commit 8813157fd717408397baadcae0b544c58501273a · pyrox.dev/nix

+2 -1

systems/x86_64-linux/marvin/services/tangled.nix

···

       25
       25
        
           tangled-spindle = {

     

       26
       26
        
             enable = true;

     

       27
       27
        
             server = {

     

       28
       28
       -
               listenAddr = "0.0.0.0:${ds.port}";

     

       28
       28
       +
               listenAddr = "0.0.0.0:${toString ds.port}";

     

       29
       29
        
               hostname = ds.extUrl;

     

       30
       30
        
               owner = "did:plc:5cqzysioqzttihsnbsaxrggu";

     

       31
       31
        
             };

     

       32
       32
        
             pipelines.workflowTimeout = "10m";

     

       33
       33
        
           };

     

       34
       34
       +
           openssh.enable = lib.mkForce cfg.enable;

     

       34
       35
        
           openssh.ports = [ 2222 ];

     

       35
       36
        
           openssh.settings.AllowUsers = [ "git" ];

     

       36
       37
        
           openssh.settings.AllowGroups = [ "git" ];

+30 -27

systems/x86_64-linux/prefect/services/caddy.nix

···

       1
       1
        
       { pkgs, lib, ... }:

     

       2
       2
        
       let

     

       3
       3
        
         pns = lib.py.data.services;

     

       4
       4
       -
         mail = lib.py.data.mail;

     

       4
       4
       +
         # mail = lib.py.data.mail;

     

       5
       5
        
         marvin = "http://${lib.py.data.hosts.marvin.ts.ip4}";

     

       6
       6
        
         marvinIP = lib.py.data.hosts.marvin.ts.ip4;

     

       7
       7
        
         tsNet = lib.py.data.tsNet;

     
···

       283
       283
        
               ref refs/heads/pages

     

       284
       284
        
               refresh_period 10m

     

       285
       285
        
             }

     

       286
       286
       -
           '';

     

       287
       287
       -
           extraConfig = ''

     

       288
       286
        
             layer4 {

     

       289
       287
        
               :22 {

     

       290
       288
        
                 @a ssh

     
···

       292
       290
        
                   proxy ${marvinIP}:2222

     

       293
       291
        
                 }

     

       294
       292
        
               }

     

       295
       295
       -
               # 0.0.0.0:465 {

     

       296
       296
       -
               #   route {

     

       297
       297
       -
               #     proxy {

     

       298
       298
       -
               #       proxy_protocol v2

     

       299
       299
       -
               #       upstream ${marvinIP}:${mail.intSMTPS}

     

       300
       300
       -
               #     }

     

       301
       301
       -
               #   }

     

       302
       302
       -
               # }

     

       303
       303
       -
               # 0.0.0.0:993 {

     

       304
       304
       -
               #   route {

     

       305
       305
       -
               #     proxy {

     

       306
       306
       -
               #       proxy_protocol v2

     

       307
       307
       -
               #       upstream ${marvinIP}:${mail.intIMAPS}

     

       308
       308
       -
               #     }

     

       309
       309
       -
               #   }

     

       310
       310
       -
               # }

     

       311
       311
       -
               # 0.0.0.0:4190 {

     

       312
       312
       -
               #   route {

     

       313
       313
       -
               #     proxy {

     

       314
       314
       -
               #       proxy_protocol v2

     

       315
       315
       -
               #       upstream ${marvinIP}:${mail.intManageSieve}

     

       316
       316
       -
               #     }

     

       317
       317
       -
               #   }

     

       318
       318
       -
               # }

     

       319
       293
        
             }

     

       320
       294
        
           '';

     

       295
       295
       +
           # TODO: Move the below section to global options once stalwart is working

     

       296
       296
       +
           # extraConfig = ''

     

       297
       297
       +
           #   layer4 {

     

       298
       298
       +
           #     0.0.0.0:465 {

     

       299
       299
       +
           #       route {

     

       300
       300
       +
           #         proxy {

     

       301
       301
       +
           #           proxy_protocol v2

     

       302
       302
       +
           #           upstream ${marvinIP}:mail.intSMTPS}

     

       303
       303
       +
           #         }

     

       304
       304
       +
           #       }

     

       305
       305
       +
           #     }

     

       306
       306
       +
           #     0.0.0.0:993 {

     

       307
       307
       +
           #       route {

     

       308
       308
       +
           #         proxy {

     

       309
       309
       +
           #           proxy_protocol v2

     

       310
       310
       +
           #           upstream ${marvinIP}:mail.intIMAPS}

     

       311
       311
       +
           #         }

     

       312
       312
       +
           #       }

     

       313
       313
       +
           #     }

     

       314
       314
       +
           #     0.0.0.0:4190 {

     

       315
       315
       +
           #       route {

     

       316
       316
       +
           #         proxy {

     

       317
       317
       +
           #           proxy_protocol v2

     

       318
       318
       +
           #           upstream ${marvinIP}:mail.intManageSieve}

     

       319
       319
       +
           #         }

     

       320
       320
       +
           #       }

     

       321
       321
       +
           #     }

     

       322
       322
       +
           #   }

     

       323
       323
       +
           # '';

     

       321
       324
        
         };

     

       322
       325
        
         systemd.services.caddy.serviceConfig.CapabilityBoundingSet = "CAP_NET_BIND_SERVICE";

     

       323
       326
        
         systemd.services.caddy.serviceConfig.AmbientCapabilities = "CAP_NET_BIND_SERVICE";

+2 -4

systems/x86_64-linux/prefect/services/mailserver/default.nix

···

       8
       8
        
         mailserver = {

     

       9
       9
        
           enable = true;

     

       10
       10
        
           fqdn = "mail.pyrox.dev";

     

       11
       11
       +
           systemName = "PyroNet Mail";

     

       12
       12
       +
           systemDomain = "mail.pyrox.dev";

     

       11
       13
        
           openFirewall = true;

     

       12
       14
        
           stateVersion = 3;

     

       13
       15
        
       

     
···

       45
       47
        
           # DMARC Settings

     

       46
       48
        
           dmarcReporting = {

     

       47
       49
        
             enable = true;

     

       48
       48
       -
             domain = "pyrox.dev";

     

       49
       49
       -
             localpart = "dmarc-noreply";

     

       50
       50
       -
             fromName = "PyroNet Mail DMARC Service";

     

       51
       51
       -
             organizationName = "PyroNet Mail";

     

       52
       50
        
           };

     

       53
       51
        
       

     

       54
       52
        
           # Mailboxes for all users