i am so sick of this shit
This commit is contained in:
parent
714cfb9c0e
commit
356142e385
3 changed files with 49 additions and 56 deletions
|
|
@ -11,7 +11,7 @@
|
|||
services = {
|
||||
glance.enable = true;
|
||||
# anubis.enable = true;
|
||||
mailserver.enable = true;
|
||||
# mailserver.enable = true;
|
||||
nginx.enable = true;
|
||||
forgejo.enable = true;
|
||||
vaultwarden.enable = true;
|
||||
|
|
|
|||
|
|
@ -39,44 +39,44 @@
|
|||
&& config.osbmModules.hardware.disko.zfs.root.impermanenceRoot
|
||||
)
|
||||
{
|
||||
environment.persistence."/persist" = {
|
||||
directories = [
|
||||
# TODO write justifications for each of these
|
||||
"/var/lib/dovecot" # owned by root
|
||||
"/var/lib/postfix" # owned by root
|
||||
{
|
||||
directory = "/var/lib/rspamd";
|
||||
user = "rspamd";
|
||||
group = "rspamd";
|
||||
mode = "0750";
|
||||
}
|
||||
{
|
||||
directory = "/var/spool/redis-rspamd";
|
||||
user = "redis-rspamd";
|
||||
group = "redis-rspamd";
|
||||
mode = "0750";
|
||||
}
|
||||
{
|
||||
directory = "/var/sieve";
|
||||
user = "virtualMail";
|
||||
group = "virtualMail";
|
||||
mode = "0770";
|
||||
}
|
||||
{
|
||||
directory = "/var/vmail";
|
||||
user = "virtualMail";
|
||||
group = "virtualMail";
|
||||
mode = "0700";
|
||||
}
|
||||
{
|
||||
directory = "/var/dkim";
|
||||
user = "rspamd";
|
||||
group = "rspamd";
|
||||
mode = "0755";
|
||||
}
|
||||
"/var/spool"
|
||||
];
|
||||
};
|
||||
# environment.persistence."/persist" = {
|
||||
# directories = [
|
||||
# # TODO write justifications for each of these
|
||||
# "/var/lib/dovecot" # owned by root
|
||||
# "/var/lib/postfix" # owned by root
|
||||
# {
|
||||
# directory = "/var/lib/rspamd";
|
||||
# user = "rspamd";
|
||||
# group = "rspamd";
|
||||
# mode = "0750";
|
||||
# }
|
||||
# {
|
||||
# directory = "/var/spool/redis-rspamd";
|
||||
# user = "redis-rspamd";
|
||||
# group = "redis-rspamd";
|
||||
# mode = "0750";
|
||||
# }
|
||||
# {
|
||||
# directory = "/var/sieve";
|
||||
# user = "virtualMail";
|
||||
# group = "virtualMail";
|
||||
# mode = "0770";
|
||||
# }
|
||||
# {
|
||||
# directory = "/var/vmail";
|
||||
# user = "virtualMail";
|
||||
# group = "virtualMail";
|
||||
# mode = "0700";
|
||||
# }
|
||||
# {
|
||||
# directory = "/var/dkim";
|
||||
# user = "rspamd";
|
||||
# group = "rspamd";
|
||||
# mode = "0755";
|
||||
# }
|
||||
# "/var/spool"
|
||||
# ];
|
||||
# };
|
||||
})
|
||||
];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,13 +8,6 @@
|
|||
(lib.mkIf config.osbmModules.services.nginx.enable {
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
||||
# Add virtual host for mail.osbm.dev to handle ACME challenges
|
||||
virtualHosts."mail.osbm.dev" = lib.mkIf config.osbmModules.services.mailserver.enable {
|
||||
locations."/.well-known/acme-challenge" = {
|
||||
root = "/var/lib/acme/acme-challenge";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
|
|
@ -34,16 +27,16 @@
|
|||
&& config.osbmModules.hardware.disko.zfs.root.impermanenceRoot
|
||||
)
|
||||
{
|
||||
environment.persistence."/persist" = {
|
||||
directories = [
|
||||
{
|
||||
directory = "/var/lib/acme";
|
||||
user = "acme";
|
||||
group = "nginx";
|
||||
mode = "0750";
|
||||
}
|
||||
];
|
||||
};
|
||||
# environment.persistence."/persist" = {
|
||||
# directories = [
|
||||
# {
|
||||
# directory = "/var/lib/acme";
|
||||
# user = "acme";
|
||||
# group = "nginx";
|
||||
# mode = "0750";
|
||||
# }
|
||||
# ];
|
||||
# };
|
||||
}
|
||||
)
|
||||
];
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue