chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity

meow

Browse source
This commit is contained in:
ChaotiCryptidz 2022-06-26 19:59:29 +01:00
parent a4585bb27c
commit 3f8129a015
No known key found for this signature in database
2 changed files with 11 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
hosts/hetzner-vm/services/mailserver/postfix.nix
View file

@ -30,12 +30,6 @@ let
# all_valiases_postfix :: Map String [String] # all_valiases_postfix :: Map String [String]
all_valiases_postfix = mergeLookupTables [ valiases_postfix ]; all_valiases_postfix = mergeLookupTables [ valiases_postfix ];
# attrsToLookupTable :: Map String (Either String [ String ]) -> Map String [String]
attrsToLookupTable = aliases:
let
lookupTables = lib.mapAttrsToList (from: to: { "${from}" = to; }) aliases;
in mergeLookupTables lookupTables;
# lookupTableToString :: Map String [String] -> String # lookupTableToString :: Map String [String] -> String
lookupTableToString = attrs: lookupTableToString = attrs:
let valueToString = value: lib.concatStringsSep ", " value; let valueToString = value: lib.concatStringsSep ", " value;
@ -117,11 +111,6 @@ in {
policy-spf_time_limit = "3600s"; policy-spf_time_limit = "3600s";
# reject selected senders
#smtpd_sender_restrictions =
# [ "check_sender_access ${mappedFile "reject_senders"}" ];
# quota and spf checking
smtpd_recipient_restrictions = [ smtpd_recipient_restrictions = [
#"check_recipient_access ${mappedFile "denied_recipients"}" #"check_recipient_access ${mappedFile "denied_recipients"}"
#"check_recipient_access ${mappedFile "reject_recipients"}" #"check_recipient_access ${mappedFile "reject_recipients"}"
@ -135,23 +124,23 @@ in {
# strong might suffice and is computationally less expensive # strong might suffice and is computationally less expensive
smtpd_tls_eecdh_grade = "ultra"; smtpd_tls_eecdh_grade = "ultra";
# Disable obselete protocols # Only Alow Modern TLS
smtpd_tls_protocols = tls_allowed;
smtp_tls_protocols = tls_allowed; smtp_tls_protocols = tls_allowed;
smtpd_tls_mandatory_protocols = tls_allowed; smtpd_tls_protocols = tls_allowed;
smtp_tls_mandatory_protocols = tls_allowed; smtp_tls_mandatory_protocols = tls_allowed;
smtpd_tls_mandatory_protocols = tls_allowed;
# Disable Old Ciphers
smtp_tls_exclude_ciphers = tls_disallow;
smtpd_tls_exclude_ciphers = tls_disallow;
smtp_tls_mandatory_exclude_ciphers = tls_disallow;
smtpd_tls_mandatory_exclude_ciphers = tls_disallow;
smtp_tls_ciphers = "high"; smtp_tls_ciphers = "high";
smtpd_tls_ciphers = "high"; smtpd_tls_ciphers = "high";
smtp_tls_mandatory_ciphers = "high"; smtp_tls_mandatory_ciphers = "high";
smtpd_tls_mandatory_ciphers = "high"; smtpd_tls_mandatory_ciphers = "high";
# Disable deprecated ciphers
smtpd_tls_mandatory_exclude_ciphers = tls_disallow;
smtpd_tls_exclude_ciphers = tls_disallow;
smtp_tls_mandatory_exclude_ciphers = tls_disallow;
smtp_tls_exclude_ciphers = tls_disallow;
tls_preempt_cipherlist = true; tls_preempt_cipherlist = true;
smtpd_tls_auth_only = true; smtpd_tls_auth_only = true;

2
hosts/hetzner-vm/services/mailserver/webmail.nix
View file

@ -10,6 +10,8 @@ in {
$config['smtp_pass'] = "%p"; $config['smtp_pass'] = "%p";
$config['plugins'] = ["managesieve"]; $config['plugins'] = ["managesieve"];
$config['managesieve_host'] = 'tls://${mail_config.fqdn}'; $config['managesieve_host'] = 'tls://${mail_config.fqdn}';
$config['session_lifetime'] = 168;
$config['product_name'] = 'Chaos Mail';
''; '';
}; };
} }