Luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-03-25 21:30:52 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: redeploy stalwart with hidden creds

Browse source
This commit is contained in:
Julien Malka 2024-08-25 19:28:56 +02:00
parent 45d66e0a09
commit 3e2971341a
Signed by: Luj
GPG key ID: 6FC74C847011FD83
3 changed files with 21 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
machines/akhaten/stalwart.nix
View file

@ -3,10 +3,9 @@
services.stalwart-mail = {
enable = true;
settings = {
global.tracing.level = "trace";
authentication.fallback-admin = {
user = "admin";
secret = "$6$R469iElYzZ7v7TlV$PtJpqLO0Szw.B/r8V.puCC26i5.nfQLJQotTWrNoBsTrFo6/J1pC43OIMKc.2Oli/Of0pjPcgbBNmhfFImuuu0";
secret = "%{file:/var/lib/stalwart-mail/admin-hash}%";
};
lookup.default.hostname = "mail.luj.fr";
server = {
@ -57,6 +56,13 @@
};
};
age.secrets.stalwart-admin-hash = {
file = ../../secrets/stalwart-admin.age;
path = "/var/lib/stalwart-mail/admin-hash";
owner = "stalwart-mail";
group = "stalwart-mail";
};
machine.meta.zones."luj.fr".subdomains."mail" = {
A = [ config.machine.meta.ips.public.ipv4 ];
AAAA = [ config.machine.meta.ips.public.ipv6 ];

8
secrets/secrets.nix
View file

@ -9,7 +9,7 @@ let
lambda = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKluGTi+vGRLU2emYBhTJuEy7Qw0xq1e0Ey7wvU9xYHz";
nuage = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEtPoZXJKPfSPGYb/H9eWL0tNSpAKM6V/AgeE1Uf2Is6";
enigma = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBgBNhXqFN79KUpmey44pag2FQYVulf1gYnRjdbvkzWW";
lisanew = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII5W1rr+VW2TLLytoTExWg4T14lrdLFkSM4YLfbEIb2g";
akhaten = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII5W1rr+VW2TLLytoTExWg4T14lrdLFkSM4YLfbEIb2g";
servers = [
gustave
tower
@ -18,7 +18,7 @@ let
lambda
core-data
nuage
lisanew
akhaten
];
all = servers ++ [
x2100
@ -72,4 +72,8 @@ in
tower
];
"forgejo_runners-token_file.age".publicKeys = [ tower ];
"stalwart-admin.age".publicKeys = [
tower
akhaten
];
}

7
secrets/stalwart-admin.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 AqX2tg nU1QhxAS4dGHMoxv3nGtYXYtL0Kkl/CeGbVT3lsFYSo
Xr+YMV0IYAGTOBbWDHFjTwI3yKeo4/YK5eJ0sjtPUIw
-> ssh-ed25519 81O5Zw m+rlGUE7DwjB2iVm08//5U33qEZ/DEQJZ4m910pFnWo
ESfL9t4CLGVO7YQWolEaFz1KaQ/VR0gj7xt7iUAoOUM
--- eq18dwzZLAYBmOpRaQ6OB/Ry89tB6jR8lMGGm0R4ZNo
/ô6 ²‡QœÄÿaU¡ÏÆrgX©ÿlP5c”>d5l¼´ËÌ¡½(üAr£³\f g¦þ=`±€Ê%¨q/«Žïð€çr¨%äzM9î“<C3AE>ÿãJ#ùcêúrWw7 Õ cÓO<μqûè.<QACž/¡éòXù{ÐJ1+VV“…U™