diff options
Diffstat (limited to 'tv/2configs')
| -rw-r--r-- | tv/2configs/base.nix | 3 | ||||
| -rw-r--r-- | tv/2configs/charybdis.nix | 4 | ||||
| -rw-r--r-- | tv/2configs/exim-smarthost.nix | 55 | ||||
| -rw-r--r-- | tv/2configs/git.nix | 3 |
4 files changed, 61 insertions, 4 deletions
diff --git a/tv/2configs/base.nix b/tv/2configs/base.nix index 89a66115..1c6eba66 100644 --- a/tv/2configs/base.nix +++ b/tv/2configs/base.nix @@ -15,9 +15,10 @@ in imports = [ { + # TODO never put hashedPassword into the store users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) - (import /root/src/secrets/hashedPasswords.nix); + (import <secrets/hashedPasswords.nix>); } { users.defaultUserShell = "/run/current-system/sw/bin/bash"; diff --git a/tv/2configs/charybdis.nix b/tv/2configs/charybdis.nix index a949026d..80c6f7c4 100644 --- a/tv/2configs/charybdis.nix +++ b/tv/2configs/charybdis.nix @@ -21,7 +21,7 @@ let }; dhParams = mkOption { type = types.str; - default = "/root/src/secrets/charybdis.dh.pem"; + default = toString <secrets/charybdis.dh.pem>; }; motd = mkOption { type = types.str; @@ -32,7 +32,7 @@ let }; sslKey = mkOption { type = types.str; - default = "/root/src/secrets/charybdis.key.pem"; + default = toString <secrets/charybdis.key.pem>; }; }; diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix new file mode 100644 index 00000000..811c8e4c --- /dev/null +++ b/tv/2configs/exim-smarthost.nix @@ -0,0 +1,55 @@ +{ config, pkgs, ... }: + +{ + krebs.exim-smarthost = { + enable = true; + primary_hostname = "${config.networking.hostName}.retiolum"; + sender_domains = [ + "shackspace.de" + "viljetic.de" + ]; + relay_from_hosts = [ + "10.243.13.37" + ]; + internet-aliases = with config.krebs.users; [ + { from = "tomislav@viljetic.de"; to = tv.mail; } + + # (mindestens) lisp-stammtisch und elli haben die: + { from = "tv@viljetic.de"; to = tv.mail; } + + { from = "tv@destroy.dyn.shackspace.de"; to = tv.mail; } + + { from = "mirko@viljetic.de"; to = mv.mail; } + + # TODO killme (wo wird die benutzt?) + { from = "tv@cd.retiolum"; to = tv.mail; } + + # TODO lists@smtp.retiolum [consul] + { from = "postmaster@krebsco.de"; to = tv.mail; } + + { from = "spam@krebsco.de"; + to = pkgs.lib.concatStringsSep "," [ + tv.mail + "lass@mors.retiolum" + makefu.mail + ]; + } + ]; + system-aliases = [ + { from = "mailer-daemon"; to = "postmaster"; } + { from = "postmaster"; to = "root"; } + { from = "nobody"; to = "root"; } + { from = "hostmaster"; to = "root"; } + { from = "usenet"; to = "root"; } + { from = "news"; to = "root"; } + { from = "webmaster"; to = "root"; } + { from = "www"; to = "root"; } + { from = "ftp"; to = "root"; } + { from = "abuse"; to = "root"; } + { from = "noc"; to = "root"; } + { from = "security"; to = "root"; } + { from = "root"; to = "tv"; } + { from = "mirko"; to = "mv"; } + ]; + }; +} diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix index 6624d62d..5f5fae48 100644 --- a/tv/2configs/git.nix +++ b/tv/2configs/git.nix @@ -51,7 +51,8 @@ let collaborators = with config.krebs.users; [ lass makefu ]; }; } // - import /root/src/secrets/repos.nix { inherit config lib pkgs; } + # TODO don't put secrets/repos.nix into the store + import <secrets/repos.nix> { inherit config lib pkgs; } ); make-public-repo = name: { desc ? null, ... }: { |