Luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-03-28 14:50:55 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: redeploy stalwart with hidden creds

Browse source
This commit is contained in:
Julien Malka 2024-08-25 19:28:56 +02:00
parent 45d66e0a09
commit 3e2971341a
Signed by: Luj
GPG key ID: 6FC74C847011FD83
3 changed files with 21 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
machines/akhaten/stalwart.nix
View file

@ -3,10 +3,9 @@
services.stalwart-mail = { services.stalwart-mail = {
enable = true; enable = true;
settings = { settings = {
global.tracing.level = "trace";
authentication.fallback-admin = { authentication.fallback-admin = {
user = "admin"; user = "admin";
secret = "$6$R469iElYzZ7v7TlV$PtJpqLO0Szw.B/r8V.puCC26i5.nfQLJQotTWrNoBsTrFo6/J1pC43OIMKc.2Oli/Of0pjPcgbBNmhfFImuuu0"; secret = "%{file:/var/lib/stalwart-mail/admin-hash}%";
}; };
lookup.default.hostname = "mail.luj.fr"; lookup.default.hostname = "mail.luj.fr";
server = { server = {
@ -57,6 +56,13 @@
}; };
}; };
age.secrets.stalwart-admin-hash = {
file = ../../secrets/stalwart-admin.age;
path = "/var/lib/stalwart-mail/admin-hash";
owner = "stalwart-mail";
group = "stalwart-mail";
};
machine.meta.zones."luj.fr".subdomains."mail" = { machine.meta.zones."luj.fr".subdomains."mail" = {
A = [ config.machine.meta.ips.public.ipv4 ]; A = [ config.machine.meta.ips.public.ipv4 ];
AAAA = [ config.machine.meta.ips.public.ipv6 ]; AAAA = [ config.machine.meta.ips.public.ipv6 ];

8
secrets/secrets.nix
View file

@ -9,7 +9,7 @@ let
lambda = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKluGTi+vGRLU2emYBhTJuEy7Qw0xq1e0Ey7wvU9xYHz"; lambda = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKluGTi+vGRLU2emYBhTJuEy7Qw0xq1e0Ey7wvU9xYHz";
nuage = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEtPoZXJKPfSPGYb/H9eWL0tNSpAKM6V/AgeE1Uf2Is6"; nuage = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEtPoZXJKPfSPGYb/H9eWL0tNSpAKM6V/AgeE1Uf2Is6";
enigma = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBgBNhXqFN79KUpmey44pag2FQYVulf1gYnRjdbvkzWW"; enigma = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBgBNhXqFN79KUpmey44pag2FQYVulf1gYnRjdbvkzWW";
lisanew = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII5W1rr+VW2TLLytoTExWg4T14lrdLFkSM4YLfbEIb2g"; akhaten = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII5W1rr+VW2TLLytoTExWg4T14lrdLFkSM4YLfbEIb2g";
servers = [ servers = [
gustave gustave
tower tower
@ -18,7 +18,7 @@ let
lambda lambda
core-data core-data
nuage nuage
lisanew akhaten
]; ];
all = servers ++ [ all = servers ++ [
x2100 x2100
@ -72,4 +72,8 @@ in
tower tower
]; ];
"forgejo_runners-token_file.age".publicKeys = [ tower ]; "forgejo_runners-token_file.age".publicKeys = [ tower ];
"stalwart-admin.age".publicKeys = [
tower
akhaten
];
} }

7
secrets/stalwart-admin.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 AqX2tg nU1QhxAS4dGHMoxv3nGtYXYtL0Kkl/CeGbVT3lsFYSo
Xr+YMV0IYAGTOBbWDHFjTwI3yKeo4/YK5eJ0sjtPUIw
-> ssh-ed25519 81O5Zw m+rlGUE7DwjB2iVm08//5U33qEZ/DEQJZ4m910pFnWo
ESfL9t4CLGVO7YQWolEaFz1KaQ/VR0gj7xt7iUAoOUM
--- eq18dwzZLAYBmOpRaQ6OB/Ry89tB6jR8lMGGm0R4ZNo
/ô6 ²‡QœÄÿaU¡ÏÆrgX©ÿlP5c”>d5l¼´ËÌ¡½(üAr£³\f g¦þ=`±€Ê%¨q/«Žïð€çr¨%äzM9î“<C3AE>ÿãJ#ùcêúrWw7 Õ cÓO<μqûè.<QACž/¡éòXù{ÐJ1+VV“…U™