = {
"files/services/tunnel/key".file = ../../../secrets/files/services/tunnel/key.age;
"files/services/tunnel/env".file = ../../../secrets/files/services/tunnel/env.age;
"passwords/services/mail/charlotte@vanpetegem.me".file = ../../../secrets/passwords/services/mail/charlotte_at_vanpetegem.me.age;
"passwords/services/mail/hallo@robbe.be".file = ../../../secrets/passwords/services/mail/hallo_at_robbe.be.age;
"passwords/services/mail/huis@vanpetegem.me".file = ../../../secrets/passwords/services/mail/huis_at_vanpetegem.me.age;
@ -125,7 +98,6 @@ in
"passwords/services/mail/postbot@vanpetegem.me".file = ../../../secrets/passwords/services/mail/postbot_at_vanpetegem.me.age;
"passwords/services/mail/robbe@robbevanpetegem.be".file = ../../../secrets/passwords/services/mail/robbe_at_robbevanpetegem.be.age;
"passwords/services/mail/robbe@vanpetegem.me".file = ../../../secrets/passwords/services/mail/robbe_at_vanpetegem.me.age;
"passwords/services/mail/ugent@cvpetegem.be".file = ../../../secrets/passwords/services/mail/ugent_at_cvpetegem.be.age;
"passwords/services/mail/webmaster@vanpetegem.me".file = ../../../secrets/passwords/services/mail/webmaster_at_vanpetegem.me.age;
};
};