From b9f38f6cda90824e85d657707b4cdc80aed26988 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 6 Dec 2022 19:44:30 +0100 Subject: ssl: move rootCA to 6assets --- krebs/3modules/ssl.nix | 21 +-------------------- 1 file changed, 1 insertion(+), 20 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/ssl.nix b/krebs/3modules/ssl.nix index 3a9b5d32..8cbd8dcc 100644 --- a/krebs/3modules/ssl.nix +++ b/krebs/3modules/ssl.nix @@ -5,26 +5,7 @@ in { rootCA = lib.mkOption { type = lib.types.str; readOnly = true; - default = '' - -----BEGIN CERTIFICATE----- - MIIC0jCCAjugAwIBAgIJAKeARo6lDD0YMA0GCSqGSIb3DQEBBQUAMIGBMQswCQYD - VQQGEwJaWjESMBAGA1UECAwJc3RhdGVsZXNzMRAwDgYDVQQKDAdLcmVic2NvMQsw - CQYDVQQLDAJLTTEWMBQGA1UEAwwNS3JlYnMgUm9vdCBDQTEnMCUGCSqGSIb3DQEJ - ARYYcm9vdC1jYUBzeW50YXgtZmVobGVyLmRlMB4XDTE0MDYxMTA4NTMwNloXDTM5 - MDIwMTA4NTMwNlowgYExCzAJBgNVBAYTAlpaMRIwEAYDVQQIDAlzdGF0ZWxlc3Mx - EDAOBgNVBAoMB0tyZWJzY28xCzAJBgNVBAsMAktNMRYwFAYDVQQDDA1LcmVicyBS - b290IENBMScwJQYJKoZIhvcNAQkBFhhyb290LWNhQHN5bnRheC1mZWhsZXIuZGUw - gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMs/WNyeQziccllLqom7bfCjlh6/ - /qx9p6UOqpw96YOOT3sh/mNSBLyNxIUJbWsU7dN5hT7HkR7GwzpfKDtudd9qiZeU - QNYQ+OL0HdOnApjdPqdspZfKxKTXyC1T1vJlaODsM1RBrjLK9RUcQZeNhgg3iM9B - HptOCrMI2fjCdZuVAgMBAAGjUDBOMB0GA1UdDgQWBBSKeq01+rAwp7yAXwzlwZBo - 3EGVLzAfBgNVHSMEGDAWgBSKeq01+rAwp7yAXwzlwZBo3EGVLzAMBgNVHRMEBTAD - AQH/MA0GCSqGSIb3DQEBBQUAA4GBAIWIffZuQ43ddY2/ZnjAxPCRpM3AjoKIwEj9 - GZuLJJ1sB9+/PAPmRrpmUniRkPLD4gtmolDVuoLDNAT9os7/v90yg5dOuga33Ese - 725musUbhEoQE1A1oVHrexBs2sQOplxHKsVXoYJp2/trQdqvaNaEKc3EeVnzFC63 - 80WiO952 - -----END CERTIFICATE----- - ''; + default = builtins.readFile ../6assets/krebsRootCA.crt; }; intermediateCA = lib.mkOption { type = lib.types.str; -- cgit v1.2.3 From 2eb33e60b45c2b37d51a57b0fbe4a023861a7429 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 7 Dec 2022 19:25:46 +0100 Subject: Revert "exim-smarthost: check SPF" This reverts commit 426d6e2e5cdbe52cf776400cec85036f4cb86b79. --- krebs/3modules/exim-smarthost.nix | 33 +-------------------------------- 1 file changed, 1 insertion(+), 32 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index 5923b610..38cc828b 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -126,9 +126,8 @@ let domainlist sender_domains = ${concatStringsSep ":" cfg.sender_domains} hostlist relay_from_hosts = <;${concatStringsSep ";" cfg.relay_from_hosts} - acl_smtp_data = acl_check_data - acl_smtp_mail = acl_check_mail acl_smtp_rcpt = acl_check_rcpt + acl_smtp_data = acl_check_data never_users = root @@ -180,36 +179,6 @@ let accept - acl_check_mail: - accept - sender_domains = +sender_domains - hosts = +relay_from_hosts - deny - spf = fail : softfail - log_message = spf=$spf_result - message = SPF validation failed: \ - $sender_host_address is not allowed to send mail from \ - ''${if def:sender_address_domain\ - {$sender_address_domain}\ - {$sender_helo_name}} - deny - spf = permerror - log_message = spf=$spf_result - message = SPF validation failed: \ - syntax error in SPF record(s) for \ - ''${if def:sender_address_domain\ - {$sender_address_domain}\ - {$sender_helo_name}} - defer - spf = temperror - log_message = spf=$spf_result; deferred - message = temporary error during SPF validation; \ - please try again later - warn - spf = none : neutral - log_message = spf=$spf_result - accept - add_header = $spf_received begin routers -- cgit v1.2.3