From bb3f1b222ebb551d3acc9be394a867b5ba948c17 Mon Sep 17 00:00:00 2001 From: DACHXY Date: Sun, 4 May 2025 03:09:03 +0800 Subject: [PATCH] Squash merge mail-server into main --- system/dev/dn-server/default.nix | 1 + system/dev/dn-server/mail-server.nix | 49 ++++++++++++++++++++++++++++ system/dev/dn-server/networking.nix | 1 + system/dev/dn-server/services.nix | 10 +++--- 4 files changed, 57 insertions(+), 4 deletions(-) create mode 100644 system/dev/dn-server/mail-server.nix diff --git a/system/dev/dn-server/default.nix b/system/dev/dn-server/default.nix index 48360b1..77b9209 100644 --- a/system/dev/dn-server/default.nix +++ b/system/dev/dn-server/default.nix @@ -18,6 +18,7 @@ ./services.nix ./nginx.nix ./step-ca.nix + ./mail-server.nix ../../modules/presets/minimal.nix ../../modules/bluetooth.nix ../../modules/cuda.nix diff --git a/system/dev/dn-server/mail-server.nix b/system/dev/dn-server/mail-server.nix new file mode 100644 index 0000000..2ee0860 --- /dev/null +++ b/system/dev/dn-server/mail-server.nix @@ -0,0 +1,49 @@ +{ + config, + settings, + ... +}: +with builtins; +let + interfaces = config.networking.wireguard.interfaces; + allowedIPs = concatLists [ + (concatLists (map (interface: interfaces.${interface}.ips) (attrNames interfaces))) + [ + "127.0.0.1" + ] + ]; + fqdn = config.networking.fqdn; + # fqdn = "dn-server.daccc.info"; +in +{ + networking.firewall.allowedTCPPorts = [ 25 ]; + + services.postfix = { + enable = true; + hostname = fqdn; + origin = fqdn; + networks = allowedIPs; + destination = [ + "localhost" + "localhost.${fqdn}" + fqdn + ]; + + postmasterAlias = "root"; + rootAlias = settings.personal.username; + + extraAliases = '' + mailer-daemon: postmaster + nobody: root + hostmaster: root + usenet: root + news: root + webmaster: root + www: root + ftp: root + abuse: root + noc: root + security: root + ''; + }; +} diff --git a/system/dev/dn-server/networking.nix b/system/dev/dn-server/networking.nix index e7cd237..2af68d6 100644 --- a/system/dev/dn-server/networking.nix +++ b/system/dev/dn-server/networking.nix @@ -1,6 +1,7 @@ { ... }: { networking = { + domain = "net.dn"; networkmanager.enable = true; enableIPv6 = true; firewall = { diff --git a/system/dev/dn-server/services.nix b/system/dev/dn-server/services.nix index b380354..eef364a 100644 --- a/system/dev/dn-server/services.nix +++ b/system/dev/dn-server/services.nix @@ -68,7 +68,7 @@ let ip = "10.0.0.1/24"; interface = "wg0"; port = 51820; - domain = "net.dn"; + domain = config.networking.domain; range = "10.0.0.0/24"; full = "10.0.0.1/25"; restrict = "10.0.0.128/25"; @@ -80,7 +80,7 @@ let interface = "wg1"; port = 51821; masterIP = "10.10.0.1"; - masterHostname = "api-kube.net.dn"; + masterHostname = "api-kube.${config.networking.domain}"; masterAPIServerPort = 6443; }; @@ -368,6 +368,7 @@ in serverIP = getCleanAddress personal.ip; kubeIP = getCleanAddress kube.ip; origin = "${personal.domain}."; + hostname = config.networking.hostName; in pkgs.writeText "db.${personal.domain}" '' $ORIGIN ${origin} @@ -387,7 +388,7 @@ in nextcloud IN A ${serverIP} pre-nextcloud IN A ${serverIP} ca IN A ${serverIP} - server IN A ${serverIP} + ${hostname} IN A ${serverIP} mail IN A ${serverIP} api-kube IN A ${kubeIP} ${dnsRecords} @@ -406,6 +407,7 @@ in let serverIP = getSubAddress personal.ip; mailIP = getSubAddress personal.ip; + hostname = config.networking.hostName; in pkgs.writeText "${getReverseFilename personal.ip}" '' $TTL 86400 @@ -418,7 +420,7 @@ in IN NS dns.${personal.domain}. ${serverIP} IN PTR dns.${personal.domain}. - ${serverIP} IN PTR server.${personal.domain}. + ${serverIP} IN PTR ${hostname}.${personal.domain}. ${serverIP} IN PTR nextcloud.${personal.domain}. ${serverIP} IN PTR pre-nextcloud.${personal.domain}. ${serverIP} IN PTR ca.${personal.domain}.