ryan.freumh.org
+136
-1
flake.lock
+136
-1
flake.lock
······
+7
-3
flake.nix
+7
-3
flake.nix
···
+2
-1
man/default.nix
+2
-1
man/default.nix
+1
-3
modules/default.nix
+1
-3
modules/default.nix
······
+8
-1
modules/mailserver.nix
+8
-1
modules/mailserver.nix
······
-78
modules/mailserver/borgbackup.nix
-78
modules/mailserver/borgbackup.nix
···-compressionFragment = lib.concatStringsSep "," (lib.flatten [autoFragment methodFragment levelFragment]);-compression = lib.optionalString (compressionFragment != "") "--compression ${compressionFragment}";-(if cfg.encryption.passphraseFile != null then ''env BORG_PASSPHRASE="$(cat ${passphraseFile})"''-${passphraseFragment} ${pkgs.borgbackup}/bin/borg init ${extraInitArgs} --encryption ${encryptionFragment} || true-${passphraseFragment} ${pkgs.borgbackup}/bin/borg create ${extraCreateArgs} ${compression} ::${name} ${locations}
-30
modules/mailserver/clamav.nix
-30
modules/mailserver/clamav.nix
···
-48
modules/mailserver/common.nix
-48
modules/mailserver/common.nix
···
-4
modules/mailserver/debug.nix
-4
modules/mailserver/debug.nix
-1035
modules/mailserver/default.nix
-1035
modules/mailserver/default.nix
···-description = "Secondary domains and subdomains for which it is necessary to generate a certificate.";-example = "$6$evQJs5CFQyPAW09S$Cn99Y8.QjZ2IBnSu4qf1vBxDRWkaIZWOtmu1Ddsm3.H3CFpeVc0JU4llIq8HQXgeatvYhh5O33eWG3TSpjzu6/";-password = "$6$evQJs5CFQyPAW09S$Cn99Y8.QjZ2IBnSu4qf1vBxDRWkaIZWOtmu1Ddsm3.H3CFpeVc0JU4llIq8HQXgeatvYhh5O33eWG3TSpjzu6/";-password = "$6$oE0ZNv2n7Vk9gOf$9xcZWCCLGdMflIfuA0vR1Q1Xblw6RZqPrP94mEit2/81/7AKj2bqUai5yPyWE.QYPyv6wLMHZvjw3Rlg7yTCD/";-enable = lib.mkEnableOption "Full text search indexing with xapian. This has significant performance and disk space cost.";-description = "Memory limit for the indexer process, in MiB. If null, leaves the default (which is rather low), and if 0, no limit.";-description = "When to run the maintenance job. See systemd.time(7) for more information about the format.";-description = "Run the maintenance job not exactly at the time specified with <literal>onCalendar</literal>, but plus or minus this many seconds.";-For instance when using "." then in a sieve script "example.com" would refer to the mailbox "com" in the parent mailbox "example".-Runs a local DNS resolver (kresd) as recommended when running rspamd. This prevents your log file from filling up with rspamd_monitored_dns_mon entries.-defaultText = lib.literalMD "computed from <option>config.services.redis.servers.rspamd.bind</option>";-if failed host ${cfg.fqdn} port 993 type tcpssl sslauto protocol imap for 5 cycles then restart-description = "When or how often the backup should run. Must be in the format described in systemd.time 7.";-description = "Leaves it to borg to determine whether an individual file should be compressed.";-This is called prior to borg init in the same script that runs borg init and create and cmdPostexec.-It is recommended to use the default value because the quicker kexec reboot has a number of problems.-Also if your server is running in a virtual machine the regular reboot will already be very quick.-The command to be executed before each backup operation. This is wrapped in a shell script to be called by rsnapshot.-description = "The command to be executed after each backup operation. This is wrapped in a shell script to be called by rsnapshot.";
-319
modules/mailserver/dovecot.nix
-319
modules/mailserver/dovecot.nix
