dachxy/nix-conf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: mailserver

Browse source
This commit is contained in:
DACHXY 2025-08-14 12:27:49 +08:00
parent 0ebf0d7a29
commit b8a31b6264
28 changed files with 2446 additions and 1350 deletions
Download patch file Download diff file Expand all files Collapse all files

59
system/dev/dn-server/sops-conf.nix
View file

@ -1,4 +1,7 @@
{ config, ... }:
{ config, lib, ... }:
let
inherit (lib) mkIf;
in
{
sops = {
secrets = {
@ -6,10 +9,56 @@
"nextcloud/adminPassword" = { };
"step_ca/password" = { };
vaultwarden = { };
"postfix/openldap" = { };
"openldap/adminPassword" = {
owner = config.users.users.openldap.name;
group = config.users.users.openldap.group;
"oauth/password" = { };
"ldap/password" = lib.mkIf config.mail-server.enable {
mode = "0660";
owner = config.services.openldap.user;
group = config.services.openldap.group;
};
"ldap/env" = lib.mkIf config.mail-server.enable {
mode = "0660";
group = config.users.groups.docker.name;
};
"powerdns-admin/secret" = {
mode = "0660";
owner = "powerdnsadmin";
group = "powerdnsadmin";
};
"powerdns-admin/salt" = {
mode = "0660";
owner = "powerdnsadmin";
group = "powerdnsadmin";
};
powerdns = {
mode = "0660";
owner = "pdns";
group = "pdns";
};
rspamd-trainer = { };
"acme/env" = mkIf config.security.acme.acceptTerms {
mode = "0660";
owner = "acme";
group = "acme";
};
"postsrsd/secret" = mkIf config.services.postsrsd.enable {
mode = "0660";
owner = config.services.postsrsd.user;
group = config.services.postsrsd.group;
};
"grafana/password" = mkIf config.services.grafana.enable {
mode = "0660";
owner = "grafana";
group = "grafana";
};
"grafana/client_secret" = mkIf config.services.grafana.enable {
mode = "0660";
owner = "grafana";
group = "grafana";
};
"prometheus/powerdns/password" = mkIf config.services.prometheus.enable {
mode = "0660";
owner = "prometheus";
group = config.users.users.prometheus.group;
};
};
};