From 356142e3852e77b3504cd3047fb7cd7c612f51dd Mon Sep 17 00:00:00 2001 From: osbm Date: Wed, 5 Nov 2025 14:06:27 +0300 Subject: [PATCH] i am so sick of this shit --- hosts/nixos/apollo/configuration.nix | 2 +- modules/nixos/services/mailserver.nix | 76 +++++++++++++-------------- modules/nixos/services/nginx.nix | 27 ++++------ 3 files changed, 49 insertions(+), 56 deletions(-) diff --git a/hosts/nixos/apollo/configuration.nix b/hosts/nixos/apollo/configuration.nix index 447ccb9..8a7b4d1 100644 --- a/hosts/nixos/apollo/configuration.nix +++ b/hosts/nixos/apollo/configuration.nix @@ -11,7 +11,7 @@ services = { glance.enable = true; # anubis.enable = true; - mailserver.enable = true; + # mailserver.enable = true; nginx.enable = true; forgejo.enable = true; vaultwarden.enable = true; diff --git a/modules/nixos/services/mailserver.nix b/modules/nixos/services/mailserver.nix index 7070aef..fa17b06 100644 --- a/modules/nixos/services/mailserver.nix +++ b/modules/nixos/services/mailserver.nix @@ -39,44 +39,44 @@ && config.osbmModules.hardware.disko.zfs.root.impermanenceRoot ) { - environment.persistence."/persist" = { - directories = [ - # TODO write justifications for each of these - "/var/lib/dovecot" # owned by root - "/var/lib/postfix" # owned by root - { - directory = "/var/lib/rspamd"; - user = "rspamd"; - group = "rspamd"; - mode = "0750"; - } - { - directory = "/var/spool/redis-rspamd"; - user = "redis-rspamd"; - group = "redis-rspamd"; - mode = "0750"; - } - { - directory = "/var/sieve"; - user = "virtualMail"; - group = "virtualMail"; - mode = "0770"; - } - { - directory = "/var/vmail"; - user = "virtualMail"; - group = "virtualMail"; - mode = "0700"; - } - { - directory = "/var/dkim"; - user = "rspamd"; - group = "rspamd"; - mode = "0755"; - } - "/var/spool" - ]; - }; + # environment.persistence."/persist" = { + # directories = [ + # # TODO write justifications for each of these + # "/var/lib/dovecot" # owned by root + # "/var/lib/postfix" # owned by root + # { + # directory = "/var/lib/rspamd"; + # user = "rspamd"; + # group = "rspamd"; + # mode = "0750"; + # } + # { + # directory = "/var/spool/redis-rspamd"; + # user = "redis-rspamd"; + # group = "redis-rspamd"; + # mode = "0750"; + # } + # { + # directory = "/var/sieve"; + # user = "virtualMail"; + # group = "virtualMail"; + # mode = "0770"; + # } + # { + # directory = "/var/vmail"; + # user = "virtualMail"; + # group = "virtualMail"; + # mode = "0700"; + # } + # { + # directory = "/var/dkim"; + # user = "rspamd"; + # group = "rspamd"; + # mode = "0755"; + # } + # "/var/spool" + # ]; + # }; }) ]; } diff --git a/modules/nixos/services/nginx.nix b/modules/nixos/services/nginx.nix index 45416d7..ec48e47 100644 --- a/modules/nixos/services/nginx.nix +++ b/modules/nixos/services/nginx.nix @@ -8,13 +8,6 @@ (lib.mkIf config.osbmModules.services.nginx.enable { services.nginx = { enable = true; - - # Add virtual host for mail.osbm.dev to handle ACME challenges - virtualHosts."mail.osbm.dev" = lib.mkIf config.osbmModules.services.mailserver.enable { - locations."/.well-known/acme-challenge" = { - root = "/var/lib/acme/acme-challenge"; - }; - }; }; networking.firewall.allowedTCPPorts = [ @@ -34,16 +27,16 @@ && config.osbmModules.hardware.disko.zfs.root.impermanenceRoot ) { - environment.persistence."/persist" = { - directories = [ - { - directory = "/var/lib/acme"; - user = "acme"; - group = "nginx"; - mode = "0750"; - } - ]; - }; + # environment.persistence."/persist" = { + # directories = [ + # { + # directory = "/var/lib/acme"; + # user = "acme"; + # group = "nginx"; + # mode = "0750"; + # } + # ]; + # }; } ) ];