···-for f in ${builtins.toString (lib.mapAttrsToList (name: value: passwordFiles."${name}") cfg.loginAccounts)}; do-let passwordHash = ''$(${pkgs.dovecot}/bin/doveadm pw -p "$(head -n 1 ${passwordFiles."${name}"})")''; in-"${name}:${passwordHash}:${builtins.toString cfg.vmailUID}:${builtins.toString cfg.vmailUID}::${cfg.mailDirectory}:/run/current-system/sw/bin/nologin:"-junkMailboxes = builtins.attrNames (lib.filterAttrs (n: v: v ? "specialUse" && v.specialUse == "Junk") cfg.mailboxes);-modules = [ pkgs.dovecot_pigeonhole ] ++ (lib.optional cfg.fullTextSearch.enable pkgs.dovecot_fts_xapian );-fts_xapian = partial=${toString cfg.fullTextSearch.minSize} full=${toString cfg.fullTextSearch.maxSize} attachments=${bool2int cfg.fullTextSearch.indexAttachments} verbose=${bool2int cfg.debug}-${lib.strings.concatImapStringsSep "\n" (n: x: "fts_autoindex_exclude${if n==1 then "" else toString n} = ${x}") cfg.fullTextSearch.autoIndexExclude}-systemd.services.dovecot-fts-xapian-optimize = lib.mkIf (cfg.fullTextSearch.enable && cfg.fullTextSearch.maintenance.enable) {-systemd.timers.dovecot-fts-xapian-optimize = lib.mkIf (cfg.fullTextSearch.enable && cfg.fullTextSearch.maintenance.enable && cfg.fullTextSearch.maintenance.randomizedDelaySec != 0) {
-15
modules/mailserver/dovecot/imap_sieve/report-ham.sieve
-15
modules/mailserver/dovecot/imap_sieve/report-ham.sieve
···
-7
modules/mailserver/dovecot/imap_sieve/report-spam.sieve
-7
modules/mailserver/dovecot/imap_sieve/report-spam.sieve
-3
modules/mailserver/dovecot/pipe_bin/sa-learn-ham.sh
-3
modules/mailserver/dovecot/pipe_bin/sa-learn-ham.sh
-3
modules/mailserver/dovecot/pipe_bin/sa-learn-spam.sh
-3
modules/mailserver/dovecot/pipe_bin/sa-learn-spam.sh
-28
modules/mailserver/environment.nix
-28
modules/mailserver/environment.nix
···
-27
modules/mailserver/kresd.nix
-27
modules/mailserver/kresd.nix
···
-32
modules/mailserver/monit.nix
-32
modules/mailserver/monit.nix
···
-37
modules/mailserver/networking.nix
-37
modules/mailserver/networking.nix
···
-44
modules/mailserver/nginx.nix
-44
modules/mailserver/nginx.nix
···
-88
modules/mailserver/opendkim.nix
-88
modules/mailserver/opendkim.nix
···-(dom: "${dom} ${dom}:${cfg.dkimSelector}:${cfg.dkimKeyDirectory}/${dom}.${cfg.dkimSelector}.key")));
-46
modules/mailserver/post-upgrade-check.nix
-46
modules/mailserver/post-upgrade-check.nix
···-systemd.services.nixos-upgrade.serviceConfig.ExecStartPost = pkgs.writeScript "post-upgrade-check" ''-# This is just an educated guess. If the links do not differ the kernels might still be different, according to spacefrogg in #nixos.-echo "kernel version seems unchanged, skipping reboot" | systemd-cat --priority 4 --identifier "post-upgrade-check";-echo "kernel path changed, possibly a new version" | systemd-cat --priority 2 --identifier "post-upgrade-check"
-269
modules/mailserver/postfix.nix
-269
modules/mailserver/postfix.nix
···-in lib.concatStringsSep "\n" (lib.mapAttrsToList (name: value: "${name} ${valueToString value}") attrs);-denied_recipients_file = builtins.toFile "denied_recipients" (lib.concatStringsSep "\n" denied_recipients_postfix);-reject_senders_file = builtins.toFile "reject_senders" (lib.concatStringsSep "\n" (reject_senders_postfix)) ;-reject_recipients_file = builtins.toFile "reject_recipients" (lib.concatStringsSep "\n" (reject_recipients_postfix)) ;-smtpd_recipient_restrictions = "reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject";-virtual = lookupTableToString (mergeLookupTables [all_valiases_postfix catchAllPostfix forwards]);-milter_mail_macros = "i {mail_addr} {client_addr} {client_name} {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer}";
-59
modules/mailserver/rsnapshot.nix
-59
modules/mailserver/rsnapshot.nix
···
-119
modules/mailserver/rspamd.nix
-119
modules/mailserver/rspamd.nix
···-scan_mime_parts = false; # scan mail as a whole unit, not parts. seems to be needed to work at all-requires = [ "redis-rspamd.service" ] ++ (lib.optional cfg.virusScanning "clamav-daemon.service");-after = [ "redis-rspamd.service" ] ++ (lib.optional cfg.virusScanning "clamav-daemon.service");
-83
modules/mailserver/systemd.nix
-83
modules/mailserver/systemd.nix
···
-97
modules/mailserver/users.nix
-97
modules/mailserver/users.nix
···